diff --git a/.ci/jenkins-go-agent/Dockerfile b/.ci/jenkins-go-agent/Dockerfile new file mode 100644 index 00000000000..0d3214557c7 --- /dev/null +++ b/.ci/jenkins-go-agent/Dockerfile @@ -0,0 +1,13 @@ +FROM golang:1.14.2 + +RUN \ + apt-get update \ + && apt-get install -y --no-install-recommends \ + zip rsync\ + && rm -rf /var/lib/apt/lists/* + +RUN go get -u github.com/magefile/mage \ + && go get -u github.com/elastic/go-licenser \ + && go get -u -v golang.org/x/tools/cmd/goimports + +ENV GO111MODULE="auto" diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000000..036d7c3b78c --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.DS_Store + +.idea +build +public diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000000..94a0f0d2612 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,347 @@ +# Contributing + +This page is intended for contributors to the registry and packages. + +## Definitions + +### Package + +A package contains the dashboards, visualisations, and configurations to monitor the logs and metrics of a particular technology or group of related services, such as “MySQL”, or “System”. + +The package consists of: + +* Name +* Zero or more dashboards and visualisations and Canvas workpads +* Zero or more ML job definitions +* Zero or more dataset templates + +The package is versioned. + +### Integration + +An integration is a specific type of a _package_ defining datasets used to observe the same product (logs and metrics). + +### Dataset Template + +A dataset template is part of a package and contains all the assets which are needed to create a dataset. Example for assets are: ingest pipeline, agent config template, ES index template, ... + +Dataset templates are inside the package directory under `dataset`. + +The dataset template consists of: + +* An alias templates (or the fields.yml to create it) +* Zero or more ingest pipelines +* An Elastic Agent config template + +### Migration from Beats + +A defined importing procedure used to transform both Filebeat and Metricbeat modules, related to +the same observed product, into a single integration. The integration contains extracted dataset configuration of beat +modules, hence no modules are required to exist anymore. + +## Package structure + +### Elements + +Link: https://github.com/elastic/package-registry/blob/master/ASSETS.md + +### Reference packages + +The following packages can be considered as reference points for all integrations. + +#### Integration: reference + +Link: https://github.com/elastic/package-registry/tree/master/dev/packages/example/reference-1.0.0 + +The directory contains mandatory manifest files defining the integration and its datasets. All manifests have fields +annotated with comments to better understand their goals. + +_Keep in mind that this package doesn't contain all file resources (images, screenshots, icons) referenced in manifests. +Let's assume that they're also there._ + +#### Integration: mysql + +Link: https://github.com/mtojek/package-registry/tree/package-mysql-0.0.2/dev/packages/alpha/mysql-0.0.2 + +The MySQL integration was the first integration built using the [import-beats](https://github.com/elastic/package-registry/tree/master/dev/import-beats) script. +The script imported filesets and metricsets from both MySQL modules, and converted them to a package. + +The MySQL integration contains all parts that should be present (or are required) in the integration package. + +After using the _import-beats_ script, the integration has been manually adjusted and extended with dedicated docs. + +## Create a new integration + +This section describes steps required to build a new integration. If you plan to prepare the integration +with a product unsupported by [Beats](https://github.com/elastic/beats), feel free to skip the section about importing +existing modules. + +### Import from existing modules + +The import procedure heavily uses on the _import-beats_ script. If you are interested how does it work internally, +feel free to review the script's [README](https://github.com/elastic/package-registry/blob/master/dev/import-beats/README.md). + +1. Create an issue in the [package-registry](https://github.com/elastic/package-registry) to track ongoing progress with + the integration (especially manual changes). + + Focus on the one particular product (e.g. MySQL, ActiveMQ) you would like to integrate with. + Use this issue to mention every manual change that has been applied. It will help in adjusting the `import-beats` + script and reviewing the integration. + +2. Prepare the developer environment: + 1. Clone/refresh the following repositories: + * https://github.com/elastic/beats + * https://github.com/elastic/ecs + * https://github.com/elastic/eui + * https://github.com/elastic/kibana + + Make sure you don't have any manual changes applied as they will reflect on the integration. + 2. Clone/refresh the Elastic Package Registry (EPR) to always use the latest version of the script: + * https://github.com/elastic/package-registry + 3. Make sure you've the `mage` tool installed: + ```bash + $ go get -u -d github.com/magefile/mage + ``` +3. Boot up required dependencies: + 1. Elasticseach instance: + * Kibana's dependency + 2. Kibana instance: + * used to migrate dashboards, if not available, you can skip the generation (`SKIP_KIBANA=true`) + + _Hint_. There is dockerized environment in beats (`cd testing/environments`). Boot it up with the following command: + `docker-compose -f snapshot.yml -f local.yml up --force-recreate elasticsearch kibana`. +4. Create a new branch for the integration in `package-registry` repository (diverge from master). +5. Run the command: `mage ImportBeats` to start the import process. + + The outcome of running the `import-beats` script is directory with refreshed and updated integrations. + + It will take a while to finish, but the console output should be updated frequently to track the progress. + The command must end up with the exit code 0. Kindly please to open an issue if it doesn't. + + Generated packages are stored by default in the `dev/packages/beats` directory. Generally, the import process + updates all of the integrations, so don't be surprised if you notice updates to multiple integrations, including + the one you're currently working on (e.g. `dev/packages/beats/foobarbaz-0.0.1`). You can either commit this changes + or leave them for later. + + If you want to select a subgroup of packages, set the environment variable `PACKAGES` (comma-delimited list): + + ```bash + $ PACKAGES=aws,cisco mage ImportBeats + ``` + +6. Copy the package output for your integration (e.g. `dev/packages/beats/foobarbaz-0.0.1`) to the _alpha_ directory and + raise the version manually: `dev/packages/alpha/foobarbaz-0.0.2`. + +### Fine-tune the integration + +#### Motivation + +Most of migration work has been done by the `import-beats` script, but there're tasks that require developer's +interaction. + +It may happen that your integration misses a screenshot or an icon, it's a good moment to add missing resources to +Beats/Kibana repositories and re-import the integration (idempotent). + +#### Checklist + +The order of action items on the checklist is advised to prevent the contributor from repeating some actions (fixing +what's been already fixed, as the script has overridden part of it). + +1. Add icon if missing. + + The integration icons are presented in different places in Kibana, hence it's better to define custom icons to make + the UI easier to navigate. + + As the `import-beats` script looks for icons in Kibana and EUI repositories, add an icon to the first one the same + way as for tutorial resources (Kibana directory: `src/legacy/core_plugins/kibana/public/home/tutorial_resources/logos/`). + +2. Add screenshot if missing. + + The Kibana Integration Manager shows screenshots related with the integration. Screenshots present Kibana + dashboards visualizing the metric/log data. + + The `import-beats` script finds references to screenshots mentioned in `_meta/docs.asciidoc` and copies image files + from the Beats directories: + * `metricbeat/docs/images` + * `filebeat/docs/images` + +3. Improve/correct spelling product names. + + The correct spelling of product names simply makes better impression. The `import-beats` scripts uses the `fields.yml` + file as the source of the correct spelling (`title` property), e.g. Mysql - MySQL, Nginx - NGINX, Aws - AWS. + + Keep in mind that this step requires reimporting package contents. + +4. Write README template file for the integration. + + The README template is used to render the final README file including exported fields. The template should be placed + in the `dev/import-beats-resources//docs/README.md`. + + Review the MySQL docs template to see how to use template functions (e.g. `{{fields "dataset-name"}}`). + If the same dataset name is used in both metrics and logs, please add `-metrics` and `-logs` in the template. For example, `elb` is a dataset for log and also a dataset for metrics. In README.md template, `{{fields "elb-logs"}}` and `{{fields "elb-metrics"}}` are used to separate them. + +5. Review fields file and exported fields in docs. + + The goal of this action item is to verify if produced artifacts are correct. + + The fields files (package-fields.yml, fields.yml and ecs.yml) in the package were created from original fields.yml + files (that may contain ECS schema fields) and fields.epr.yml (defining some other fields used in the ingest + pipeline). It may happen that original sources have a typo, bad description or misses a field definition. + The sum of fields in all present files should contain only fields that are really used, e.g. not all existing ECS + fields. + + It may happen that the ingest pipeline uses fields abstracted from ECS, but not mentioned in `fields.yml`. + Integrations should contain these fields and also have them documented. + + See the PR https://github.com/elastic/beats/pull/17895 to understand how to add them to Beats (e.g. `event.code`, + `event.provider`) using the `fields.epr.yml` file. + +6. Metricbeat: add missing configuration options. + + The `import-beats` script extracts configuration options from Metricbeat module's `_meta` directory. It analyzes + the configuration files and selects options based on enabled metricsets (not commented). If you notice that some + configuration options are missing in your package's manifest files, simply create the `config.epr.yml` file with all + required options. + + Sample PR: https://github.com/elastic/beats/pull/17323 + +7. Review _titles_ and _descriptions_ in manifest files. + + Titles and descriptions are fields visualized in the Kibana UI. Most users will use them to see how to configure + the integration with their installation of a product or to how to use advanced configuration options. + +8. Compact configuration options (vars). + + Currently, all configuration options are set by the `import-beats` script on the stream level + (path: `dataset//manifest.yml`). + + It may happen that some of them in different datasets are simply duplicates or concern the same setting, which + will be always equal (e.g. MySQL username, password). Keep in mind that two datasets may have the same configuration + option, but different values (e.g. `period`, `paths`), hence can't be compacted. + + To sum up, compacting takes down from the user the necessity to setup the same configuration option few times (one + per dataset). + +9. Define all variable properties. + + The variable properties customize visualization of configuration options in the Kibana UI. Make sure they're + defined in all manifest files. + +```yaml + vars: + - name: paths + required: true + show_user: true + title: Access log paths + description: Paths to the nginx access log file. + type: text + multi: true + default: + - /var/log/nginx/access.log* +``` + +**required** - option is required + +**show_user** - don't hide the configuration option (collapsed menu) + +**title** - human readable variable name + +**description** - variable description (may contain some details) + +**type** - field type (according to the reference: text, password, bool, integer) + +**multi** - the field has mutliple values. + +10. Review stream configuration. + + Due to changed templating engine from a standard Golang one to [handlebars](https://handlebarsjs.com/), it may be + hard to automatically convert the Filebeat input configuration (nested variables, many representations, conditions, + loops). Kindly please to review the output stream configuration and review potential bugs. + +11. Update docs template with sample events. + + The events collected by the agent slightly differ from original, Metricbeat's and Filebeat's, ones. Adjust the event + content manually basing on already migrated integrations (e.g. [MySQL integration](https://github.com/elastic/package-registry/tree/master/dev/import-beats-resources/mysql/docs)) + or copy them once managed to run whole setup with real agent. + +12. Kibana: use `stream.dataset` field instead of `event.dataset`. + + Using `stream.dataset` instead of `event.dataset` also makes queries a lot more efficient as this is a + `constant_keyword`. Make sure that dashboards in your package don't use the `event.dataset` field. If so, + simply replace them with the more efficient one. + +## Testing and validation + +### Run the whole setup + +1. Build docker image with EPR: + + ```bash + $ docker build --rm -t docker.elastic.co/package-registry/package-registry:master . + ``` + + +2. Start testing environment: + ```bash + $ cd testing/environments + $ docker-compose -f snapshot.yml -f local.yml up + ``` + + + The command will boot up a docker cluster with Elasticsearch, Kibana and Package Registry. + +3. Verify that your integration is available (in the right version), e.g. MySQL: http://localhost:8080/search?package=mysql + + ```json + [ + { + "description": "MySQL Integration", + "download": "/epr/mysql/mysql-0.0.1.tar.gz", + "icons": [ + { + "src": "/package/mysql/0.0.1/img/logo_mysql.svg", + "title": "logo mysql", + "size": "32x32", + "type": "image/svg+xml" + } + ], + "name": "mysql", + "path": "/package/mysql/0.0.1", + "title": "MySQL", + "type": "integration", + "version": "0.0.1" + } + ] + ``` + +4. Build agent code: + ```bash + $ cd $GOPATH/src/github.com/elastic/beats/x-pack/elastic-agent + $ PLATFORMS=darwin mage package + ``` + + Unpack the distribution you'd like to use (e.g. tar.gz): + ```bash + $ cd build/distributions/ + $ tar xzf elastic-agent-8.0.0-darwin-x86_64.tar.gz + $ cd elastic-agent-8.0.0-darwin-x86_64/ + ``` + +5. Enroll the agent and start it: + + Use the "Enroll new agent" option in the Kibana UI (Ingest Manager -> Fleet -> Create user and enable Fleet) and run a similar command: + + ```bash + $ ./elastic-agent enroll http://localhost:5601/rel cFhNVlZIRUIxYjhmbFhqNTBoS2o6OUhMWkF4SFJRZmFNZTh3QmtvR1cxZw== + $ ./elastic-agent run + ``` + + The `elastic-agent` will start two other processes - `metricbeat` and `filebeat`. + +6. Run the product you're integrating with (e.g. a docker image with MySQL). + +7. Install package. + + Click out the configuration in the Kibana UI, deploy it and wait for the agent to pick out the updated configuration. + +8. Navigate with Kibana UI to freshly installed dashboards, verify the metrics/logs flow. diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 00000000000..70403966518 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,113 @@ +#!/usr/bin/env groovy + +@Library('apm@current') _ + +pipeline { + agent { label 'ubuntu && immutable' } + environment { + BASE_DIR="src/github.com/elastic/package-registry" + JOB_GIT_CREDENTIALS = "f6c7695a-671e-4f4f-a331-acdce44ff9ba" + PIPELINE_LOG_LEVEL='INFO' + DOCKER_REGISTRY = 'docker.elastic.co' + DOCKER_REGISTRY_SECRET = 'secret/observability-team/ci/docker-registry/prod' + DOCKER_IMG = "${env.DOCKER_REGISTRY}/package-registry/package-registry" + } + options { + timeout(time: 1, unit: 'HOURS') + buildDiscarder(logRotator(numToKeepStr: '20', artifactNumToKeepStr: '20', daysToKeepStr: '30')) + timestamps() + ansiColor('xterm') + disableResume() + durabilityHint('PERFORMANCE_OPTIMIZED') + rateLimitBuilds(throttle: [count: 60, durationName: 'hour', userBoost: true]) + quietPeriod(10) + } + triggers { + issueCommentTrigger('(?i).*(?:jenkins\\W+)?run\\W+(?:the\\W+)?tests(?:\\W+please)?.*') + } + stages { + /** + Checkout the code and stash it, to use it on other stages. + */ + stage('Checkout') { + steps { + deleteDir() + gitCheckout(basedir: "${BASE_DIR}") + stash allowEmpty: true, name: 'source', useDefaultExcludes: false + } + } + /** + Checks formatting / linting. + */ + stage('Lint') { + steps { + deleteDir() + unstash 'source' + dir("${BASE_DIR}"){ + insideGo{ + sh(label: 'Checks formatting / linting',script: 'mage -debug check ') + } + } + } + } + /** + Build the project from code.. + */ + stage('Build') { + steps { + deleteDir() + unstash 'source' + dir("${BASE_DIR}"){ + insideGo(){ + sh(label: 'Checks formatting / linting',script: 'mage -debug build ') + } + } + } + } + /** + Execute unit tests. + */ + stage('Test') { + steps { + deleteDir() + unstash 'source' + dir("${BASE_DIR}"){ + insideGo(){ + sh(label: 'Runs the (unit) tests',script: 'mage -debug test ') + } + } + } + post { + always { + junit(allowEmptyResults: true, + keepLongStdio: true, + testResults: "${BASE_DIR}/**/junit-*.xml") + } + } + } + } + post { + success { + echoColor(text: '[SUCCESS]', colorfg: 'green', colorbg: 'default') + } + aborted { + echoColor(text: '[ABORTED]', colorfg: 'magenta', colorbg: 'default') + } + failure { + echoColor(text: '[FAILURE]', colorfg: 'red', colorbg: 'default') + } + unstable { + echoColor(text: '[UNSTABLE]', colorfg: 'yellow', colorbg: 'default') + } + } +} + +def insideGo(Closure body){ + def goAgent = docker.build("go-agent", ".ci/jenkins-go-agent") + goAgent.inside(){ + env.HOME="${WORKSPACE}/${BASE_DIR}" + sh(label: 'Go version', script: 'go version') + sh(label: 'Install Mage', script: 'mage -version') + body() + } +} diff --git a/dev/import-beats-resources/mysql/docs/README.md b/dev/import-beats-resources/mysql/docs/README.md new file mode 100644 index 00000000000..68c1d9555cb --- /dev/null +++ b/dev/import-beats-resources/mysql/docs/README.md @@ -0,0 +1,286 @@ +# MySQL Integration + +This integration periodically fetches logs and metrics from [https://www.mysql.com/](MySQL) servers. + +## Compatibility + +The `error` and `slowlog` datasets were tested with logs from MySQL 5.5, 5.7 and 8.0, MariaDB 10.1, 10.2 and 10.3, and Percona 5.7 and 8.0. + +The `galera_status` and `status` datasets were tested with MySQL and Percona 5.7 and 8.0 and are expected to work with all +versions >= 5.7.0. It is also tested with MariaDB 10.2, 10.3 and 10.4. + +## Logs + +### error + +The `error` dataset collects the MySQL error logs. + +{{fields "error"}} + +### slowlog + +The `slowlog` dataset collects the MySQL slow logs. + +{{fields "slowlog"}} + +## Metrics + +### galera_status + +The `galera_status` dataset periodically fetches metrics from [http://galeracluster.com/](Galera)-MySQL cluster servers. + +An example event for `galera_status` looks as following: + +```$json +{ + "@timestamp":"2020-04-20T12:33:24.613Z", + "mysql":{ + "galera_status":{ + "apply":{ + "oooe":0, + "oool":0, + "window":1 + }, + "connected":"ON", + "flow_ctl":{ + "recv":0, + "sent":0, + "paused":0, + "paused_ns":0 + }, + "ready":"ON", + "received":{ + "count":173, + "bytes":152425 + }, + "local":{ + "state":"Synced", + "bf_aborts":0, + "cert_failures":0, + "commits":1325, + "recv":{ + "queue_max":2, + "queue_min":0, + "queue":0, + "queue_avg":0.011561 + }, + "replays":0, + "send":{ + "queue_min":0, + "queue":0, + "queue_avg":0, + "queue_max":1 + } + }, + "evs":{ + "evict":"", + "state":"OPERATIONAL" + }, + "repl":{ + "bytes":1689804, + "data_bytes":1540647, + "keys":4170, + "keys_bytes":63973, + "other_bytes":0, + "count":1331 + }, + "commit":{ + "oooe":0, + "window":1 + }, + "cluster":{ + "conf_id":930, + "size":3, + "status":"Primary" + }, + "last_committed":23944, + "cert":{ + "deps_distance":43.524557, + "index_size":22, + "interval":0 + } + } + }, + "fields":{ + "stream":{ + "type":"metrics", + "dataset":"mysql.galera_status", + "namespace":"default" + } + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "hostname":"MacBook-Elastic.local", + "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6", + "version":"8.0.0", + "type":"metricbeat", + "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f" + }, + "event":{ + "dataset":"mysql.galera_status", + "module":"mysql", + "duration":3275482 + }, + "metricset":{ + "name":"galera_status", + "period":10000 + }, + "service":{ + "address":"127.0.0.1:3306", + "type":"mysql" + } +} +``` + +The fields reported are: + +{{fields "galera_status"}} + +### status + +The MySQL `status` dataset collects data from MySQL by running a `SHOW GLOBAL STATUS;` SQL query. This query returns a large number of metrics. + +An example event for `status` looks as following: + +```$json +{ + "@timestamp":"2020-04-20T12:32:54.614Z", + "mysql":{ + "status":{ + "max_used_connections":3, + "queries":479, + "handler":{ + "prepare":0, + "savepoint":0, + "update":0, + "delete":0, + "read":{ + "rnd_next":59604, + "first":8, + "key":6, + "last":0, + "next":1, + "prev":0, + "rnd":0 + }, + "rollback":0, + "write":0, + "commit":5, + "savepoint_rollback":0, + "external_lock":552, + "mrr_init":0 + }, + "aborted":{ + "clients":0, + "connects":0 + }, + "threads":{ + "running":2, + "cached":1, + "created":3, + "connected":2 + }, + "flush_commands":1, + "created":{ + "tmp":{ + "disk_tables":0, + "files":6, + "tables":0 + } + }, + "connections":159, + "command":{ + "insert":0, + "select":155, + "update":0, + "delete":0 + }, + "opened_tables":122, + "binlog":{ + "cache":{ + "use":0, + "disk_use":0 + } + }, + "delayed":{ + "writes":0, + "errors":0, + "insert_threads":0 + }, + "questions":479, + "innodb":{ + "buffer_pool":{ + "read":{ + "ahead_rnd":0, + "requests":1488, + "ahead":0, + "ahead_evicted":0 + }, + "pool":{ + "wait_free":0, + "reads":405 + }, + "write_requests":325, + "bytes":{ + "data":7176192, + "dirty":0 + }, + "pages":{ + "dirty":0, + "flushed":36, + "free":7753, + "misc":0, + "total":8191, + "data":438 + } + } + }, + "bytes":{ + "received":38468, + "sent":1622162 + }, + "open":{ + "streams":0, + "tables":115, + "files":14 + } + } + }, + "event":{ + "dataset":"mysql.status", + "module":"mysql", + "duration":4708776 + }, + "metricset":{ + "name":"status", + "period":10000 + }, + "fields":{ + "stream":{ + "type":"metrics", + "dataset":"mysql.status", + "namespace":"default" + } + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6", + "version":"8.0.0", + "type":"metricbeat", + "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f", + "hostname":"MacBook-Elastic.local" + }, + "service":{ + "address":"127.0.0.1:3306", + "type":"mysql" + } +} +``` + +The fields reported are: + +{{fields "status"}} diff --git a/dev/import-beats-resources/nginx/docs/README.md b/dev/import-beats-resources/nginx/docs/README.md new file mode 100644 index 00000000000..323b2be4e18 --- /dev/null +++ b/dev/import-beats-resources/nginx/docs/README.md @@ -0,0 +1,102 @@ +# Nginx Integration + +This integration periodically fetches metrics from [https://nginx.org/](Nginx) servers. It can parse access and error +logs created by the HTTP server. + +## Compatibility + +The Nginx `stubstatus` metrics was tested with Nginx 1.9 and are expected to work with all version >= 1.9. +The logs were tested with version 1.10. +On Windows, the module was tested with Nginx installed from the Chocolatey repository. + +## Logs + +**Timezone support** + +This datasource parses logs that don’t contain timezone information. For these logs, the Elastic Agent reads the local +timezone and uses it when parsing to convert the timestamp to UTC. The timezone to be used for parsing is included +in the event in the `event.timezone` field. + +To disable this conversion, the event.timezone field can be removed with the drop_fields processor. + +If logs are originated from systems or applications with a different timezone to the local one, the `event.timezone` +field can be overwritten with the original timezone using the add_fields processor. + +### Access Logs + +Access logs collects the nginx access logs. + +{{fields "access"}} + +### Error Logs + +Error logs collects the nginx error logs. + +{{fields "error"}} + +### Ingress Controller Logs + +Error logs collects the ingress controller logs. + +{{fields "ingress_controller"}} + +## Metrics + +### Stub Status Metrics + +The Nginx stubstatus stream collects data from the Nginx `ngx_http_stub_status` module. It scrapes the server status +data from the web page generated by ngx_http_stub_status. + +This is a default stream. If the host datasource is unconfigured, this stream is enabled by default. + +An example event for nginx looks as following: + +```$json +{ + "@timestamp":"2020-04-28T11:07:58.223Z", + "service":{ + "type":"nginx", + "address":"127.0.0.1:8081" + }, + "nginx":{ + "stubstatus":{ + "waiting":0, + "hostname":"127.0.0.1:8081", + "dropped":0, + "writing":1, + "handled":7339, + "requests":7411, + "reading":0, + "accepts":7339, + "current":10, + "active":1 + } + }, + "stream":{ + "namespace":"default", + "type":"metrics", + "dataset":"nginx.stubstatus" + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "type":"metricbeat", + "ephemeral_id":"8eb07b4f-df58-4794-8e00-60f1443f33b6", + "hostname":"MacBook-Elastic.local", + "id":"e47f6e4d-5277-46f3-801d-221c7584c604", + "version":"8.0.0" + }, + "event":{ + "module":"nginx", + "duration":1112095, + "dataset":"nginx.stubstatus" + }, + "metricset":{ + "period":10000, + "name":"stubstatus" + } +} +``` + +{{fields "stubstatus"}} diff --git a/dev/import-beats-resources/redis/docs/README.md b/dev/import-beats-resources/redis/docs/README.md new file mode 100644 index 00000000000..e5393c03ca3 --- /dev/null +++ b/dev/import-beats-resources/redis/docs/README.md @@ -0,0 +1,80 @@ +# Redis Integration + +This integration periodically fetches logs and metrics from [https://redis.io/](Redis) servers. + +## Compatibility + +The `log` and `slowlog` datasets were tested with logs from Redis versions 1.2.6, 2.4.6, and 3.0.2, so we expect +compatibility with any version 1.x, 2.x, or 3.x. + +The `info`, `key` and `keyspace` datasets were tested with Redis 3.2.12, 4.0.11 and 5.0-rc4, and are expected to work +with all versions >= 3.0. + +## Logs + +### log + +The `log` dataset collects the Redis standard logs. + +{{fields "log"}} + +### slowlog + +The `slowlog` dataset collects the Redis slow logs. + +{{fields "log"}} + +## Metrics + +### info + +The `info` dataset collects information and statistics from Redis by running the `INFO` command and parsing the returned +result. + +An example event for `info` looks as following: + +```$json +TODO +``` + +The fields reported are: + +{{fields "info"}} + +### key + +The `key` dataset collects information about Redis keys. + +For each key matching one of the configured patterns, an event is sent to Elasticsearch with information about this key, +what includes the type, its length when available, and its TTL. + +Patterns are configured as a list containing these fields: + +* `pattern` (required): pattern for key names, as accepted by the Redis KEYS or SCAN commands. +* `limit` (optional): safeguard when using patterns with wildcards to avoid collecting too many keys (Default: 0, no limit) +* `keyspace` (optional): Identifier of the database to use to look for the keys (Default: 0) + +An example event for `key` looks as following: + +```$json +TODO +``` + +The fields reported are: + +{{fields "key"}} + +### keyspace + +The `keyspace` dataset collects information about the Redis keyspaces. For each keyspace, an event is sent to +Elasticsearch. The keyspace information is fetched from the `INFO` command. + +An example event for `keyspace` looks as following: + +```$json +TODO +``` + +The fields reported are: + +{{fields "keyspace"}} diff --git a/dev/import-beats/README.md b/dev/import-beats/README.md new file mode 100644 index 00000000000..8341cf4a413 --- /dev/null +++ b/dev/import-beats/README.md @@ -0,0 +1,195 @@ +# import-beats + +The script is responsible for importing existing beats modules and transforming +them into integration packages compatible with Elastic Package Registry (EPR). + +The `import-beats` script depends on active Kibana instance, which is used to +migrate existing dashboards to a newer version. + +## Usage + +```bash +$ mage ImportBeats +``` + +... or using `go run` (no need to install `mage`): + +```bash +$ go run dev/import-beats/*.go -help +Usage of /var/folders/gz/dht4sjdx5w9f72knybys10zw0000gn/T/go-build777100057/b001/exe/agent: + -beatsDir string + Path to the beats repository (default "../beats") + -ecsDir string + Path to the Elastic Common Schema repository (default "../ecs") + -euiDir string + Path to the Elastic UI framework repository (default "../eui") + -kibanaDir string + Path to the kibana repository (default "../kibana") + -kibanaHostPort string + Kibana host and port (default "http://localhost:5601") + -kibanaPassword string + Kibana password (default "changeme") + -kibanaUsername string + Kibana username (default "elastic") + -outputDir string + Path to the output directory (default "dev/packages/beats") + -skipKibana + Skip storing Kibana objects +``` + +## Import all packages + +1. Make sure that the following repositories have been fetched locally: +https://github.com/elastic/beats +https://github.com/elastic/ecs +https://github.com/elastic/eui +https://github.com/elastic/kibana +2. Make sure you've the `mage` tool installed. +3. Start Kibana server (make sure the endpoint is accessible: http://localhost:5601/) +4. Run the importing procedure with the following command: + +```bash +$ mage ImportBeats +``` + +## Package import procedure + +This section describes next steps of the `import-beats` script that are performed to build integration packages in +the output directory. + +Keep in mind that the script doesn't clean previously created artifacts, so you may encounter leftovers (detached +dashboards, renamed ingest pipeline, etc.). If you need to preserve a clean state in the output directory (which is +versioned), remove its content before executing the script. + +The script requires few repositories (Kibana, EUI, etc.) to be present, but doesn't require to execute any of build +targets. It depends only on the existing, version content, so simple `git clone` should be enough. + +### Package repository + +The package repository is responsible for building packages - loading package data from sources (Beats modules, Kibana +resources, etc.) and writing them to disk. It supports two types of beats - **logs** and **metrics**. + +#### Load input data from sources + +The script needs to visit and process input data from [beats](https://github.com/elastic/beats), generally logs and +metrics modules. + +Starting with modules, it collects and processes information about module fields, release type, icons, screenshots, +Kibana dashboards and docs. While browsing datasets content, it focuses on fields specific for the dataset, release +type, ingestion pipeline, stream and agent configuration. + +##### Fields + +Fields are extracted from `fields.yml` files and divided into 3 buckets - ECS fields, module fields +and package fields. + +##### Integration title + +The correct spelling makes better impression on users, so the scripts uses `title` property in the module fields +as the proper form. Remember to adjust this value if working on the migration from Beats. + +##### Release type + +Values: _beta, experimental, ga_ + +~~The value depends on definitions in module and dataset fields. The scripts determines the correct release type +for dataset, depending on overall release status for module (e.g. dataset can't be annotated as GA if the entire module +is in beta).~~ + +Currently, all imported packages are created with default value - experimental. + +##### Images + +The script supports two kinds of images - **icons** and **screenshots**. Even though they're stored in different media +formats, they're analyzed to prepare a metadata information (title, size and media type). + +###### Icons + +The icons are loaded from the following sources: Kibana home tutorials and Elastic UI. Icons must be in SVG format and +have defined dimensions (information stored in manifest, used by Kibana). Keep in mind that only icon files referenced +in tutorials are processed. + +###### Screenshots + +The script parses module docs to find and collect all references to screenshots showing Kibana dashboards. + +##### Kibana dashboards + +The script performs a convertion of all existing Kibana dashboards into new format. Packages stores Kibana objects +divided into buckets based on the object type (e.g. dashboards, visualizations, maps). + +Many existing dashboards are compliant with earlier Kibana versions hence they're loaded to the Kibana instance to let +it migrate to the newer format (Kibana instance must be accessible during the importing process). + +Every Kibana object needs to be stored in a decoded form (unpacked JSON format) as it's easier to find changes between +particular revisions. + +There is also a change related to the `event.module` field - the field is no longer available in the integration. +The script adjusts dashboards automatically by replacing all references with a special clause including all datasets, +e.g.: + +_The module "duck" contains 3 datasets: foo, bar, baz._ + +The `event.module = duck` will be transformed into +`(event.dataset = duck.foo OR event.dataset = duck.bar OR event.dataset = duck.baz)`. + +##### Dependency requirements + +The scripts parses available Kibana objects for information about supported versions and determines what is +the minimal required Kibana version. + +The required version of the Elasticsearch is hardcoded (`>7.0.1`). + +##### Documentation + +Documentation in the Beats repository refers to modules, metricsets and filesets. Unfortunately it doesn't fit +well in the concept of integrations, so all documentation pages need to be adjusted. + +Every integration may have a doc template defined, so that the script can pick it up while building packages. +The template can refer to functions, e.g. to render a table with fields used by a dataset. + +##### Ingest pipelines + +If the fileset used an ingest pipeline, the script includes it in the target package, but renamed to `default.json` or +`default.yml`. + +##### Streams + +Stream configuration defines available Metricbeat and Filebeat settings used to reconfigure the integration. + +Depending on the dataset type, the configuration can be imported from the following files: `_meta/config.*.yml` +for Metricbeat or `manifest.yml` for Filebeat. The new format provides additional properties (required, show_user, +title, multi), which can be used to provide better user experience in Kibana UI. Unfortunately the script can't +detect these properties automatically, so manual adjustments will be required. + +Metricbeat configuration might be hard to extract because of missing variable definitions (`_meta/config.*.yml` are +like samples). The script analyzes the `_meta/config.*.yml` files and tries to deduce, which variables belong to +particular metricsets. + +##### Agent configuration + +The agent configuration is a template used by Kibana to prepare the final configuration deployed on agents. The script +needs to convert the Beats configuration as the templating engine has changed from the standard Golang one to +the [handlebarsjs](https://handlebarsjs.com/). The script doesn't run any advanced syntax analysis and bases only on +simple find-and-replace functions (which actually covers vast majority of cases). + +At the moment, a developer is obliged to verify the convertion result. + +#### Write package content to disk + +The script writes down all packages to the specified output directory. As it doesn't remove existing resources, it's +safer to clean the output directory first. This is the moment when copying resources, rendering doc templates and +creating required directories happens. + +At the moment all packages are annotated with version `0.0.1`. + +## Troubleshooting + +### Importing process takes too long + +While developeing, you can try to perform the migration with skipping migration of all Kibana objects, +as this is the most time consuming part of whole process: + +```bash +$ SKIP_KIBANA=true mage ImportBeats +``` diff --git a/dev/import-beats/agent.go b/dev/import-beats/agent.go new file mode 100644 index 00000000000..6dc983c1254 --- /dev/null +++ b/dev/import-beats/agent.go @@ -0,0 +1,78 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "fmt" + "strings" + + "github.com/elastic/package-registry/util" +) + +type agentContent struct { + streams []streamContent +} + +type streamContent struct { + targetFileName string + body []byte +} + +func extractInputConfigFilename(configFilePath string) string { + i := strings.LastIndex(configFilePath, "/") + return configFilePath[i+1:] +} + +func createAgentContentForMetrics(moduleName, datasetName string, streams []util.Stream) (agentContent, error) { + inputName := moduleName + "/metrics" + vars := extractVarsFromStream(streams, inputName) + + var buffer bytes.Buffer + buffer.WriteString(fmt.Sprintf("metricsets: [\"%s\"]\n", datasetName)) + + for _, aVar := range vars { + variableName := aVar.Name + + if !isAgentConfigOptionRequired(variableName) { + buffer.WriteString(fmt.Sprintf("{{#if %s}}\n", variableName)) + } + + if isArrayConfigOption(variableName) { + buffer.WriteString(fmt.Sprintf("%s:\n{{#each %s}}\n - {{this}}\n{{/each}}\n", variableName, variableName)) + } else { + buffer.WriteString(fmt.Sprintf("%s: {{%s}}\n", variableName, variableName)) + } + + if !isAgentConfigOptionRequired(variableName) { + buffer.WriteString("{{/if}}\n") + } + } + return agentContent{ + streams: []streamContent{ + { + targetFileName: "stream.yml.hbs", + body: buffer.Bytes(), + }, + }, + }, nil +} + +func extractVarsFromStream(streams []util.Stream, inputName string) []util.Variable { + for _, stream := range streams { + if stream.Input == inputName { + return stream.Vars + } + } + return []util.Variable{} +} + +func isAgentConfigOptionRequired(optionName string) bool { + return optionName == "hosts" || optionName == "period" +} + +func isArrayConfigOption(optionName string) bool { + return optionName == "hosts" +} diff --git a/dev/import-beats/common.go b/dev/import-beats/common.go new file mode 100644 index 00000000000..44d96b2ea6d --- /dev/null +++ b/dev/import-beats/common.go @@ -0,0 +1,175 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "errors" + "fmt" + "strings" +) + +// Source code origin: +// github.com/elastic/beats/libbeat/common/mapstr.go + +var ( + // errKeyNotFound indicates that the specified key was not found. + errKeyNotFound = errors.New("key not found") +) + +type mapStr map[string]interface{} + +// getValue gets a value from the map. If the key does not exist then an error +// is returned. +func (m mapStr) getValue(key string) (interface{}, error) { + _, _, v, found, err := mapFind(key, m, false) + if err != nil { + return nil, err + } + if !found { + return nil, errKeyNotFound + } + return v, nil +} + +// put associates the specified value with the specified key. If the map +// previously contained a mapping for the key, the old value is replaced and +// returned. The key can be expressed in dot-notation (e.g. x.y) to put a value +// into a nested map. +// +// If you need insert keys containing dots then you must use bracket notation +// to insert values (e.g. m[key] = value). +func (m mapStr) put(key string, value interface{}) (interface{}, error) { + // XXX `safemapstr.Put` mimics this implementation, both should be updated to have similar behavior + k, d, old, _, err := mapFind(key, m, true) + if err != nil { + return nil, err + } + + d[k] = value + return old, nil +} + +// delete deletes the given key from the map. +func (m mapStr) delete(key string) error { + k, d, _, found, err := mapFind(key, m, false) + if err != nil { + return err + } + if !found { + return errKeyNotFound + } + + delete(d, k) + return nil +} + +// flatten flattens the given MapStr and returns a flat MapStr. +// +// Example: +// "hello": MapStr{"world": "test" } +// +// This is converted to: +// "hello.world": "test" +// +// This can be useful for testing or logging. +func (m mapStr) flatten() mapStr { + return flatten("", m, mapStr{}) +} + +// mapFind iterates a mapStr based on a the given dotted key, finding the final +// subMap and subKey to operate on. +// An error is returned if some intermediate is no map or the key doesn't exist. +// If createMissing is set to true, intermediate maps are created. +// The final map and un-dotted key to run further operations on are returned in +// subKey and subMap. The subMap already contains a value for subKey, the +// present flag is set to true and the oldValue return will hold +// the original value. +func mapFind( + key string, + data mapStr, + createMissing bool, +) (subKey string, subMap mapStr, oldValue interface{}, present bool, err error) { + // XXX `safemapstr.mapFind` mimics this implementation, both should be updated to have similar behavior + + for { + // Fast path, key is present as is. + if v, exists := data[key]; exists { + return key, data, v, true, nil + } + + idx := strings.IndexRune(key, '.') + if idx < 0 { + return key, data, nil, false, nil + } + + k := key[:idx] + d, exists := data[k] + if !exists { + if createMissing { + d = mapStr{} + data[k] = d + } else { + return "", nil, nil, false, errKeyNotFound + } + } + + v, err := toMapStr(d) + if err != nil { + return "", nil, nil, false, err + } + + // advance to sub-map + key = key[idx+1:] + data = v + } +} + +// flatten is a helper for Flatten. See docs for flatten. For convenience the +// out parameter is returned. +func flatten(prefix string, in, out mapStr) mapStr { + for k, v := range in { + var fullKey string + if prefix == "" { + fullKey = k + } else { + fullKey = prefix + "." + k + } + + if m, ok := tryToMapStr(v); ok { + flatten(fullKey, m, out) + } else { + out[fullKey] = v + } + } + return out +} + +// tomapStr performs a type assertion on v and returns a mapStr. v can be either +// a mapStr or a map[string]interface{}. If it's any other type or nil then +// an error is returned. +func toMapStr(v interface{}) (mapStr, error) { + m, ok := tryToMapStr(v) + if !ok { + return nil, fmt.Errorf("expected map but type is %v", v) + } + return m, nil +} + +func tryToMapStr(v interface{}) (mapStr, bool) { + switch m := v.(type) { + case mapStr: + return m, true + case map[string]interface{}: + return m, true + case map[interface{}]interface{}: + n := map[string]interface{}{} + for k, v := range m { + n[k.(string)] = v + } + return n, true + default: + return nil, false + } +} diff --git a/dev/import-beats/datasets.go b/dev/import-beats/datasets.go new file mode 100644 index 00000000000..cc9831a2373 --- /dev/null +++ b/dev/import-beats/datasets.go @@ -0,0 +1,137 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + + "github.com/pkg/errors" + + "github.com/elastic/package-registry/util" +) + +type datasetContent struct { + name string + beatType string + + manifest util.DataSet + + agent agentContent + elasticsearch elasticsearchContent + fields fieldsContent +} + +type datasetContentArray []datasetContent + +func (dca datasetContentArray) names() []string { + var names []string + for _, dc := range dca { + names = append(names, dc.name) + } + return names +} + +type datasetManifestMultiplePipelines struct { + IngestPipeline []string `yaml:"ingest_pipeline"` +} + +type datasetManifestSinglePipeline struct { + IngestPipeline string `yaml:"ingest_pipeline"` +} + +func createDatasets(beatType, modulePath, moduleName, moduleTitle, moduleRelease string, moduleFields []fieldDefinition, + filteredEcsModuleFieldNames []string, ecsFields fieldDefinitionArray) (datasetContentArray, error) { + datasetDirs, err := ioutil.ReadDir(modulePath) + if err != nil { + return nil, errors.Wrapf(err, "cannot read module directory %s", modulePath) + } + + var contents []datasetContent + for _, datasetDir := range datasetDirs { + if !datasetDir.IsDir() { + continue + } + datasetName := datasetDir.Name() + + if datasetName == "_meta" { + continue + } + + datasetPath := filepath.Join(modulePath, datasetName) + _, err := os.Stat(filepath.Join(datasetPath, "_meta")) + if os.IsNotExist(err) { + _, err = os.Stat(filepath.Join(datasetPath, "manifest.yml")) + if os.IsNotExist(err) { + log.Printf("\t%s: not a valid dataset, skipped", datasetName) + continue + } + } + + log.Printf("\t%s: dataset found", datasetName) + + // fields + datasetFields, err := loadDatasetFields(modulePath, moduleName, datasetName) + if err != nil { + return nil, errors.Wrapf(err, "loading dataset fields failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + datasetFields, filteredEcsDatasetFieldNames, err := filterMigratedFields(datasetFields, ecsFields.names()) + if err != nil { + return nil, errors.Wrapf(err, "filtering uncommon migrated failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + + foundEcsFieldNames := uniqueStringValues(append(filteredEcsModuleFieldNames, filteredEcsDatasetFieldNames...)) + ecsFields := filterEcsFields(ecsFields, foundEcsFieldNames) + + fieldsFiles := map[string]fieldDefinitionArray{} + if len(ecsFields) > 0 { + fieldsFiles["ecs.yml"] = ecsFields + } + if len(moduleFields) > 0 { + fieldsFiles["package-fields.yml"] = moduleFields + } + if len(datasetFields) > 0 { + fieldsFiles["fields.yml"] = datasetFields + } + fields := fieldsContent{ + files: fieldsFiles, + } + + // elasticsearch + elasticsearch, err := loadElasticsearchContent(datasetPath) + if err != nil { + return nil, errors.Wrapf(err, "loading elasticsearch content failed (datasetPath: %s)", datasetPath) + } + + // streams and agents + streams, agent, err := createStreams(modulePath, moduleName, moduleTitle, datasetName, beatType) + if err != nil { + return nil, errors.Wrapf(err, "creating streams failed (datasetPath: %s)", datasetPath) + } + + // manifest + manifest := util.DataSet{ + Title: fmt.Sprintf("%s %s %s", moduleTitle, datasetName, beatType), + Release: "experimental", + Type: beatType, + Streams: streams, + } + + contents = append(contents, datasetContent{ + name: datasetName, + beatType: beatType, + manifest: manifest, + agent: agent, + elasticsearch: elasticsearch, + fields: fields, + }) + } + return contents, nil +} diff --git a/dev/import-beats/datasources.go b/dev/import-beats/datasources.go new file mode 100644 index 00000000000..e1e2a80289f --- /dev/null +++ b/dev/import-beats/datasources.go @@ -0,0 +1,136 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "sort" + "strings" + + "github.com/elastic/package-registry/util" +) + +type datasourceContent struct { + moduleName string + moduleTitle string + + inputs map[string]datasourceInput // map[inputType].. +} + +type datasourceInput struct { + datasetNames []string + packageType string + vars []util.Variable +} + +func (ds datasourceContent) toMetadataDatasources() []util.Datasource { + var packageTypes []string + for _, input := range ds.inputs { + packageTypes = append(packageTypes, input.packageType) + } + sort.Strings(packageTypes) + + var title, description string + if len(ds.inputs) == 2 { + title = toDatasourceTitleForTwoTypes(ds.moduleTitle, packageTypes[0], packageTypes[1]) + description = toDatasourceDescriptionForTwoTypes(ds.moduleTitle, packageTypes[0], packageTypes[1]) + } else { + title = toDatasourceTitle(ds.moduleTitle, packageTypes[0]) + description = toDatasourceDescription(ds.moduleTitle, packageTypes[0]) + } + + var inputs []util.Input + for _, packageType := range packageTypes { + for inputType, input := range ds.inputs { + if input.packageType == packageType { + inputs = append(inputs, util.Input{ + Type: inputType, + Title: toDatasourceInputTitle(ds.moduleTitle, packageType), + Description: toDatasourceInputDescription(ds.moduleTitle, packageType, ds.inputs[inputType].datasetNames), + Vars: input.vars, + }) + } + } + } + return []util.Datasource{ + { + Name: ds.moduleName, + Title: title, + Description: description, + Inputs: inputs, + }, + } +} + +type updateDatasourcesParameters struct { + moduleName string + moduleTitle string + packageType string + + datasetNames []string + inputVars map[string][]util.Variable +} + +func updateDatasource(dsc datasourceContent, params updateDatasourcesParameters) (datasourceContent, error) { + dsc.moduleName = params.moduleName + dsc.moduleTitle = params.moduleTitle + + if dsc.inputs == nil { + dsc.inputs = map[string]datasourceInput{} + } + + inputType := params.packageType + if inputType == "metrics" { + inputType = fmt.Sprintf("%s/%s", dsc.moduleName, inputType) + } + + dsc.inputs[inputType] = datasourceInput{ + datasetNames: params.datasetNames, + packageType: params.packageType, + vars: params.inputVars[inputType], + } + return dsc, nil +} + +func toDatasourceTitle(moduleTitle, packageType string) string { + return fmt.Sprintf("%s %s", moduleTitle, packageType) +} + +func toDatasourceDescription(moduleTitle, packageType string) string { + return fmt.Sprintf("Collect %s from %s instances", packageType, moduleTitle) +} + +func toDatasourceTitleForTwoTypes(moduleTitle, firstPackageType, secondPackageType string) string { + return fmt.Sprintf("%s %s and %s", moduleTitle, firstPackageType, secondPackageType) +} + +func toDatasourceDescriptionForTwoTypes(moduleTitle, firstPackageType, secondPackageType string) string { + return fmt.Sprintf("Collect %s and %s from %s instances", firstPackageType, secondPackageType, moduleTitle) +} + +func toDatasourceInputTitle(moduleTitle, packageType string) string { + return fmt.Sprintf("Collect %s from %s instances", packageType, moduleTitle) +} + +func toDatasourceInputDescription(moduleTitle, packageType string, datasets []string) string { + firstPart := datasets[:len(datasets)-1] + secondPart := datasets[len(datasets)-1:] + + var description strings.Builder + description.WriteString("Collecting ") + description.WriteString(moduleTitle) + description.WriteString(" ") + + if len(firstPart) > 0 { + fp := strings.Join(firstPart, ", ") + description.WriteString(fp) + description.WriteString(" and ") + } + + description.WriteString(secondPart[0]) + description.WriteString(" ") + description.WriteString(packageType) + return description.String() +} diff --git a/dev/import-beats/docs.go b/dev/import-beats/docs.go new file mode 100644 index 00000000000..41b4aa0ca11 --- /dev/null +++ b/dev/import-beats/docs.go @@ -0,0 +1,144 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "os" + "path/filepath" + "sort" + "strings" + "text/template" + + "github.com/pkg/errors" +) + +var emptyReadmeTemplate = template.Must(template.New("README.md").Parse("TODO")) + +type fieldsTableRecord struct { + name string + description string + aType string +} + +type docContent struct { + fileName string + templatePath string +} + +func createDocTemplates(packageDocsPath string) ([]docContent, error) { + readmePath := filepath.Join(packageDocsPath, "README.md") + _, err := os.Stat(readmePath) + if err != nil && !os.IsNotExist(err) { + return nil, errors.Wrapf(err, "reading README template failed") + } + if os.IsNotExist(err) { + readmePath = "" + } + return []docContent{ + {fileName: "README.md", templatePath: readmePath}, + }, nil +} + +func renderExportedFields(packageDataset string, datasets datasetContentArray) (string, error) { + for _, dataset := range datasets { + if packageDataset == dataset.name { + var buffer strings.Builder + buffer.WriteString("**Exported fields**") + buffer.WriteString("\n\n") + + collected, err := collectFields(dataset.fields) + if err != nil { + return "", errors.Wrapf(err, "collecting fields failed") + } + + if len(collected) == 0 { + buffer.WriteString("(no fields available)") + return buffer.String(), nil + } + + buffer.WriteString("| Field | Description | Type |\n") + buffer.WriteString("|---|---|---|\n") + for _, c := range collected { + description := strings.TrimSpace(strings.ReplaceAll(c.description, "\n", " ")) + buffer.WriteString(fmt.Sprintf("| %s | %s | %s |\n", c.name, description, c.aType)) + } + return buffer.String(), nil + } + } + return "", fmt.Errorf("missing dataset: %s", packageDataset) +} + +func collectFields(content fieldsContent) ([]fieldsTableRecord, error) { + var records []fieldsTableRecord + for fileName, fieldsFile := range content.files { + r, err := collectFieldsFromFile(fileName, fieldsFile) + if err != nil { + return nil, errors.Wrapf(err, "collecting fields from file failed") + } + records = append(records, r...) + } + + sort.Slice(records, func(i, j int) bool { + return sort.StringsAreSorted([]string{records[i].name, records[j].name}) + }) + return uniqueTableRecords(records), nil +} + +func uniqueTableRecords(records []fieldsTableRecord) []fieldsTableRecord { + fieldNames := make(map[string]bool) + var unique []fieldsTableRecord + for _, r := range records { + if _, ok := fieldNames[r.name]; !ok { + fieldNames[r.name] = true + unique = append(unique, r) + } + } + return unique +} + +func collectFieldsFromFile(fileName string, fieldDefinitions []fieldDefinition) ([]fieldsTableRecord, error) { + var records []fieldsTableRecord + + root := fieldDefinitions + if isPackageFields(fileName) { + root = fieldDefinitions[0].Fields + } + + var err error + for _, f := range root { + records, err = visitFields("", f, records) + if err != nil { + return nil, errors.Wrapf(err, "visiting fields failed") + } + } + return records, nil +} + +func visitFields(namePrefix string, f fieldDefinition, records []fieldsTableRecord) ([]fieldsTableRecord, error) { + var name = namePrefix + if namePrefix != "" { + name += "." + } + name += f.Name + + if len(f.Fields) == 0 && f.Type != "group" { + records = append(records, fieldsTableRecord{ + name: name, + description: f.Description, + aType: f.Type, + }) + return records, nil + } + + var err error + for _, fieldEntry := range f.Fields { + records, err = visitFields(name, fieldEntry, records) + if err != nil { + return nil, errors.Wrapf(err, "recursive visiting fields failed (namePrefix: %s)", namePrefix) + } + } + return records, nil +} diff --git a/dev/import-beats/elasticsearch.go b/dev/import-beats/elasticsearch.go new file mode 100644 index 00000000000..047151f2dcd --- /dev/null +++ b/dev/import-beats/elasticsearch.go @@ -0,0 +1,177 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "regexp" + "strings" + + "github.com/pkg/errors" + yaml "gopkg.in/yaml.v2" +) + +type elasticsearchContent struct { + ingestPipelines []ingestPipelineContent +} + +type ingestPipelineContent struct { + targetFileName string + body []byte +} + +var ( + reUnsupportedIfInPipeline = regexp.MustCompile("{<[ ]{0,1}if[^(>})]+>}") + reUnsupportedIngestPipelineInPipeline = regexp.MustCompile("('|\"){< (IngestPipeline).+>}('|\")") + reUnsupportedPlaceholderInPipeline = regexp.MustCompile("{<.+>}") +) + +func loadElasticsearchContent(datasetPath string) (elasticsearchContent, error) { + var esc elasticsearchContent + + datasetManifestPath := filepath.Join(datasetPath, "manifest.yml") + datasetManifestFile, err := ioutil.ReadFile(datasetManifestPath) + if os.IsNotExist(err) { + return elasticsearchContent{}, nil // no manifest.yml file found, + } + if err != nil { + return elasticsearchContent{}, errors.Wrapf(err, "reading dataset manifest file failed (path: %s)", datasetManifestPath) + } + + var ingestPipelines []string + var dmsp datasetManifestSinglePipeline + err = yaml.Unmarshal(datasetManifestFile, &dmsp) + if err == nil { + if len(dmsp.IngestPipeline) > 0 { + ingestPipelines = append(ingestPipelines, dmsp.IngestPipeline) + } + } else { + var dmmp datasetManifestMultiplePipelines + err = yaml.Unmarshal(datasetManifestFile, &dmmp) + if err != nil { + return elasticsearchContent{}, errors.Wrapf(err, "unmarshalling dataset manifest file failed (path: %s)", datasetManifestPath) + } + + if len(dmmp.IngestPipeline) > 0 { + ingestPipelines = append(ingestPipelines, dmmp.IngestPipeline...) + } + } + + for _, ingestPipeline := range ingestPipelines { + ingestPipeline = ensurePipelineFormat(ingestPipeline) + + log.Printf("\tingest-pipeline found: %s", ingestPipeline) + + var targetFileName string + if len(ingestPipelines) == 1 { + targetFileName, err = buildSingleIngestPipelineTargetName(ingestPipeline) + if err != nil { + return elasticsearchContent{}, errors.Wrapf(err, "can't build single ingest pipeline target name (path: %s)", ingestPipeline) + } + } else { + targetFileName, err = determineIngestPipelineTargetName(ingestPipeline) + if err != nil { + return elasticsearchContent{}, errors.Wrapf(err, "can't determine ingest pipeline target name (path: %s)", ingestPipeline) + } + } + + pipelinePath := filepath.Join(datasetPath, ingestPipeline) + body, err := ioutil.ReadFile(pipelinePath) + if err != nil { + return elasticsearchContent{}, errors.Wrapf(err, "reading pipeline body failed (path: %s)", pipelinePath) + } + + // Fix missing "---" at the beginning of the YAML pipeline. + if strings.HasSuffix(targetFileName, ".yml") && bytes.Index(body, []byte("---")) != 0 { + body = append([]byte("---\n"), body...) + } + + ipc := ingestPipelineContent{ + targetFileName: targetFileName, + body: adjustUnsupportedStructuresInPipeline(body), + } + + err = validateIngestPipeline(ipc) + if err != nil { + return elasticsearchContent{}, + errors.Wrapf(err, "validation of modified ingest pipeline failed (original path: %s)", pipelinePath) + } + + esc.ingestPipelines = append(esc.ingestPipelines, ipc) + } + + return esc, nil +} + +func buildSingleIngestPipelineTargetName(path string) (string, error) { + _, ext, err := splitFilenameExt(path) + if err != nil { + return "", errors.Wrapf(err, "processing filename failed (path: %s)", path) + } + return "default." + ext, nil +} + +func ensurePipelineFormat(ingestPipeline string) string { + if strings.Contains(ingestPipeline, "{{.format}}") { + ingestPipeline = strings.ReplaceAll(ingestPipeline, "{{.format}}", "json") + } + return ingestPipeline +} + +func determineIngestPipelineTargetName(path string) (string, error) { + name, ext, err := splitFilenameExt(path) + if err != nil { + return "", errors.Wrapf(err, "processing filename failed (path: %s)", path) + } + + if name == "pipeline" || name == "pipeline-entry" { + return "default." + ext, nil + } + return fmt.Sprintf("%s.%s", name, ext), nil +} + +func adjustUnsupportedStructuresInPipeline(data []byte) []byte { + data = reUnsupportedIfInPipeline.ReplaceAll(data, []byte{}) + data = bytes.ReplaceAll(data, []byte("{< end >}"), []byte{}) + + data = reUnsupportedIngestPipelineInPipeline.ReplaceAllFunc(data, func(found []byte) []byte { + found = bytes.ReplaceAll(found, []byte("{<"), []byte("{{")) + found = bytes.ReplaceAll(found, []byte(">}"), []byte("}}")) + + if found[0] == '"' { + found = bytes.ReplaceAll(found, []byte(`"`), []byte(`'`)) + found[0] = '"' + found[len(found)-1] = '"' + } + return found + }) + + data = reUnsupportedPlaceholderInPipeline.ReplaceAll(data, []byte("FIX_ME")) + return data +} + +func validateIngestPipeline(content ingestPipelineContent) error { + _, ext, err := splitFilenameExt(content.targetFileName) + if err != nil { + return errors.Wrapf(err, "processing filename failed (path: %s)", content.targetFileName) + } + + var m mapStr + switch ext { + case "json": + err = json.Unmarshal(content.body, &m) + case "yml": + err = yaml.Unmarshal(content.body, &m) + default: + return fmt.Errorf("unsupported pipeline extension (path: %s)", content.targetFileName) + } + return err +} diff --git a/dev/import-beats/fields.go b/dev/import-beats/fields.go new file mode 100644 index 00000000000..ac02c070634 --- /dev/null +++ b/dev/import-beats/fields.go @@ -0,0 +1,250 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + + "github.com/pkg/errors" + yaml "gopkg.in/yaml.v2" +) + +type fieldsContent struct { + files map[string]fieldDefinitionArray +} + +type fieldDefinition struct { + Name string `yaml:"name,omitempty"` + Key string `yaml:"key,omitempty"` + Title string `yaml:"title,omitempty"` + Group *int `yaml:"group,omitempty"` + Level string `yaml:"level,omitempty"` + Required *bool `yaml:"required,omitempty"` + Type string `yaml:"type,omitempty"` + Format string `yaml:"format,omitempty"` + Description string `yaml:"description,omitempty"` + Release string `yaml:"release,omitempty"` + Alias string `yaml:"alias,omitempty"` + Path string `yaml:"path,omitempty"` + Footnote string `yaml:"footnote,omitempty"` + // Example is not consistent in ECS schema (either single field or array) + //Example string `yaml:"example,omitempty"` + IgnoreAbove *int `yaml:"ignore_above,omitempty"` + MultiFields []multiFieldDefinition `yaml:"multi_fields,omitempty"` + Fields fieldDefinitionArray `yaml:"fields,omitempty"` + Migration *bool `yaml:"migration,omitempty"` + + skipped bool +} + +type fieldDefinitionArray []fieldDefinition + +func (fda fieldDefinitionArray) names() []string { + var names []string + for _, f := range fda { + names = append(names, collectFieldNames("", f)...) + } + return names +} + +func (fda fieldDefinitionArray) stripped() fieldDefinitionArray { + var arr fieldDefinitionArray + for _, f := range fda { + stripped := f + if f.Type == "group" { + stripped.Description = "" + } + stripped.Fields = stripped.Fields.stripped() + arr = append(arr, stripped) + } + return arr +} + +func collectFieldNames(namePrefix string, f fieldDefinition) []string { + if namePrefix != "" { + namePrefix = namePrefix + "." + f.Name + } else { + namePrefix = f.Name + } + + if len(f.Fields) == 0 { + return []string{namePrefix} + } + + var collected []string + for _, child := range f.Fields { + collected = append(collected, collectFieldNames(namePrefix, child)...) + } + return collected +} + +type multiFieldDefinition struct { + Name string `yaml:"name,omitempty"` + Type string `yaml:"type,omitempty"` + Norms *bool `yaml:"norms,omitempty"` + DefaultField *bool `yaml:"default_field,omitempty"` +} + +func loadEcsFields(ecsDir string) ([]fieldDefinition, error) { + path := filepath.Join(ecsDir, "generated/beats/fields.ecs.yml") + fs, err := loadFieldsFile(path) + if err != nil { + return nil, errors.Wrapf(err, "loading ECS fields file failed") + } + if len(fs) != 1 { + return nil, errors.Wrapf(err, "expected single root field") + } + return fs[0].Fields, nil +} + +func loadModuleFields(modulePath string) ([]fieldDefinition, error) { + path := filepath.Join(modulePath, "_meta", "fields.yml") + fs, err := loadFieldsFile(path) + if err != nil { + return nil, errors.Wrapf(err, "loading module fields file failed") + } + if len(fs) != 1 { + return nil, errors.Wrapf(err, "expected single root field") + } + return fs, nil +} + +func loadDatasetFields(modulePath, moduleName, datasetName string) ([]fieldDefinition, error) { + fieldsPath := filepath.Join(modulePath, datasetName, "_meta", "fields.yml") + fs, err := loadFieldsFile(fieldsPath) + if err != nil { + return nil, errors.Wrapf(err, "loading dataset fields file failed") + } + for i, f := range fs { + fs[i].Name = fmt.Sprintf("%s.%s", moduleName, f.Name) + } + + fieldsEpr := filepath.Join(modulePath, datasetName, "_meta", "fields.epr.yml") + efs, err := loadFieldsFile(fieldsEpr) + if err != nil { + return nil, errors.Wrapf(err, "loading fields.epr.yml file failed") + } + + fs = append(fs, efs...) + return fs, nil +} + +func loadFieldsFile(path string) ([]fieldDefinition, error) { + fields, err := ioutil.ReadFile(path) + if os.IsNotExist(err) { + return []fieldDefinition{}, nil // return empty array, this is a valid state + } + if err != nil { + return nil, errors.Wrapf(err, "reading fields failed (path: %s)", path) + } + + var fs fieldDefinitionArray + err = yaml.Unmarshal(fields, &fs) + if err != nil { + return nil, errors.Wrapf(err, "unmarshalling fields file failed (path: %s)", path) + } + fs = loadDefaultFieldValues(fs) + return fs, nil +} + +func loadDefaultFieldValues(fs fieldDefinitionArray) fieldDefinitionArray { + var withDefaults fieldDefinitionArray + for _, f := range fs { + if f.Type == "" { + f.Type = "keyword" + } + f.Fields = loadDefaultFieldValues(f.Fields) + withDefaults = append(withDefaults, f) + } + return withDefaults +} + +// filterMigratedFields method filters out fields with "migration: true" property or if it's defined in ECS. +// It returns a migrated fields file and found ECS fields. +func filterMigratedFields(fields []fieldDefinition, ecsFieldNames []string) ([]fieldDefinition, []string, error) { + var filteredEcsFieldNames []string + for i, f := range fields { + fields[i], filteredEcsFieldNames = visitFieldForFilteringMigrated(f, ecsFieldNames, filteredEcsFieldNames) + } + return fields, filteredEcsFieldNames, nil +} + +func visitFieldForFilteringMigrated(f fieldDefinition, ecsFieldNames, filteredEcsFieldNames []string) (fieldDefinition, []string) { + if len(f.Fields) == 0 { + // this field is not a group entry + if f.Type == "alias" { + if f.Migration != nil && *f.Migration { + f.skipped = true // skip the field + } + + for _, ecsFieldName := range ecsFieldNames { + if ecsFieldName == f.Path { + filteredEcsFieldNames = append(filteredEcsFieldNames, ecsFieldName) + f.skipped = true + break + } + } + } + return f, filteredEcsFieldNames + } + + var updated fieldDefinitionArray + for _, fieldsEntry := range f.Fields { + var v fieldDefinition + v, filteredEcsFieldNames = visitFieldForFilteringMigrated(fieldsEntry, ecsFieldNames, filteredEcsFieldNames) + if !v.skipped { + updated = append(updated, v) + } + } + f.Fields = updated + return f, filteredEcsFieldNames +} + +func isPackageFields(fileName string) bool { + return fileName == "package-fields.yml" +} + +func filterEcsFields(ecsFields fieldDefinitionArray, filteredNames []string) fieldDefinitionArray { + var filteredFields fieldDefinitionArray + for _, f := range ecsFields { + visited, checked := visitEcsFieldsToFilter("", f, filteredNames) + if checked { + filteredFields = append(filteredFields, visited) + } + } + return filteredFields +} + +func visitEcsFieldsToFilter(namePrefix string, f fieldDefinition, filteredNames []string) (fieldDefinition, bool) { + var name = namePrefix + if namePrefix != "" { + name += "." + } + name += f.Name + + if len(f.Fields) == 0 && f.Type != "group" { + for _, fn := range filteredNames { + if fn == name { + return f, true + } + } + return f, false + } + + var checked bool + var checkedFields fieldDefinitionArray + for _, fieldEntry := range f.Fields { + visited, fieldChecked := visitEcsFieldsToFilter(name, fieldEntry, filteredNames) + if fieldChecked { + checkedFields = append(checkedFields, visited) + checked = true + } + } + f.Fields = checkedFields + return f, checked +} diff --git a/dev/import-beats/files.go b/dev/import-beats/files.go new file mode 100644 index 00000000000..27de68c8428 --- /dev/null +++ b/dev/import-beats/files.go @@ -0,0 +1,26 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "strings" +) + +func splitFilenameExt(path string) (string, string, error) { + fileName := path + if strings.Contains(path, "/") { + fileName = path[strings.LastIndex(path, "/")+1:] + } + + lastDot := strings.LastIndex(fileName, ".") + if lastDot == -1 { + return "", "", fmt.Errorf("filename doesn't have an extension") + } + + fileNameWithoutExt := fileName[:lastDot] + fileExt := fileName[lastDot+1:] + return fileNameWithoutExt, fileExt, nil +} diff --git a/dev/import-beats/icons.go b/dev/import-beats/icons.go new file mode 100644 index 00000000000..cd1b40346cc --- /dev/null +++ b/dev/import-beats/icons.go @@ -0,0 +1,169 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bufio" + "io/ioutil" + "log" + "os" + "path" + "path/filepath" + "regexp" + "strings" + + "github.com/pkg/errors" +) + +const ( + tutorialsPath = "src/plugins/home/server/tutorials" + kibanaLogosPath = "src/legacy/core_plugins/kibana/public/home/tutorial_resources/logos" +) + +var ( + errIconNotFound = errors.New("icon not found") + iconRe = regexp.MustCompile(`euiIconType: '[^']+'`) + + aliasedModuleNames = map[string]string{ + "redisenterprise": "redis", + "php_fpm": "php", + "postgresql": "postgres", + "appsearch": "app_search", + "googlecloud": "gcp", + } +) + +type iconRepository struct { + icons map[string]string +} + +func newIconRepository(euiDir, kibanaDir string) (*iconRepository, error) { + icons, err := populateIconRepository(euiDir, kibanaDir) + if err != nil { + return nil, errors.Wrapf(err, "populating icon repository failed") + } + return &iconRepository{icons: icons}, nil +} + +func populateIconRepository(euiDir, kibanaDir string) (map[string]string, error) { + log.Println("Populate icon registry") + + kibanaIconRefs, err := retrieveIconPathFromTutorials(kibanaDir) + if err != nil { + return nil, errors.Wrapf(err, "retrieving icon references failed") + } + + euiRefs, err := retrieveIconPathFromEUI(euiDir) + if err != nil { + return nil, errors.Wrapf(err, "collecting icon data failed") + } + + refs := map[string]string{} + for k, v := range kibanaIconRefs { + refs[k] = v + } + for k, v := range euiRefs { + refs[k] = v + } + return refs, nil +} + +func retrieveIconPathFromTutorials(kibanaDir string) (map[string]string, error) { + refs := map[string]string{} + + tutorialsPath := filepath.Join(kibanaDir, tutorialsPath) + tutorialFilePaths, err := filepath.Glob(filepath.Join(tutorialsPath, "*_*", "index.ts")) + if err != nil { + return nil, errors.Wrapf(err, "globbing tutorial files failed (path: %s)", tutorialsPath) + } + + for _, tutorialFilePath := range tutorialFilePaths { + log.Printf("Scan tutorial file: %s", tutorialFilePath) + + tutorialFile, err := ioutil.ReadFile(tutorialFilePath) + if err != nil { + return nil, errors.Wrapf(err, "reading tutorial file failed (path: %s)", tutorialFile) + } + + m := iconRe.Find(tutorialFile) + if m == nil { + log.Printf("\t%s: icon not found", tutorialFilePath) + continue + } + + s := strings.Split(string(m), `'`) + val := s[1] + + // Extracting module name from tutorials path + // e.g. ./src/plugins/home/server/tutorials//php_fpm_metrics/index.ts -> php_fpm + moduleName := tutorialFilePath[len(tutorialsPath)+1:] + moduleName = moduleName[:strings.Index(moduleName, "/")] + moduleName = moduleName[:strings.LastIndex(moduleName, "_")] + + if val[0] == '/' { + iconFileName := val[strings.LastIndex(val, "/")+1:] + val = path.Join(kibanaDir, kibanaLogosPath, iconFileName) + refs[moduleName] = val + } + } + return refs, nil +} + +func retrieveIconPathFromEUI(euiDir string) (map[string]string, error) { + refs := map[string]string{} + + iconMapPath := filepath.Join(euiDir, "src/components/icon/icon.tsx") + iconMapFile, err := os.Open(iconMapPath) + if err != nil { + return nil, errors.Wrapf(err, "opening icon map file failed (path: %s)", iconMapPath) + } + + scanner := bufio.NewScanner(iconMapFile) + var mapFound bool + for scanner.Scan() { + line := scanner.Text() + if mapFound { + line = strings.TrimLeft(line, " ") + if strings.HasPrefix(line, "logo") { + s := strings.Split(line, `'`) + fileName := s[1] + fileNameWithExt := fileName + ".svg" + filePath := filepath.Join(euiDir, "src/components/icon/assets", fileNameWithExt) + moduleName := fileName[strings.Index(fileName, "_")+1:] + refs[moduleName] = filePath + } + } else if strings.HasPrefix(line, `const typeToPathMap = {`) { + mapFound = true + } + } + return refs, nil +} + +func (ir *iconRepository) iconForModule(moduleName string) (imageContent, error) { + source, ok := ir.icons[aliasModuleName(moduleName)] + if !ok { + return imageContent{}, errIconNotFound + } + return imageContent{source: source}, nil +} + +func aliasModuleName(moduleName string) string { + if v, ok := aliasedModuleNames[moduleName]; ok { + return v + } + return moduleName +} + +func createIcons(iconRepository *iconRepository, moduleName string) (imageContentArray, error) { + anIcon, err := iconRepository.iconForModule(moduleName) + if err == errIconNotFound { + log.Printf("\t%s: icon not found", moduleName) + return []imageContent{}, nil + } + if err != nil { + return nil, errors.Wrapf(err, "fetching icon for module failed (moduleName: %s)", moduleName) + } + return []imageContent{anIcon}, nil +} diff --git a/dev/import-beats/images.go b/dev/import-beats/images.go new file mode 100644 index 00000000000..9ae1ee116e4 --- /dev/null +++ b/dev/import-beats/images.go @@ -0,0 +1,153 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "image" + _ "image/jpeg" + _ "image/png" + "io/ioutil" + "log" + "os" + "path" + "regexp" + "strings" + + "github.com/pkg/errors" + + "github.com/elastic/package-registry/util" +) + +var ( + imageRe = regexp.MustCompile(`image::[^\[]+`) + imageTitleReplacer = strings.NewReplacer("_", " ", "-", " ", "/", "") +) + +type imageContent struct { + source string +} + +type imageContentArray []imageContent + +func createImages(beatDocsPath, modulePath string) (imageContentArray, error) { + var images []imageContent + + moduleDocsPath := path.Join(modulePath, "_meta", "docs.asciidoc") + moduleDocsFile, err := ioutil.ReadFile(moduleDocsPath) + if err != nil && !os.IsNotExist(err) { + return nil, errors.Wrapf(err, "reading module docs file failed (path: %s)", moduleDocsPath) + } else if os.IsNotExist(err) { + log.Printf("\tNo docs found (path: %s), skipped", moduleDocsPath) + } else { + log.Printf("\tDocs found (path: %s)", moduleDocsPath) + images = append(images, extractImages(beatDocsPath, moduleDocsFile)...) + } + + datasetDirs, err := ioutil.ReadDir(modulePath) + if err != nil { + return nil, errors.Wrapf(err, "cannot read module directory %s", modulePath) + } + + for _, datasetDir := range datasetDirs { + if !datasetDir.IsDir() { + continue + } + datasetName := datasetDir.Name() + + if datasetName == "_meta" { + continue + } + + log.Printf("\t%s: dataset found", datasetName) + + datasetDocsPath := path.Join(modulePath, datasetName, "_meta", "docs.asciidoc") + datasetDocsFile, err := ioutil.ReadFile(datasetDocsPath) + if err != nil && !os.IsNotExist(err) { + return nil, errors.Wrapf(err, "reading dataset docs file failed (path: %s)", datasetDocsPath) + } else if os.IsNotExist(err) { + log.Printf("\t%s: no docs found (path: %s), skipped", datasetName, datasetDocsPath) + continue + } + + log.Printf("\t%s: docs found (path: %s)", datasetName, datasetDocsPath) + images = append(images, extractImages(beatDocsPath, datasetDocsFile)...) + } + + return images, nil +} + +func extractImages(beatDocsPath string, docsFile []byte) []imageContent { + matches := imageRe.FindAll(docsFile, -1) + + var contents []imageContent + for _, match := range matches { + contents = append(contents, imageContent{ + source: path.Join(beatDocsPath, string(match[7:])), // skip: image:: + }) + } + return contents +} + +func (images imageContentArray) toManifestImages() ([]util.Image, error) { + var imgs []util.Image + for _, image := range images { + i := strings.LastIndex(image.source, "/") + sourceFileName := image.source[i:] + + imageSize, err := readImageSize(image.source) + if err != nil { + return nil, errors.Wrapf(err, "reading image size failed") + } + + imageType, err := extractImageType(image.source) + if err != nil { + return nil, errors.Wrapf(err, "extracting image type failed") + } + + imgs = append(imgs, util.Image{ + Src: path.Join("/img", sourceFileName), + Title: toImageTitle(sourceFileName), + Size: imageSize, + Type: imageType, + }) + } + return imgs, nil +} + +func toImageTitle(fileName string) string { + i := strings.LastIndex(fileName, ".") + return imageTitleReplacer.Replace(fileName[:i]) +} + +func readImageSize(imagePath string) (string, error) { + f, err := os.Open(imagePath) + if err != nil { + return "", errors.Wrapf(err, "opening image failed (path: %s)", imagePath) + } + defer f.Close() + + var img image.Config + if strings.HasSuffix(imagePath, ".svg") { + img, err = SvgDecodeConfig(f) + } else { + img, _, err = image.DecodeConfig(f) + } + if err != nil { + return "", errors.Wrapf(err, "opening image failed (path: %s)", imagePath) + } + return fmt.Sprintf("%dx%d", img.Width, img.Height), nil +} + +func extractImageType(imagePath string) (string, error) { + if strings.HasSuffix(imagePath, ".png") { + return "image/png", nil + } else if strings.HasSuffix(imagePath, ".jpg") { + return "image/jpg", nil + } else if strings.HasSuffix(imagePath, ".svg") { + return "image/svg+xml", nil + } + return "", fmt.Errorf("unknown image type (path: %s)", imagePath) +} diff --git a/dev/import-beats/images_svg.go b/dev/import-beats/images_svg.go new file mode 100644 index 00000000000..a314bdbb626 --- /dev/null +++ b/dev/import-beats/images_svg.go @@ -0,0 +1,103 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "encoding/xml" + "image" + "io" + "io/ioutil" + "strconv" + "strings" + + "github.com/pkg/errors" +) + +type svgFile struct { + Width string `xml:"width,attr"` + Height string `xml:"height,attr"` + + ViewBox string `xml:"viewBox,attr"` +} + +func SvgDecodeConfig(r io.Reader) (image.Config, error) { + data, err := ioutil.ReadAll(r) + if err != nil { + return image.Config{}, errors.Wrapf(err, "reading SVG file failed") + } + + var svgFile svgFile + err = xml.Unmarshal(data, &svgFile) + if err != nil { + return image.Config{}, errors.Wrapf(err, "unmarshalling SVG file failed") + } + + var width, height float64 + if svgFile.Width != "" && svgFile.Height != "" { + width, err = svgParseToPixels(svgFile.Width) + if err != nil { + return image.Config{}, errors.Wrapf(err, "parsing width failed (value: %s)", svgFile.Width) + } + + height, err = svgParseToPixels(svgFile.Height) + if err != nil { + return image.Config{}, errors.Wrapf(err, "parsing width failed (value: %s)", svgFile.Width) + } + } + + if width > 0 && height > 0 { + return image.Config{ + Width: int(width), + Height: int(height), + }, nil + } + + dims := strings.Split(svgFile.ViewBox, " ") + var dimX, dimY string + if len(dims) == 2 { + dimX = dims[0] + dimY = dims[1] + } else if len(dims) == 4 { + dimX = dims[2] + dimY = dims[3] + } + width, err = strconv.ParseFloat(dimX, 32) + if err != nil { + return image.Config{}, errors.Wrapf(err, "parsing viewBox failed (value: %s)", svgFile.ViewBox) + } + + height, err = strconv.ParseFloat(dimY, 32) + if err != nil { + return image.Config{}, errors.Wrapf(err, "parsing viewBox failed (value: %s)", svgFile.ViewBox) + } + + return image.Config{ + Width: int(width), + Height: int(height), + }, nil +} + +func svgParseToPixels(value string) (float64, error) { + v, err := strconv.ParseFloat(value, 32) + if err != nil { + var unit string + var scale float64 + if strings.Contains(value, "pt") { + unit = "pt" + scale = 4.0 / 3 + } else if strings.Contains(value, "mm") { + unit = "mm" + scale = 3.77 + } + + value = strings.ReplaceAll(value, unit, "") + v, err = strconv.ParseFloat(value, 32) + if err != nil { + return -1, errors.Wrapf(err, "parsing width failed (value: %s)", value) + } + v = v * scale + } + return v, nil +} diff --git a/dev/import-beats/kibana.go b/dev/import-beats/kibana.go new file mode 100644 index 00000000000..dab165acb5b --- /dev/null +++ b/dev/import-beats/kibana.go @@ -0,0 +1,477 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "net/http" + "os" + "path" + "strings" + + "github.com/pkg/errors" +) + +var ( + encodedFields = []string{ + "attributes.kibanaSavedObjectMeta.searchSourceJSON", + "attributes.layerListJSON", + "attributes.mapStateJSON", + "attributes.optionsJSON", + "attributes.panelsJSON", + "attributes.uiStateJSON", + "attributes.visState", + } +) + +type kibanaContent struct { + files map[string]map[string][]byte +} + +type kibanaMigrator struct { + hostPort string + username string + password string + + skipKibana bool +} + +type kibanaDocuments struct { + Objects []mapStr `json:"objects"` +} + +func newKibanaMigrator(hostPort string, username string, password string, skipKibana bool) *kibanaMigrator { + return &kibanaMigrator{ + hostPort: hostPort, + username: username, + password: password, + skipKibana: skipKibana, + } +} + +func (km *kibanaMigrator) migrateDashboardFile(dashboardFile []byte, moduleName string, datasetNames []string) ([]byte, error) { + dashboardFile, err := prepareDashboardFile(dashboardFile) + if err != nil { + return nil, errors.Wrapf(err, "preparing file failed") + } + + request, err := http.NewRequest("POST", + fmt.Sprintf("%s/api/kibana/dashboards/import?force=true", km.hostPort), + bytes.NewReader(dashboardFile)) + if err != nil { + return nil, errors.Wrapf(err, "creating POST request failed") + } + request.Header.Add("kbn-xsrf", "8.0.0") + if km.username != "" { + request.SetBasicAuth(km.username, km.password) + } + response, err := http.DefaultClient.Do(request) + if err != nil { + return nil, errors.Wrapf(err, "making POST request to Kibana failed") + } + defer response.Body.Close() + + saved, err := ioutil.ReadAll(response.Body) + if err != nil { + return nil, errors.Wrapf(err, "reading saved object failed") + } + + if response.StatusCode != http.StatusOK { + return nil, fmt.Errorf("making POST request failed: %s", string(saved)) + } + return saved, nil +} + +func prepareDashboardFile(dashboardFile []byte) ([]byte, error) { + var documents kibanaDocuments + + // Rename indices (metricbeat, filebeat) + dashboardFile = bytes.ReplaceAll(dashboardFile, []byte(`metricbeat-*`), []byte(`metrics-*`)) + dashboardFile = bytes.ReplaceAll(dashboardFile, []byte(`filebeat-*`), []byte(`logs-*`)) + + err := json.Unmarshal(dashboardFile, &documents) + if err != nil { + return nil, errors.Wrapf(err, "unmarshalling dashboard file failed") + } + + for i, object := range documents.Objects { + object, err = encodeFields(object) + if err != nil { + return nil, errors.Wrapf(err, "encoding fields failed") + } + documents.Objects[i] = object + } + + data, err := json.Marshal(&documents) + if err != nil { + return nil, errors.Wrapf(err, "marshalling dashboard file failed") + } + return data, nil +} + +func encodeFields(ms mapStr) (mapStr, error) { + for _, field := range encodedFields { + v, err := ms.getValue(field) + if err == errKeyNotFound { + continue + } else if err != nil { + return mapStr{}, errors.Wrapf(err, "retrieving value failed (key: %s)", field) + } + + _, isString := v.(string) + if isString { + continue + } + + ve, err := json.Marshal(v) + if err != nil { + return mapStr{}, errors.Wrapf(err, "marshalling value failed (key: %s)", field) + } + + _, err = ms.put(field, string(ve)) + if err != nil { + return mapStr{}, errors.Wrapf(err, "putting value failed (key: %s)", field) + } + } + return ms, nil +} + +func createKibanaContent(kibanaMigrator *kibanaMigrator, modulePath string, moduleName string, + datasetNames []string) (kibanaContent, error) { + if kibanaMigrator.skipKibana { + log.Printf("\tKibana migrator disabled, skipped (modulePath: %s)", modulePath) + return kibanaContent{}, nil + } + + moduleDashboardPath := path.Join(modulePath, "_meta", "kibana", "7", "dashboard") + moduleDashboards, err := ioutil.ReadDir(moduleDashboardPath) + if os.IsNotExist(err) { + log.Printf("\tno dashboards present, skipped (modulePath: %s)", modulePath) + return kibanaContent{}, nil + } + if err != nil { + return kibanaContent{}, errors.Wrapf(err, "reading module dashboard directory failed (path: %s)", + moduleDashboardPath) + } + + kibana := kibanaContent{ + files: map[string]map[string][]byte{}, + } + for _, moduleDashboard := range moduleDashboards { + log.Printf("\tdashboard found: %s", moduleDashboard.Name()) + + dashboardFilePath := path.Join(moduleDashboardPath, moduleDashboard.Name()) + dashboardFile, err := ioutil.ReadFile(dashboardFilePath) + if err != nil { + return kibanaContent{}, errors.Wrapf(err, "reading dashboard file failed (path: %s)", + dashboardFilePath) + } + + migrated, err := kibanaMigrator.migrateDashboardFile(dashboardFile, moduleName, datasetNames) + if err != nil { + return kibanaContent{}, errors.Wrapf(err, "migrating dashboard file failed (path: %s)", + dashboardFilePath) + } + + extracted, err := convertToKibanaObjects(migrated, moduleName, datasetNames) + if err != nil { + return kibanaContent{}, errors.Wrapf(err, "extracting kibana dashboards failed") + } + + for objectType, objects := range extracted { + if _, ok := kibana.files[objectType]; !ok { + kibana.files[objectType] = map[string][]byte{} + } + + for k, v := range objects { + kibana.files[objectType][k] = v + } + } + } + return kibana, nil +} + +func convertToKibanaObjects(dashboardFile []byte, moduleName string, datasetNames []string) (map[string]map[string][]byte, error) { + var documents kibanaDocuments + + err := json.Unmarshal(dashboardFile, &documents) + if err != nil { + return nil, errors.Wrapf(err, "unmarshalling migrated dashboard file failed") + } + + extracted := map[string]map[string][]byte{} + for _, object := range documents.Objects { + err = object.delete("updated_at") + if err != nil { + return nil, errors.Wrapf(err, "removing field updated_at failed") + } + + err = object.delete("version") + if err != nil { + return nil, errors.Wrapf(err, "removing field version failed") + } + + object, err = decodeFields(object) + if err != nil { + return nil, errors.Wrapf(err, "decoding fields failed") + } + + object, err = stripReferencesToEventModule(object, moduleName, datasetNames) + if err != nil { + return nil, errors.Wrapf(err, "stripping references to event module failed") + } + + aType, err := object.getValue("type") + if err != nil { + return nil, errors.Wrapf(err, "retrieving type failed") + } + + data, err := json.MarshalIndent(object, "", " ") + if err != nil { + return nil, errors.Wrapf(err, "marshalling object failed") + } + + data = replaceBlacklistedWords( + replaceFieldEventDatasetWithStreamDataset( + data)) + + err = verifyKibanaObjectConvertion(data) + if err != nil { + return nil, errors.Wrapf(err, "Kibana object convertion failed") + } + + id, err := object.getValue("id") + if err != nil { + return nil, errors.Wrapf(err, "retrieving id failed") + } + + if _, ok := extracted[aType.(string)]; !ok { + extracted[aType.(string)] = map[string][]byte{} + } + extracted[aType.(string)][id.(string)+".json"] = data + } + + return extracted, nil +} + +func decodeFields(ms mapStr) (mapStr, error) { + for _, field := range encodedFields { + v, err := ms.getValue(field) + if err == errKeyNotFound { + continue + } else if err != nil { + return nil, errors.Wrapf(err, "retrieving value failed (key: %s)", field) + } + + var target interface{} + var vd mapStr + vStr := v.(string) + err = json.Unmarshal([]byte(vStr), &vd) + if err != nil { + var vda []mapStr + err = json.Unmarshal([]byte(vStr), &vda) + if err != nil { + return nil, errors.Wrapf(err, "unmarshalling value failed (key: %s)", field) + } + target = vda + } else { + target = vd + } + + _, err = ms.put(field, target) + if err != nil { + return nil, errors.Wrapf(err, "putting value failed (key: %s)", field) + } + } + return ms, nil +} + +func stripReferencesToEventModule(object mapStr, moduleName string, datasetNames []string) (mapStr, error) { + key := "attributes.kibanaSavedObjectMeta.searchSourceJSON.filter" + object, err := stripReferencesToEventModuleInFilter(object, key, moduleName) + if err != nil { + return nil, errors.Wrapf(err, "stripping reference in searchSourceJSON.filter failed (moduleName: %s)", moduleName) + } + + key = "attributes.kibanaSavedObjectMeta.searchSourceJSON.query" + object, err = stripReferencesToEventModuleInQuery(object, key, moduleName, datasetNames) + if err != nil { + return nil, errors.Wrapf(err, "stripping reference in searchSourceJSON.query failed (moduleName: %s)", moduleName) + } + + key = "attributes.visState.params.filter" + object, err = stripReferencesToEventModuleInQuery(object, key, moduleName, datasetNames) + if err != nil { + return nil, errors.Wrapf(err, "stripping reference in visState failed (moduleName: %s)", moduleName) + } + + return object, nil +} + +func stripReferencesToEventModuleInFilter(object mapStr, filterKey, moduleName string) (mapStr, error) { + filterValue, err := object.getValue(filterKey) + if err != nil && err != errKeyNotFound { + return nil, fmt.Errorf("retrieving key '%s' failed: %v", filterKey, err) + } else if err == errKeyNotFound { + return object, nil // nothing to adjust + } + + filters, ok := filterValue.([]interface{}) + if !ok { + return object, nil // not an array, ignoring + } + if len(filters) == 0 { + return object, nil // empty array, ignoring + } + + var updatedFilters []mapStr + for _, fi := range filters { + filterObject, err := toMapStr(fi) + if err != nil { + return nil, errors.Wrapf(err, "converting to mapstr failed") + } + + metaKeyObject, err := filterObject.getValue("meta.key") + if err != nil { + return nil, errors.Wrapf(err, "retrieving meta.key failed") + } + + metaKey, ok := metaKeyObject.(string) + if ok && metaKey == "event.module" { + _, err = filterObject.put("meta.key", "query") + if err != nil { + return nil, errors.Wrapf(err, "setting meta.key failed") + } + + _, err = filterObject.put("meta.type", "custom") + if err != nil { + return nil, errors.Wrapf(err, "setting meta.type failed") + } + + _, err = filterObject.put("meta.value", fmt.Sprintf("{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"%s.\"}}}", moduleName)) + if err != nil { + return nil, errors.Wrapf(err, "setting meta.value failed") + } + + err = filterObject.delete("meta.params") + if err != nil { + return nil, errors.Wrapf(err, "removing meta.params failed") + } + + q := map[string]interface{}{ + "match_phrase_prefix": map[string]interface{}{ + "stream.dataset": map[string]interface{}{ + "query": moduleName + ".", + }, + }, + } + _, err = filterObject.put("query", q) + if err != nil { + return nil, errors.Wrapf(err, "setting query failed") + } + } + updatedFilters = append(updatedFilters, filterObject) + } + + _, err = object.put(filterKey, updatedFilters) + if err != nil { + return nil, errors.Wrapf(err, "replacing filters failed (moduleName: %s)", moduleName) + } + return object, nil +} + +func stripReferencesToEventModuleInQuery(object mapStr, objectKey, moduleName string, datasetNames []string) (mapStr, error) { + objectValue, err := object.getValue(objectKey) + if _, ok := objectValue.(map[string]interface{}); !ok { + return object, nil // not a map object + } + + languageKey := objectKey + ".language" + queryKey := objectKey + ".query" + + queryValue, err := object.getValue(queryKey) + if err != nil && err != errKeyNotFound { + return nil, fmt.Errorf("retrieving key '%s' failed: %v", queryKey, err) + } else if err == errKeyNotFound { + return object, nil // nothing to adjust + } + + query, ok := queryValue.(string) + if !ok { + return object, nil // complex query (not a simple string) + } + if query == "" { + return object, nil // empty query field + } + + query = strings.ReplaceAll(query, ": ", ":") + query = strings.ReplaceAll(query, " :", ":") + query = strings.ReplaceAll(query, `"`, "") + if strings.Contains(query, "event.module:"+moduleName) && (strings.Contains(query, "metricset.name:") || strings.Contains(query, "fileset.name:")) { + query = strings.ReplaceAll(query, "event.module:"+moduleName, "") + query = strings.ReplaceAll(query, "metricset.name:", fmt.Sprintf("stream.dataset:%s.", moduleName)) + query = strings.ReplaceAll(query, "fileset.name:", fmt.Sprintf("stream.dataset:%s.", moduleName)) + query = strings.TrimSpace(query) + if strings.HasPrefix(query, "AND ") { + query = query[4:] + } + + _, err := object.put(queryKey, query) + if err != nil { + return nil, fmt.Errorf("replacing key '%s' failed: %v", queryKey, err) + } + } else if strings.Contains(query, "event.module:"+moduleName) { + var eventDatasets []string + for _, datasetName := range datasetNames { + eventDatasets = append(eventDatasets, fmt.Sprintf("stream.dataset:%s.%s", moduleName, datasetName)) + } + + value := " (" + strings.Join(eventDatasets, " OR ") + ") " + query = strings.ReplaceAll(query, "event.module:"+moduleName, value) + query = strings.TrimSpace(query) + + _, err := object.put(queryKey, query) + if err != nil { + return nil, fmt.Errorf("replacing key '%s' failed: %v", queryKey, err) + } + + _, err = object.put(languageKey, "kuery") + if err != nil { + return nil, fmt.Errorf("replacing key '%s' failed: %v", languageKey, err) + } + } + return object, nil +} + +func replaceFieldEventDatasetWithStreamDataset(data []byte) []byte { + return bytes.ReplaceAll(data, []byte("event.dataset"), []byte("stream.dataset")) +} + +func replaceBlacklistedWords(data []byte) []byte { + data = bytes.ReplaceAll(data, []byte("Metricbeat"), []byte("Metrics")) + data = bytes.ReplaceAll(data, []byte("metricbeat"), []byte("metrics")) + data = bytes.ReplaceAll(data, []byte("Filebeat"), []byte("Logs")) + data = bytes.ReplaceAll(data, []byte("filebeat"), []byte("logs")) + data = bytes.ReplaceAll(data, []byte("Module"), []byte("Integration")) + data = bytes.ReplaceAll(data, []byte("module"), []byte("integration")) + return data +} + +func verifyKibanaObjectConvertion(data []byte) error { + i := bytes.Index(data, []byte("event.module")) + if i > 0 { + return fmt.Errorf("event.module spotted at pos. %d", i) + } + + i = bytes.Index(data, []byte("event.dataset")) + if i > 0 { + return fmt.Errorf("event.dataset spotted at pos. %d", i) + } + return nil +} diff --git a/dev/import-beats/main.go b/dev/import-beats/main.go new file mode 100644 index 00000000000..44db25ad50e --- /dev/null +++ b/dev/import-beats/main.go @@ -0,0 +1,140 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "flag" + "log" + "net/url" + "os" + "strings" + + "github.com/pkg/errors" +) + +type importerOptions struct { + // Beats repository directory + beatsDir string + + // Kibana host and port + kibanaHostPort string + // Kibana username + kibanaUsername string + // Kibana password + kibanaPassword string + // Kibana repository directory + kibanaDir string + // Skip storing Kibana objects + skipKibana bool + + // Elastic UI Framework directory + euiDir string + + // Elastic Common Schema directory + ecsDir string + + // Packages selected for the import (comma-delimited list) + packages string + + // Target public directory where the generated packages should end up in + outputDir string +} + +func (o *importerOptions) validate() error { + _, err := os.Stat(o.beatsDir) + if err != nil { + return errors.Wrapf(err, "stat file failed (path: %s)", o.beatsDir) + } + + _, err = url.Parse(o.kibanaHostPort) + if err != nil { + return errors.Wrapf(err, "parsing Kibana's host:port failed (hostPort: %s)", o.kibanaHostPort) + } + + _, err = os.Stat(o.kibanaDir) + if err != nil { + return errors.Wrapf(err, "stat file failed (path: %s)", o.kibanaDir) + } + + _, err = os.Stat(o.euiDir) + if err != nil { + return errors.Wrapf(err, "stat file failed (path: %s)", o.euiDir) + } + + _, err = os.Stat(o.outputDir) + if err != nil { + return errors.Wrapf(err, "stat file failed (path: %s)", o.outputDir) + } + return nil +} + +func (o *importerOptions) selectedPackages() []string { + var selected []string + p := strings.TrimSpace(o.packages) + if len(p) > 0 { + selected = strings.Split(p, ",") + } + return selected +} + +func main() { + var options importerOptions + + flag.StringVar(&options.beatsDir, "beatsDir", "../beats", "Path to the beats repository") + flag.StringVar(&options.kibanaDir, "kibanaDir", "../kibana", "Path to the kibana repository") + flag.StringVar(&options.kibanaHostPort, "kibanaHostPort", "http://localhost:5601", "Kibana host and port") + flag.StringVar(&options.kibanaUsername, "kibanaUsername", "elastic", "Kibana username") + flag.StringVar(&options.kibanaPassword, "kibanaPassword", "changeme", "Kibana password") + flag.BoolVar(&options.skipKibana, "skipKibana", false, "Skip storing Kibana objects") + flag.StringVar(&options.euiDir, "euiDir", "../eui", "Path to the Elastic UI framework repository") + flag.StringVar(&options.ecsDir, "ecsDir", "../ecs", "Path to the Elastic Common Schema repository") + flag.StringVar(&options.packages, "packages", "", "Packages selected for the import") + flag.StringVar(&options.outputDir, "outputDir", "dev/packages/beats", "Path to the output directory") + flag.Parse() + + err := options.validate() + if err != nil { + log.Fatal(err) + } + + if err := build(options); err != nil { + log.Fatal(err) + } +} + +// build method visits all beats in beatsDir to collect configuration data for modules. +// The package-registry groups integrations per target product not per module type. It's opposite to the beats project, +// where logs and metrics are distributed with different beats (oriented either on logs or metrics - metricbeat, +// filebeat, etc.). +func build(options importerOptions) error { + iconRepository, err := newIconRepository(options.euiDir, options.kibanaDir) + if err != nil { + return errors.Wrap(err, "creating icon repository failed") + } + kibanaMigrator := newKibanaMigrator(options.kibanaHostPort, + options.kibanaUsername, + options.kibanaPassword, + options.skipKibana) + ecsFields, err := loadEcsFields(options.ecsDir) + if err != nil { + return errors.Wrap(err, "loading ECS fields failed") + } + + repository := newPackageRepository(iconRepository, kibanaMigrator, ecsFields, options.selectedPackages()) + + for _, beatName := range logSources { + err := repository.createPackagesFromSource(options.beatsDir, beatName, "logs") + if err != nil { + return errors.Wrap(err, "creating from logs source failed") + } + } + for _, beatName := range metricSources { + err := repository.createPackagesFromSource(options.beatsDir, beatName, "metrics") + if err != nil { + return errors.Wrap(err, "creating from metrics source failed") + } + } + return repository.save(options.outputDir) +} diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go new file mode 100644 index 00000000000..9f9a05e073d --- /dev/null +++ b/dev/import-beats/packages.go @@ -0,0 +1,499 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "io" + "io/ioutil" + "log" + "os" + "path" + "path/filepath" + "strings" + "text/template" + + "github.com/pkg/errors" + yaml "gopkg.in/yaml.v2" + + "github.com/elastic/package-registry/util" +) + +var ignoredModules = map[string]bool{"apache2": true} + +var removablePackages = map[string]bool{"system": false} + +type packageContent struct { + manifest util.Package + datasets datasetContentArray + images []imageContent + kibana kibanaContent + docs []docContent + datasource datasourceContent +} + +func newPackageContent(name string) packageContent { + return packageContent{ + manifest: util.Package{ + FormatVersion: "1.0.0", + Name: name, + Version: "0.0.1", // TODO + Type: "integration", + License: "basic", + Removable: determineIfPackageIsRemovable(name), + Release: "experimental", + }, + kibana: kibanaContent{ + files: map[string]map[string][]byte{}, + }, + } +} + +func determineIfPackageIsRemovable(name string) bool { + _, ok := removablePackages[name] + return !ok +} + +func (pc *packageContent) addDatasets(ds []datasetContent) { + for _, dc := range ds { + for i, v := range pc.datasets { + if v.name == dc.name { + if v.beatType != dc.beatType { + pc.datasets[i].name = fmt.Sprintf("%s-%s", pc.datasets[i].name, pc.datasets[i].beatType) + dc.name = fmt.Sprintf("%s-%s", dc.name, dc.beatType) + pc.datasets = append(pc.datasets, dc) + } else { + log.Printf("Resolve naming conflict (packageName: %s, beatType: %s)", dc.name, dc.beatType) + pc.datasets[i] = dc + } + break + } + } + pc.datasets = append(pc.datasets, dc) + } +} + +func (pc *packageContent) addKibanaContent(kc kibanaContent) { + if kc.files != nil { + for objectType, objects := range kc.files { + if _, ok := pc.kibana.files[objectType]; !ok { + pc.kibana.files[objectType] = map[string][]byte{} + } + + for k, v := range objects { + pc.kibana.files[objectType][k] = v + } + } + } +} + +type packageRepository struct { + iconRepository *iconRepository + kibanaMigrator *kibanaMigrator + ecsFields fieldDefinitionArray + selectedPackageNames []string + + packages map[string]packageContent +} + +func newPackageRepository(iconRepository *iconRepository, kibanaMigrator *kibanaMigrator, + ecsFields fieldDefinitionArray, selectedPackageNames []string) *packageRepository { + return &packageRepository{ + iconRepository: iconRepository, + kibanaMigrator: kibanaMigrator, + ecsFields: ecsFields, + selectedPackageNames: selectedPackageNames, + + packages: map[string]packageContent{}, + } +} + +func (r *packageRepository) createPackagesFromSource(beatsDir, beatName, beatType string) error { + beatPath := filepath.Join(beatsDir, beatName) + beatModulesPath := filepath.Join(beatPath, "module") + + moduleDirs, err := ioutil.ReadDir(beatModulesPath) + if err != nil { + return errors.Wrapf(err, "cannot read directory '%s'", beatModulesPath) + } + + for _, moduleDir := range moduleDirs { + if !moduleDir.IsDir() { + continue + } + moduleName := moduleDir.Name() + + if !r.packageSelected(moduleName) { + continue + } + + log.Printf("%s %s: module found\n", beatName, moduleName) + if _, ok := ignoredModules[moduleName]; ok { + log.Printf("%s %s: module skipped\n", beatName, moduleName) + continue + } + modulePath := path.Join(beatModulesPath, moduleName) + + _, ok := r.packages[moduleName] + if !ok { + r.packages[moduleName] = newPackageContent(moduleName) + } + + aPackage := r.packages[moduleName] + manifest := aPackage.manifest + manifest.Categories = append(manifest.Categories, beatType) + + // fields + moduleFields, err := loadModuleFields(modulePath) + if err != nil { + return err + } + moduleFields, filteredEcsModuleFieldNames, err := filterMigratedFields(moduleFields, r.ecsFields.names()) + if err != nil { + return err + } + + // title + maybeTitle := moduleFields[0].Title + if maybeTitle != "" { + manifest.Title = &maybeTitle + manifest.Description = maybeTitle + " Integration" + } + + // img + beatDocsPath := selectDocsPath(beatsDir, beatName) + images, err := createImages(beatDocsPath, modulePath) + if err != nil { + return err + } + aPackage.images = append(aPackage.images, images...) + + // img/icons + // The condition prevents from adding an icon multiple times (e.g. for metricbeat and filebeat). + if len(manifest.Icons) == 0 { + icons, err := createIcons(r.iconRepository, moduleName) + if err != nil { + return err + } + aPackage.images = append(aPackage.images, icons...) + + manifestIcons, err := icons.toManifestImages() + if err != nil { + return err + } + manifest.Icons = append(manifest.Icons, manifestIcons...) + } + + // img/screenshots + screenshots, err := images.toManifestImages() + if err != nil { + return err + } + manifest.Screenshots = append(manifest.Screenshots, screenshots...) + + // docs + if len(aPackage.docs) == 0 { + packageDocsPath := filepath.Join("dev/import-beats-resources", moduleDir.Name(), "docs") + docs, err := createDocTemplates(packageDocsPath) + if err != nil { + return err + } + aPackage.docs = append(aPackage.docs, docs...) + } + + // datasets + var moduleTitle = "TODO" + if manifest.Title != nil { + moduleTitle = *manifest.Title + } + + datasets, err := createDatasets(beatType, modulePath, moduleName, moduleTitle, manifest.Release, moduleFields, filteredEcsModuleFieldNames, r.ecsFields) + if err != nil { + return err + } + datasets, inputVarsPerInputType, err := compactDatasetVariables(datasets) + if err != nil { + return err + } + aPackage.addDatasets(datasets) + + // datasources + aPackage.datasource, err = updateDatasource(aPackage.datasource, updateDatasourcesParameters{ + moduleName: moduleName, + moduleTitle: moduleTitle, + packageType: beatType, + datasetNames: datasets.names(), + inputVars: inputVarsPerInputType, + }) + if err != nil { + return err + } + manifest.Datasources = aPackage.datasource.toMetadataDatasources() + + // kibana + kibana, err := createKibanaContent(r.kibanaMigrator, modulePath, moduleName, datasets.names()) + if err != nil { + return err + } + aPackage.addKibanaContent(kibana) + manifest.Requirement, err = createRequirement(aPackage.kibana, aPackage.datasets) + if err != nil { + return err + } + + aPackage.manifest = manifest + r.packages[moduleDir.Name()] = aPackage + } + return nil +} + +func (r *packageRepository) packageSelected(packageName string) bool { + if len(r.selectedPackageNames) == 0 { + return true + } + + for _, f := range r.selectedPackageNames { + if f == packageName { + return true + } + } + return false +} + +func (r *packageRepository) save(outputDir string) error { + for packageName, content := range r.packages { + manifest := content.manifest + + log.Printf("%s/%s write package content\n", packageName, manifest.Version) + + packagePath := filepath.Join(outputDir, packageName, manifest.Version) + err := os.MkdirAll(packagePath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for module: '%s'", packagePath) + } + + m, err := yaml.Marshal(content.manifest) + if err != nil { + return errors.Wrapf(err, "marshaling package manifest failed (packageName: %s)", packageName) + } + + manifestFilePath := filepath.Join(packagePath, "manifest.yml") + err = ioutil.WriteFile(manifestFilePath, m, 0644) + if err != nil { + return errors.Wrapf(err, "writing manifest file failed (path: %s)", manifestFilePath) + } + + // dataset + for _, dataset := range content.datasets { + datasetPath := filepath.Join(packagePath, "dataset", dataset.name) + err := os.MkdirAll(datasetPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset: '%s'", datasetPath) + } + + // dataset/manifest.yml + m, err := yaml.Marshal(dataset.manifest) + if err != nil { + return errors.Wrapf(err, "marshaling dataset manifest failed (datasetName: %s)", dataset.name) + } + + manifestFilePath := filepath.Join(datasetPath, "manifest.yml") + err = ioutil.WriteFile(manifestFilePath, m, 0644) + if err != nil { + return errors.Wrapf(err, "writing dataset manifest file failed (path: %s)", manifestFilePath) + } + + // dataset/fields + if len(dataset.fields.files) > 0 { + datasetFieldsPath := filepath.Join(datasetPath, "fields") + err := os.MkdirAll(datasetFieldsPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset fields: '%s'", datasetPath) + } + + for fieldsFileName, definitions := range dataset.fields.files { + log.Printf("%s: write '%s' file\n", dataset.name, fieldsFileName) + + fieldsFilePath := filepath.Join(datasetFieldsPath, fieldsFileName) + var fieldsFile []byte + + var root fieldDefinitionArray + if isPackageFields(fieldsFileName) { // remove the wrapping layer + root = definitions[0].Fields + } else { + root = definitions + } + + stripped := root.stripped() + fieldsFile, err := yaml.Marshal(&stripped) + if err != nil { + return errors.Wrapf(err, "marshalling fields file failed (path: %s)", fieldsFilePath) + } + err = ioutil.WriteFile(fieldsFilePath, fieldsFile, 0644) + if err != nil { + return errors.Wrapf(err, "writing fields file failed (path: %s)", fieldsFilePath) + } + } + } + + // dataset/elasticsearch + if len(dataset.elasticsearch.ingestPipelines) > 0 { + ingestPipelinesPath := filepath.Join(datasetPath, "elasticsearch", util.DirIngestPipeline) + err := os.MkdirAll(ingestPipelinesPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset ingest pipelines: '%s'", ingestPipelinesPath) + } + + for _, ingestPipeline := range dataset.elasticsearch.ingestPipelines { + ingestPipelinePath := filepath.Join(ingestPipelinesPath, ingestPipeline.targetFileName) + log.Printf("write ingest pipeline file '%s'", ingestPipelinePath) + + err := ioutil.WriteFile(ingestPipelinePath, ingestPipeline.body, 0644) + if err != nil { + return errors.Wrapf(err, "writing ingest pipeline failed") + } + } + } + + // dataset/agent/stream + if len(dataset.agent.streams) > 0 { + agentStreamPath := filepath.Join(datasetPath, "agent", "stream") + err := os.MkdirAll(agentStreamPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset agent stream: '%s'", agentStreamPath) + } + + for _, agentStream := range dataset.agent.streams { + err := ioutil.WriteFile(path.Join(agentStreamPath, agentStream.targetFileName), agentStream.body, 0644) + if err != nil { + return errors.Wrapf(err, "writing agent stream file failed") + } + } + } + } + + // img + imgDstDir := path.Join(packagePath, "img") + for _, image := range content.images { + log.Printf("copy image file '%s' to '%s'", image.source, imgDstDir) + err := copyFile(image.source, imgDstDir) + if err != nil { + return errors.Wrapf(err, "copying file failed") + } + } + + // kibana + if len(content.kibana.files) > 0 { + kibanaPath := filepath.Join(packagePath, "kibana") + + for objectType, objects := range content.kibana.files { + resourcePath := filepath.Join(kibanaPath, objectType) + + err := os.MkdirAll(resourcePath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dashboard files: '%s'", resourcePath) + } + + for fileName, body := range objects { + resourceFilePath := filepath.Join(resourcePath, fileName) + + log.Printf("create resource file: %s", resourceFilePath) + err = ioutil.WriteFile(resourceFilePath, body, 0644) + if err != nil { + return errors.Wrapf(err, "writing resource file failed (path: %s)", resourceFilePath) + } + } + } + } + + // docs + if len(content.docs) > 0 { + docsPath := filepath.Join(packagePath, "docs") + err := os.MkdirAll(docsPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for docs: '%s'", docsPath) + } + + for _, doc := range content.docs { + err = writeDoc(docsPath, doc, content) + if err != nil { + return errors.Wrapf(err, "cannot write docs (docsPath: %s, fileName: %s)", docsPath, + doc.fileName) + } + } + } + } + return nil +} + +func writeDoc(docsPath string, doc docContent, aPackage packageContent) error { + log.Printf("write '%s' file\n", doc.fileName) + + docFilePath := filepath.Join(docsPath, doc.fileName) + f, err := os.OpenFile(docFilePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) + defer f.Close() + + if err != nil { + return errors.Wrapf(err, "opening doc file failed (path: %s)", docFilePath) + } + t := template.New(doc.fileName) + if doc.templatePath == "" { + t = template.Must(t.Parse("TODO")) + } else { + t, err = t.Funcs(template.FuncMap{ + "fields": func(dataset string) (string, error) { + return renderExportedFields(dataset, aPackage.datasets) + }, + }).ParseFiles(doc.templatePath) + if err != nil { + return errors.Wrapf(err, "parsing doc template failed (path: %s)", doc.templatePath) + } + } + err = t.Execute(f, nil) + if err != nil { + return errors.Wrapf(err, "rendering doc file failed (path: %s)", docFilePath) + } + return nil +} + +func copyFile(src, dstDir string) error { + i := strings.LastIndex(src, "/") + sourceFileName := src[i:] + + return copyFileToTarget(src, dstDir, sourceFileName) +} + +func copyFileToTarget(src, dstDir, targetFileName string) error { + sourceFile, err := os.Open(src) + if err != nil { + return errors.Wrapf(err, "opening file failed (src: %s)", src) + } + defer sourceFile.Close() + + dst := path.Join(dstDir, targetFileName) + err = os.MkdirAll(dstDir, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory: '%s'", dst) + } + + dstFile, err := os.Create(dst) + if err != nil { + return errors.Wrapf(err, "creating target file failed (dst: %s)", dst) + } + defer dstFile.Close() + + _, err = io.Copy(dstFile, sourceFile) + if err != nil { + return errors.Wrapf(err, "copying file failed (src: %s, dst: %s)", src, dst) + } + return nil +} + +func selectDocsPath(beatsDir, beatName string) string { + if strings.HasPrefix(beatName, "x-pack/") { + return path.Join(beatsDir, beatName[7:], "docs") + } + return path.Join(beatsDir, beatName, "docs") +} diff --git a/dev/import-beats/requirement.go b/dev/import-beats/requirement.go new file mode 100644 index 00000000000..e130380a26a --- /dev/null +++ b/dev/import-beats/requirement.go @@ -0,0 +1,101 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "encoding/json" + "fmt" + + "github.com/blang/semver" + "github.com/pkg/errors" + + "github.com/elastic/package-registry/util" +) + +var zeroVersion = semver.MustParse("0.0.0") + +func createRequirement(kibanaContent kibanaContent, datasetContent []datasetContent) (util.Requirement, error) { + kibanaRequirement, err := findRequiredKibanaVersion(kibanaContent) + if err != nil { + return util.Requirement{}, errors.Wrapf(err, "finding required Kibana version failed") + } + return util.Requirement{ + Elasticsearch: findRequiredElasticsearchVersion(datasetContent), + Kibana: kibanaRequirement, + }, nil +} + +func findRequiredElasticsearchVersion(datasetContent []datasetContent) util.ProductRequirement { + for _, dc := range datasetContent { + if len(dc.elasticsearch.ingestPipelines) > 0 { + return util.ProductRequirement{ + Versions: ">7.0.1", + } + } + } + return util.ProductRequirement{} +} + +func findRequiredKibanaVersion(kibanaContent kibanaContent) (util.ProductRequirement, error) { + dashboards, ok := kibanaContent.files["dashboard"] + if !ok { + return util.ProductRequirement{}, nil // no dashboards available, no version requirement + } + + currentVersion := zeroVersion + + for _, dashboardFile := range dashboards { + var dashboard mapStr + err := json.Unmarshal(dashboardFile, &dashboard) + if err != nil { + return util.ProductRequirement{}, errors.Wrap(err, "unmarshalling dashboard filed") + } + + panels, err := dashboard.getValue("attributes.panelsJSON") + if err == errKeyNotFound { + continue // panelsJSON is missing, skip this dashboard + } + if err != nil { + return util.ProductRequirement{}, errors.Wrap(err, "retrieving key 'attributes.panelsJSON' failed") + } + + panelsValue := panels.([]interface{}) + if len(panelsValue) == 0 { + continue // panelsJSON is present, but empty, skip this dashboard + } + + for _, panel := range panelsValue { + panelValue, err := toMapStr(panel) + if err != nil { + return util.ProductRequirement{}, errors.Wrap(err, "converting to mapstr failed") + } + + version, err := panelValue.getValue("version") + if err == errKeyNotFound { + continue // no version tag, skip this panel + } + if err != nil { + return util.ProductRequirement{}, errors.Wrap(err, "retrieving key 'version' failed") + } + versionValue := version.(string) + parsed, err := semver.Parse(versionValue) + if err != nil { + return util.ProductRequirement{}, errors.Wrapf(err, "parsing version failed (value: %s)", versionValue) + } + + if currentVersion.LT(parsed) { + currentVersion = parsed + } + } + } + + if currentVersion.EQ(zeroVersion) { + return util.ProductRequirement{}, nil // no version requirement found, even if all files were visited. + } + + return util.ProductRequirement{ + Versions: fmt.Sprintf(">=%s <8.0.0", currentVersion), + }, nil +} diff --git a/dev/import-beats/sources.go b/dev/import-beats/sources.go new file mode 100644 index 00000000000..ab38cc78c39 --- /dev/null +++ b/dev/import-beats/sources.go @@ -0,0 +1,15 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +var metricSources = []string{ + "metricbeat", + "x-pack/metricbeat", +} + +var logSources = []string{ + "filebeat", + "x-pack/filebeat", +} diff --git a/dev/import-beats/streams.go b/dev/import-beats/streams.go new file mode 100644 index 00000000000..9978e27f3f6 --- /dev/null +++ b/dev/import-beats/streams.go @@ -0,0 +1,167 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strings" + + "github.com/pkg/errors" + + "github.com/elastic/package-registry/util" +) + +// createStreams method builds a set of stream inputs including configuration variables. +// Stream definitions depend on a beat type - log or metric. +// At the moment, the array returns only one stream. +func createStreams(modulePath, moduleName, moduleTitle, datasetName, beatType string) ([]util.Stream, agentContent, error) { + var streams []util.Stream + var agent agentContent + var err error + + switch beatType { + case "logs": + streams, agent, err = createLogStreams(modulePath, moduleTitle, datasetName) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "creating log streams failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + case "metrics": + streams, agent, err = createMetricStreams(modulePath, moduleName, moduleTitle, datasetName) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "creating metric streams failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + default: + return nil, agentContent{}, fmt.Errorf("invalid beat type: %s", beatType) + } + return streams, agent, nil +} + +// createLogStreams method builds a set of stream inputs for logs oriented dataset. +// The method unmarshals "manifest.yml" file and picks all configuration variables. +func createLogStreams(modulePath, moduleTitle, datasetName string) ([]util.Stream, agentContent, error) { + manifestPath := filepath.Join(modulePath, datasetName, "manifest.yml") + manifestFile, err := ioutil.ReadFile(manifestPath) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "reading manifest file failed (path: %s)", manifestPath) + } + + vars, err := createLogStreamVariables(manifestFile) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "creating log stream variables failed (path: %s)", manifestPath) + } + + configFilePaths, err := filepath.Glob(filepath.Join(modulePath, datasetName, "config", "*.*")) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "locating config files failed (modulePath: %s, datasetName: %s)", modulePath, datasetName) + } + + if len(configFilePaths) == 0 { + return nil, agentContent{}, fmt.Errorf("expected at least one config file (modulePath: %s, datasetName: %s)", modulePath, datasetName) + } + + var streams []util.Stream + var agent agentContent + for _, configFilePath := range configFilePaths { + fileName := extractInputConfigFilename(configFilePath) + fileContent, err := ioutil.ReadFile(configFilePath) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "reading file from config directory failed (filePath: %s)", configFilePath) + } + + if strings.HasSuffix(configFilePath, ".js") { + agent.streams = append(agent.streams, streamContent{ + targetFileName: fileName, + body: fileContent, + }) + continue + } + + root, err := parseStreamConfig(fileContent) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "parsing stream config failed") + } + + for _, inputType := range root.inputTypes() { + aType := inputType + if inputType == "log" { + aType = "logs" + } + targetFileName := inputType + ".yml.hbs" + + inputConfig := root.configForInput(inputType) + agent.streams = append(agent.streams, streamContent{ + targetFileName: targetFileName, + body: inputConfig, + }) + + streams = append(streams, util.Stream{ + Input: aType, + Title: fmt.Sprintf("%s %s logs (%s)", moduleTitle, datasetName, inputType), + Description: fmt.Sprintf("Collect %s %s logs using %s input", moduleTitle, datasetName, inputType), + TemplatePath: targetFileName, + Vars: root.filterVarsForInput(inputType, vars), + }) + } + } + return streams, agent, nil +} + +// wrapVariablesWithDefault method builds a set of stream inputs for metrics oriented dataset. +// The method combines all config files in module's _meta directory, unmarshals all configuration entries and selects +// ones related to the particular metricset (first seen, first occurrence, next occurrences skipped). +// +// The method skips commented variables, but keeps arrays of structures (even if it's not possible to render them using +// UI). +func createMetricStreams(modulePath, moduleName, moduleTitle, datasetName string) ([]util.Stream, agentContent, error) { + merged, err := mergeMetaConfigFiles(modulePath) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "merging config files failed") + } + + vars, err := createMetricStreamVariables(merged, moduleName, datasetName) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "creating metric stream variables failed (modulePath: %s)", modulePath) + } + streams := []util.Stream{ + { + Input: moduleName + "/metrics", + Title: fmt.Sprintf("%s %s metrics", moduleTitle, datasetName), + Description: fmt.Sprintf("Collect %s %s metrics", moduleTitle, datasetName), + Vars: vars, + }, + } + + agent, err := createAgentContentForMetrics(moduleName, datasetName, streams) + if err != nil { + return nil, agentContent{}, errors.Wrapf(err, "creating agent content for logs failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + return streams, agent, nil +} + +// mergeMetaConfigFiles method visits all configuration YAML files and combines them into single document. +func mergeMetaConfigFiles(modulePath string) ([]byte, error) { + configFilePaths, err := filepath.Glob(filepath.Join(modulePath, "_meta", "config*.yml")) + if err != nil { + return nil, errors.Wrapf(err, "locating config files failed (modulePath: %s)", modulePath) + } + + var mergedConfig bytes.Buffer + for _, configFilePath := range configFilePaths { + configFile, err := ioutil.ReadFile(configFilePath) + if err != nil && !os.IsNotExist(err) { + return nil, errors.Wrapf(err, "reading config file failed (path: %s)", configFilePath) + } + mergedConfig.Write(configFile) + mergedConfig.WriteString("\n") + } + return mergedConfig.Bytes(), nil +} diff --git a/dev/import-beats/streams_config_parser.go b/dev/import-beats/streams_config_parser.go new file mode 100644 index 00000000000..0229db59b21 --- /dev/null +++ b/dev/import-beats/streams_config_parser.go @@ -0,0 +1,389 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "bytes" + "fmt" + "regexp" + "text/template/parse" + + "github.com/pkg/errors" + + "github.com/elastic/package-registry/util" +) + +type streamConfigParsed struct { + tree *parse.Tree +} + +func parseStreamConfig(content []byte) (*streamConfigParsed, error) { + mapOfParsed, err := parse.Parse("input-config", string(content), "", "", map[string]interface{}{ + "eq": func() {}, + "printf": func() {}, + }) + if err != nil { + return nil, errors.Wrapf(err, "parsing template failed") + } + return &streamConfigParsed{ + tree: mapOfParsed["input-config"], + }, nil +} + +func (scp *streamConfigParsed) inputTypes() []string { + return uniqueStringValues(inputTypesForNode(scp.tree.Root)) +} + +func inputTypesForNode(node parse.Node) []string { + textNode, isTextNode := node.(*parse.TextNode) + if isTextNode { + inputType, ok := extractInputTypeFromTextNode(textNode) + if ok { + return []string{inputType} + } + return nil + } + + listNode, isListNode := node.(*parse.ListNode) + if isListNode { + return inputTypesForListNode(listNode) + } + + ifNode, isIfNode := node.(*parse.IfNode) + if isIfNode { + var inputTypes []string + + if ifNode.List != nil { + inputTypes = append(inputTypes, inputTypesForListNode(ifNode.List)...) + } + if ifNode.ElseList != nil { + inputTypes = append(inputTypes, inputTypesForListNode(ifNode.ElseList)...) + } + return inputTypes + } + return nil +} + +func extractInputTypeFromTextNode(textNode *parse.TextNode) (string, bool) { + i := bytes.Index(textNode.Text, []byte("type: ")) + if i > -1 && (i == 0 || textNode.Text[i-1] == '\n') { + aType := textNode.Text[i+6:] + j := bytes.IndexByte(aType, '\n') + if j < 0 { + j = len(textNode.Text) + } + aType = aType[:j] + return string(aType), true + } + return "", false +} + +func inputTypesForListNode(listNode *parse.ListNode) []string { + var inputTypes []string + for _, listedNode := range listNode.Nodes { + it := inputTypesForNode(listedNode) + inputTypes = append(inputTypes, it...) + } + return inputTypes +} + +func (scp *streamConfigParsed) configForInput(inputType string) []byte { + if inputType == "log" { + inputType = "file" + } + + config := configForInputForNode(scp.tree.Root, inputType) + r := regexp.MustCompile("(\n)+") + return bytes.TrimSpace(r.ReplaceAll(config, []byte{'\n'})) +} + +func configForInputForNode(node parse.Node, inputType string) []byte { + textNode, isTextNode := node.(*parse.TextNode) + if isTextNode { + return writeHandlebarsTextNode(textNode) + } + + listNode, isListNode := node.(*parse.ListNode) + if isListNode { + return writeHandlebarsListNode(listNode, inputType) + } + + ifNode, isIfNode := node.(*parse.IfNode) + if isIfNode { + return writeHandlebarsIfNode(ifNode, inputType) + } + + rangeNode, isRangeNode := node.(*parse.RangeNode) + if isRangeNode { + return writeHandlebarsRangeNode(rangeNode, inputType) + } + + actionNode, isActionNode := node.(*parse.ActionNode) + if isActionNode { + return writeHandlebarsActionNode(actionNode) + } + + panic(fmt.Sprintf("unsupported node: %s", node.String())) +} + +func writeHandlebarsTextNode(textNode *parse.TextNode) []byte { + i := bytes.Index(textNode.Text, []byte("type: ")) + if i > -1 && (i == 0 || textNode.Text[i-1] == '\n') { + var buffer bytes.Buffer + buffer.Write(textNode.Text[0:i]) + + j := bytes.Index(textNode.Text[i:], []byte{'\n'}) + if j > 0 { + buffer.Write(textNode.Text[i+j+1:]) + return buffer.Bytes() + } + } + return textNode.Text +} + +func writeHandlebarsListNode(listNode *parse.ListNode, inputType string) []byte { + var buffer bytes.Buffer + for _, listedNode := range listNode.Nodes { + buf := configForInputForNode(listedNode, inputType) + buffer.Write(buf) + } + return buffer.Bytes() +} + +func writeHandlebarsIfNode(ifNode *parse.IfNode, inputType string) []byte { + var buffer bytes.Buffer + if isIfNodeEqInput(ifNode) { + if isIfNodeEqInputInputType(ifNode, inputType) { + if ifNode.List != nil { + buffer.Write(configForInputForNode(ifNode.List, inputType)) + } + } else { + if ifNode.ElseList != nil { + buffer.Write(configForInputForNode(ifNode.ElseList, inputType)) + } + } + } else { + if len(ifNode.Pipe.Cmds[0].Args) == 1 { + var1 := ifNode.Pipe.Cmds[0].Args[0].String()[1:] + buffer.WriteString(fmt.Sprintf("{{#if %s}}", var1)) + } else { + buffer.WriteString(fmt.Sprintf("{{#if %s}}", ifNode.Pipe.String())) + } + + if ifNode.List != nil { + buffer.Write(configForInputForNode(ifNode.List, inputType)) + } + if ifNode.ElseList != nil { + buffer.WriteString("{{else}}") + buffer.Write(configForInputForNode(ifNode.ElseList, inputType)) + } + buffer.WriteString("{{/if}}") + } + return buffer.Bytes() +} + +func isIfNodeEqInput(ifNode *parse.IfNode) bool { + if len(ifNode.Pipe.Cmds[0].Args) > 1 { + op := ifNode.Pipe.Cmds[0].Args[0].String() + var1 := ifNode.Pipe.Cmds[0].Args[1].String() + + if op == "eq" && var1 == ".input" { + return true + } + } + return false +} + +func isIfNodeEqInputInputType(ifNode *parse.IfNode, inputType string) bool { + if len(ifNode.Pipe.Cmds[0].Args) > 1 { + op := ifNode.Pipe.Cmds[0].Args[0].String() + var1 := ifNode.Pipe.Cmds[0].Args[1].String() + var2 := ifNode.Pipe.Cmds[0].Args[2].String() + + if op == "eq" && var1 == ".input" && var2 == fmt.Sprintf(`"%s"`, inputType) { + return true + } + } + return false +} + +func writeHandlebarsActionNode(actionNode *parse.ActionNode) []byte { + var buffer bytes.Buffer + if len(actionNode.Pipe.Cmds) > 0 { + cmdArgs := writeHandlebarsCmdArgs(actionNode.Pipe.Cmds[0].Args) + buffer.WriteString("{{") + buffer.Write(cmdArgs) + buffer.WriteString("}}") + } + return buffer.Bytes() +} + +func writeHandlebarsRangeNode(rangeNode *parse.RangeNode, inputType string) []byte { + var buffer bytes.Buffer + + cmdArgs := writeHandlebarsCmdArgs(rangeNode.Pipe.Cmds[0].Args) + decl := writeHandlebarsCmdDecl(rangeNode.Pipe.Decl) + buffer.WriteString("{{#each ") + buffer.Write(cmdArgs) + buffer.Write(decl) + buffer.WriteString("}}") + buffer.Write(writeHandlebarsListNode(rangeNode.List, inputType)) + buffer.WriteString("{{/each}}") + return buffer.Bytes() +} + +func writeHandlebarsCmdArgs(args []parse.Node) []byte { + var buffer bytes.Buffer + for i, arg := range args { + argWithoutDot := arg.String()[1:] + if len(argWithoutDot) == 0 { + argWithoutDot = "this" + } + buffer.WriteString(argWithoutDot) + if i != (len(args) - 1) { + buffer.WriteString(" ") + } + } + return buffer.Bytes() +} + +func writeHandlebarsCmdDecl(decl []*parse.VariableNode) []byte { + var buffer bytes.Buffer + + if len(decl) > 0 { + buffer.WriteString(" as |") + } + + for i := len(decl) - 1; i >= 0; i-- { + aVar := decl[i].String()[1:] + buffer.WriteString(aVar) + + if i != 0 { + buffer.WriteByte(' ') + } + } + + if len(decl) > 0 { + buffer.WriteString("|") + } + return buffer.Bytes() +} + +func (scp *streamConfigParsed) filterVarsForInput(inputType string, vars []util.Variable) []util.Variable { + variableNamesForInput := scp.variableNamesForInput(inputType) + var filtered []util.Variable + for _, aVar := range vars { + var found bool + for _, variableName := range variableNamesForInput { + if aVar.Name == variableName { + found = true + break + } + } + + if found { + filtered = append(filtered, aVar) + } + } + return filtered +} + +func (scp *streamConfigParsed) variableNamesForInput(inputType string) []string { + if inputType == "log" { + inputType = "file" + } + + var variables []string + + variables = variableNamesForInputForNode(scp.tree.Root, inputType, variables) + return uniqueStringValues(variables) +} + +func variableNamesForInputForNode(node parse.Node, inputType string, variables []string) []string { + _, isTextNode := node.(*parse.TextNode) + if isTextNode { + return variables // do nothing, there are no variables + } + + listNode, isListNode := node.(*parse.ListNode) + if isListNode { + return variableNamesListNode(listNode, inputType, variables) + } + + ifNode, isIfNode := node.(*parse.IfNode) + if isIfNode { + return variableNamesIfNode(ifNode, inputType, variables) + } + + rangeNode, isRangeNode := node.(*parse.RangeNode) + if isRangeNode { + return variableNamesRangeNode(rangeNode, inputType, variables) + } + + actionNode, isActionNode := node.(*parse.ActionNode) + if isActionNode { + return variableNamesForNodeArgs(actionNode.Pipe.Cmds[0].Args, variables) + } + + panic(fmt.Sprintf("unsupported node: %s", node.String())) +} + +func variableNamesListNode(listNode *parse.ListNode, inputType string, vars []string) []string { + var variables []string + variables = append(variables, vars...) + + for _, listedNode := range listNode.Nodes { + variables = uniqueStringValues(append(variables, variableNamesForInputForNode(listedNode, inputType, variables)...)) + } + return variables +} + +func variableNamesIfNode(ifNode *parse.IfNode, inputType string, vars []string) []string { + var variables []string + variables = append(variables, vars...) + + if isIfNodeEqInput(ifNode) { + if isIfNodeEqInputInputType(ifNode, inputType) { + if ifNode.List != nil { + variables = uniqueStringValues(append(variableNamesForInputForNode(ifNode.List, inputType, variables))) + } + } else { + if ifNode.ElseList != nil { + variables = uniqueStringValues(append(variableNamesForInputForNode(ifNode.ElseList, inputType, variables))) + } + } + } else { + if ifNode.List != nil { + variables = uniqueStringValues(append(variableNamesForInputForNode(ifNode.List, inputType, variables))) + } + if ifNode.ElseList != nil { + variables = uniqueStringValues(append(variableNamesForInputForNode(ifNode.ElseList, inputType, variables))) + } + + variables = uniqueStringValues(append(variables, variableNamesForNodeArgs(ifNode.Pipe.Cmds[0].Args, variables)...)) + } + return variables +} + +func variableNamesRangeNode(rangeNode *parse.RangeNode, inputType string, vars []string) []string { + var variables []string + variables = append(variables, vars...) + + variables = uniqueStringValues(append(variables, variableNamesListNode(rangeNode.List, inputType, variables)...)) + variables = uniqueStringValues(append(variables, variableNamesForNodeArgs(rangeNode.Pipe.Cmds[0].Args, variables)...)) + return variables +} + +func variableNamesForNodeArgs(args []parse.Node, vars []string) []string { + var variables []string + variables = append(variables, vars...) + + if len(args) > 0 { + for _, arg := range args { + variables = append(variables, arg.String()[1:]) + } + } + return variables +} diff --git a/dev/import-beats/strings.go b/dev/import-beats/strings.go new file mode 100644 index 00000000000..022b8d409c1 --- /dev/null +++ b/dev/import-beats/strings.go @@ -0,0 +1,17 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +func uniqueStringValues(fieldNames []string) []string { + t := make(map[string]bool) + var unique []string + for _, f := range fieldNames { + if _, ok := t[f]; !ok { + t[f] = true + unique = append(unique, f) + } + } + return unique +} diff --git a/dev/import-beats/variables.go b/dev/import-beats/variables.go new file mode 100644 index 00000000000..878eb3799dc --- /dev/null +++ b/dev/import-beats/variables.go @@ -0,0 +1,263 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "fmt" + "sort" + "strings" + + "github.com/pkg/errors" + yaml "gopkg.in/yaml.v2" + + "github.com/elastic/package-registry/util" +) + +type manifestWithVars struct { + Vars []util.Variable `yaml:"var"` +} + +type varWithDefault struct { + Default interface{} `yaml:"default"` +} + +type manifestWithVarsOsFlattened struct { + Vars []variableWithOsFlattened `yaml:"var"` +} + +type variableWithOsFlattened struct { + OsDarwin interface{} `yaml:"os.darwin,omitempty"` + OsWindows interface{} `yaml:"os.windows,omitempty"` +} + +var ignoredConfigOptions = []string{ + "module", + "metricsets", + "enabled", +} + +func createLogStreamVariables(manifestFile []byte) ([]util.Variable, error) { + var mwv manifestWithVars + err := yaml.Unmarshal(manifestFile, &mwv) + if err != nil { + return nil, errors.Wrap(err, "unmarshalling manifest file failed") + } + + var mwvos manifestWithVarsOsFlattened + err = yaml.Unmarshal(manifestFile, &mwvos) + if err != nil { + return nil, errors.Wrap(err, "unmarshalling flattened OS failed") + } + adjusted, err := adjustVariablesFormat(mwvos, mwv) + if err != nil { + return nil, errors.Wrap(err, "adjusting log stream variables failed") + } + return adjusted.Vars, nil +} + +func createMetricStreamVariables(configFileContent []byte, moduleName, datasetName string) ([]util.Variable, error) { + var vars []util.Variable + if len(configFileContent) == 0 { + return vars, nil + } + + var moduleConfig []mapStr + err := yaml.Unmarshal(configFileContent, &moduleConfig) + if err != nil { + return nil, errors.Wrap(err, "unmarshalling module config failed") + } + + foundConfigEntries := map[string]bool{} + + for _, moduleConfigEntry := range moduleConfig { + flatEntry := moduleConfigEntry.flatten() + related, err := isConfigEntryRelatedToMetricset(flatEntry, moduleName, datasetName) + if err != nil { + return nil, errors.Wrapf(err, "checking if config entry is related failed") + } + + for name, value := range flatEntry { + if shouldConfigOptionBeIgnored(name, value) { + continue + } + + if _, ok := foundConfigEntries[name]; ok { + continue // already processed this config option + } + + if related || strings.HasPrefix(name, fmt.Sprintf("%s.", datasetName)) { + var isArray bool + variableType := determineInputVariableType(name, value) + if variableType == "yaml" { + m, err := yaml.Marshal(value) + if err != nil { + return nil, errors.Wrapf(err, "marshalling object configuration variable failed") + } + value = string(m) + } else { + _, isArray = value.([]interface{}) + } + aVar := util.Variable{ + Name: name, + Type: variableType, + Title: toVariableTitle(name), + Multi: isArray, + Required: determineInputVariableIsRequired(value), + ShowUser: true, + Default: value, + } + + vars = append(vars, aVar) + foundConfigEntries[name] = true + } + } + } + + // sort variables to keep them in order while using version control. + sort.Slice(vars, func(i, j int) bool { + return sort.StringsAreSorted([]string{vars[i].Name, vars[j].Name}) + }) + return vars, nil +} + +// adjustVariablesFormat method adjusts the format of variables defined in manifest: +// - ensure that all variable values are wrapped with a "default" field, even if they are defined for particular +// operating systems (prefix: os.) +// - add field "multi: true" if value is an array +func adjustVariablesFormat(mwvos manifestWithVarsOsFlattened, mwvs manifestWithVars) (manifestWithVars, error) { + var withDefaults manifestWithVars + for i, aVar := range mwvs.Vars { + var isArray bool + variableType := determineInputVariableType(aVar.Name, aVar.Default) + if variableType == "yaml" { + m, err := yaml.Marshal(aVar.Default) + if err != nil { + return manifestWithVars{}, errors.Wrapf(err, "marshalling object configuration variable failed") + } + aVar.Default = string(m) + } else { + _, isArray = aVar.Default.([]interface{}) + } + + aVarWithDefaults := aVar + aVarWithDefaults.Title = toVariableTitle(aVar.Name) + aVarWithDefaults.Type = variableType + aVarWithDefaults.Required = determineInputVariableIsRequired(aVar.Default) + aVarWithDefaults.ShowUser = true + aVarWithDefaults.Multi = isArray + aVarWithDefaults.Os = unwrapOsVars(mwvos.Vars[i]) + + if aVarWithDefaults.Os != nil { + if aVarWithDefaults.Os.Darwin != nil { + aVarWithDefaults.Os.Darwin = varWithDefault{ + Default: aVarWithDefaults.Os.Darwin, + } + } + + if aVarWithDefaults.Os.Windows != nil { + aVarWithDefaults.Os.Windows = varWithDefault{ + Default: aVarWithDefaults.Os.Windows, + } + } + } + withDefaults.Vars = append(withDefaults.Vars, aVarWithDefaults) + } + return withDefaults, nil +} + +func unwrapOsVars(flattened variableWithOsFlattened) *util.Os { + var anOs *util.Os + if flattened.OsDarwin != nil || flattened.OsWindows != nil { + anOs = new(util.Os) + anOs.Darwin = flattened.OsDarwin + anOs.Windows = flattened.OsWindows + } + return anOs +} + +// shouldConfigOptionBeIgnored method checks if the configuration option name should be skipped (not used, duplicate, etc.) +func shouldConfigOptionBeIgnored(optionName string, value interface{}) bool { + if value == nil { + return true + } + + for _, ignored := range ignoredConfigOptions { + if ignored == optionName { + return true + } + } + return false +} + +// isConfigEntryRelatedToMetricset method checks if the configuration entry may affect the dataset settings, +// in other words, checks if the "metricsets" field is present and contains the given datasetName. +func isConfigEntryRelatedToMetricset(entry mapStr, moduleName, datasetName string) (bool, error) { + var metricsetRelated bool + if metricsets, ok := entry["metricsets"]; ok { + metricsetsMapped, ok := metricsets.([]interface{}) + if !ok { + return false, fmt.Errorf("mapping metricsets failed (moduleName: %s, datasetName: %s)", + moduleName, datasetName) + } + if len(metricsetsMapped) == 0 { + return false, fmt.Errorf("no metricsets defined (moduleName: %s, datasetName: %s)", moduleName, + datasetName) + } + + for _, metricset := range metricsetsMapped { + if metricset.(string) == datasetName { + metricsetRelated = true + break + } + } + } + return metricsetRelated, nil +} + +// determineInputVariableIsRequired method determines is the configuration variable should be marked as "required". +// If the variable is string and its default value is empty, it can be assumed that isn't required. +func determineInputVariableIsRequired(v interface{}) bool { + if v == nil { + return false + } + + val, isString := v.(string) + if isString && val == "" { + return false + } + return true +} + +// determineInputVariableType method determines the most appropriate type of the value or the value in array. +// Support types: text, password, bool, integer +func determineInputVariableType(name, v interface{}) string { + if arr, isArray := v.([]interface{}); isArray { + if len(arr) == 0 { + return "text" // array doesn't contain any items, assuming default type + } + return determineInputVariableType(name, arr[0]) + } + + if _, isBool := v.(bool); isBool { + return "bool" + } else if _, isInt := v.(int); isInt { + return "integer" + } + + if name == "password" { + return "password" + } + + if _, isString := v.(string); isString || v == nil { + return "text" + } + return "yaml" +} + +func toVariableTitle(name string) string { + name = strings.ReplaceAll(name, "_", " ") + name = strings.ReplaceAll(name, ".", " ") + return strings.Title(name) +} diff --git a/dev/import-beats/variables_compact.go b/dev/import-beats/variables_compact.go new file mode 100644 index 00000000000..6bc8441ac6f --- /dev/null +++ b/dev/import-beats/variables_compact.go @@ -0,0 +1,109 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "strings" + + "github.com/pkg/errors" + yaml "gopkg.in/yaml.v2" + + "github.com/elastic/package-registry/util" +) + +func compactDatasetVariables(datasets datasetContentArray) (datasetContentArray, map[string][]util.Variable, error) { // map[inputType][]util.Variable + varsPerInputType := map[string][]util.Variable{} + var compacted datasetContentArray + + for _, dataset := range datasets { + for i, stream := range dataset.manifest.Streams { + var notCompactedVars []util.Variable + for _, aVar := range stream.Vars { + isAlreadyCompacted := isVariableAlreadyCompacted(varsPerInputType, aVar, stream.Input) + if !isAlreadyCompacted { + canBeCompacted, err := canVariableBeCompacted(datasets, aVar, stream.Input) + if err != nil { + return nil, nil, errors.Wrap(err, "checking compactibility failed") + } + if canBeCompacted { + varsPerInputType[stream.Input] = append(varsPerInputType[stream.Input], aVar) + } else { + notCompactedVars = append(notCompactedVars, aVar) + } + } + } + stream.Vars = notCompactedVars + dataset.manifest.Streams[i] = stream + } + compacted = append(compacted, dataset) + } + return compacted, varsPerInputType, nil +} + +func isVariableAlreadyCompacted(varsPerInputType map[string][]util.Variable, aVar util.Variable, inputType string) bool { + if vars, ok := varsPerInputType[inputType]; ok { + for _, v := range vars { + if v.Name == aVar.Name { + return true // variable already compacted + } + } + } + return false +} + +func canVariableBeCompacted(datasets datasetContentArray, aVar util.Variable, inputType string) (bool, error) { + for _, dataset := range datasets { + var varUsed bool + + for _, stream := range dataset.manifest.Streams { + if stream.Input != inputType { + break // input is not related with this var + } + + for _, streamVar := range stream.Vars { + if isNonCompactableVariable(aVar) { + continue + } + + equal, err := areVariablesEqual(streamVar, aVar) + if err != nil { + return false, errors.Wrap(err, "comparing variables failed") + } + if equal { + varUsed = true + break + } + } + } + + if !varUsed { + return false, nil // variable not present in this dataset + } + } + return true, nil +} + +func areVariablesEqual(first util.Variable, second util.Variable) (bool, error) { + if first.Name != second.Name || first.Type != second.Type { + return false, nil + } + + firstValue, err := yaml.Marshal(first.Default) + if err != nil { + return false, errors.Wrap(err, "marshalling first value failed") + } + secondValue, err := yaml.Marshal(second.Default) + if err != nil { + return false, errors.Wrap(err, "marshalling second value failed") + } + + firstValueStr := strings.TrimSpace(string(firstValue)) + secondValueStr := strings.TrimSpace(string(secondValue)) + return firstValueStr == secondValueStr, nil +} + +func isNonCompactableVariable(aVar util.Variable) bool { + return aVar.Name == "period" || aVar.Name == "paths" +} diff --git a/dev/packages/beats/activemq/0.0.1/dataset/audit/agent/stream/log.yml.hbs b/dev/packages/beats/activemq/0.0.1/dataset/audit/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/audit/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/activemq/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..5540cdf6d76 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,32 @@ +--- +description: Pipeline for parsing ActiveMQ audit logs. +processors: + - grok: + field: message + pattern_definitions: + NOPIPEGREEDYDATA: "((?! \\|).)*" + THREAD_NAME: "((?! \n).)*" + patterns: + - "%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{WORD:activemq.user}%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}" + ignore_missing: true + - set: + field: event.kind + value: event + - set: + if: "ctx?.activemq?.user != null" + field: user.name + value: "{{activemq.user}}" + - script: + if: "ctx?.log?.level != null" + lang: painless + source: >- + def err_levels = ["FATAL", "ERROR", "WARN"]; + if (err_levels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 00000000000..25913847839 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,2 @@ +- name: activemq.audit + type: group diff --git a/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/package-fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/package-fields.yml new file mode 100644 index 00000000000..14f2d2e2773 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/audit/fields/package-fields.yml @@ -0,0 +1,15 @@ +- name: activemq + type: group + fields: + - name: caller + type: keyword + description: | + Name of the caller issuing the logging request (class or resource). + - name: thread + type: keyword + description: | + Thread that generated the logging event. + - name: user + type: keyword + description: | + User that generated the logging event. diff --git a/dev/packages/beats/activemq/0.0.1/dataset/audit/manifest.yml b/dev/packages/beats/activemq/0.0.1/dataset/audit/manifest.yml new file mode 100644 index 00000000000..f3b9e228309 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/audit/manifest.yml @@ -0,0 +1,24 @@ +title: activemq audit logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /opt/apache-activemq-*/data/audit.log* + os: + darwin: + default: + - /usr/local/apache-activemq-*/data/audit.log* + windows: + default: + - c:/apache-activemq-*/data/audit.log* + template_path: log.yml.hbs + title: activemq audit logs (log) + description: Collect activemq audit logs using log input diff --git a/dev/packages/beats/activemq/0.0.1/dataset/broker/agent/stream/stream.yml.hbs b/dev/packages/beats/activemq/0.0.1/dataset/broker/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..07c616d4175 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/broker/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["broker"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/fields.yml new file mode 100644 index 00000000000..6f2ca660b9d --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/fields.yml @@ -0,0 +1,40 @@ +- name: activemq.broker + type: group + release: ga + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: name + type: keyword + description: Broker name + - name: memory.broker.pct + type: scaled_float + format: percent + description: The percentage of the memory limit used. + - name: memory.store.pct + type: scaled_float + format: percent + description: Percent of store limit used. + - name: memory.temp.pct + type: scaled_float + format: percent + description: The percentage of the temp usage limit used. + - name: connections.count + type: long + description: Total number of connections. + - name: consumers.count + type: long + description: Number of message consumers. + - name: messages.dequeue.count + type: long + description: Number of messages that have been acknowledged on the broker. + - name: messages.enqueue.count + type: long + description: Number of messages that have been sent to the destination. + - name: messages.count + type: long + description: Number of unacknowledged messages on the broker. + - name: producers.count + type: long + description: Number of message producers active on destinations on the broker. diff --git a/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/package-fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/package-fields.yml new file mode 100644 index 00000000000..118ddd28031 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/broker/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: activemq + type: group diff --git a/dev/packages/beats/activemq/0.0.1/dataset/broker/manifest.yml b/dev/packages/beats/activemq/0.0.1/dataset/broker/manifest.yml new file mode 100644 index 00000000000..d2ceca25d62 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/broker/manifest.yml @@ -0,0 +1,15 @@ +title: activemq broker metrics +release: experimental +type: metrics +streams: +- input: activemq/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: activemq broker metrics + description: Collect activemq broker metrics diff --git a/dev/packages/beats/activemq/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/activemq/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..38478d055f4 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,11 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\d{4}-\d{2}-\d{2} ' + negate: true + match: after +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/activemq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..c33d77295e5 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,43 @@ +--- +description: Pipeline for parsing ActiveMQ logs. +processors: + - grok: + field: message + pattern_definitions: + GREEDYMULTILINE: "(.|\\n|\\t)*" + NOPIPEGREEDYDATA: "((?! \\|).)*" + THREAD_NAME: "((?! \n).)*" + patterns: + - "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}\\|%{SPACE}%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:activemq.caller}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}%{SPACE}%{GREEDYMULTILINE:activemq.log.stack_trace}" + ignore_missing: true + - date: + if: "ctx.event.timezone == null" + field: timestamp + target_field: "@timestamp" + formats: ["yyyy-MM-dd HH:mm:ss,SSS"] + - date: + if: "ctx.event.timezone != null" + field: "timestamp" + target_field: "@timestamp" + timezone: "{{ event.timezone }}" + formats: ["yyyy-MM-dd HH:mm:ss,SSS"] + - remove: + field: + - timestamp + - set: + field: event.kind + value: event + - script: + if: "ctx?.log?.level != null" + lang: painless + source: >- + def err_levels = ["FATAL", "ERROR", "WARN"]; + if (err_levels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/activemq/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..cd70712ef88 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,5 @@ +- name: activemq.log + type: group + fields: + - name: stack_trace + type: keyword diff --git a/dev/packages/beats/activemq/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..14f2d2e2773 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,15 @@ +- name: activemq + type: group + fields: + - name: caller + type: keyword + description: | + Name of the caller issuing the logging request (class or resource). + - name: thread + type: keyword + description: | + Thread that generated the logging event. + - name: user + type: keyword + description: | + User that generated the logging event. diff --git a/dev/packages/beats/activemq/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/activemq/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..fd9968cbbf5 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,24 @@ +title: activemq log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /opt/apache-activemq-*/data/activemq.log* + os: + darwin: + default: + - /usr/local/apache-activemq-*/data/activemq.log* + windows: + default: + - c:/apache-activemq-*/data/activemq.log* + template_path: log.yml.hbs + title: activemq log logs (log) + description: Collect activemq log logs using log input diff --git a/dev/packages/beats/activemq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs b/dev/packages/beats/activemq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a2e5f27baff --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["queue"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/fields.yml new file mode 100644 index 00000000000..cc5f03303aa --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/fields.yml @@ -0,0 +1,53 @@ +- name: activemq.queue + type: group + release: ga + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: name + type: keyword + description: Queue name + - name: size + type: long + description: Queue size + - name: messages.enqueue.time.avg + type: double + description: Average time a message was held on this destination. + - name: messages.size.avg + type: long + description: Average message size on this destination. + - name: consumers.count + type: long + description: Number of consumers subscribed to this destination. + - name: messages.dequeue.count + type: long + description: Number of messages that has been acknowledged (and removed) from + the destination. + - name: messages.dispatch.count + type: long + description: Number of messages that has been delivered to consumers, including + those not acknowledged. + - name: messages.enqueue.count + type: long + description: Number of messages that have been sent to the destination. + - name: messages.expired.count + type: long + description: Number of messages that have been expired. + - name: messages.inflight.count + type: long + description: Number of messages that have been dispatched to, but not acknowledged + by, consumers. + - name: messages.enqueue.time.max + type: long + description: The longest time a message was held on this destination. + - name: memory.broker.pct + type: scaled_float + format: percent + description: Percent of memory limit used. + - name: messages.enqueue.time.min + type: long + description: The shortest time a message was held on this destination. + - name: producers.count + type: long + description: Number of producers attached to this destination. diff --git a/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/package-fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/package-fields.yml new file mode 100644 index 00000000000..118ddd28031 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/queue/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: activemq + type: group diff --git a/dev/packages/beats/activemq/0.0.1/dataset/queue/manifest.yml b/dev/packages/beats/activemq/0.0.1/dataset/queue/manifest.yml new file mode 100644 index 00000000000..d094e16fcdc --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/queue/manifest.yml @@ -0,0 +1,15 @@ +title: activemq queue metrics +release: experimental +type: metrics +streams: +- input: activemq/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: activemq queue metrics + description: Collect activemq queue metrics diff --git a/dev/packages/beats/activemq/0.0.1/dataset/topic/agent/stream/stream.yml.hbs b/dev/packages/beats/activemq/0.0.1/dataset/topic/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..04368b0892b --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/topic/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["topic"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/fields.yml new file mode 100644 index 00000000000..39285158c86 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/fields.yml @@ -0,0 +1,50 @@ +- name: activemq.topic + type: group + release: ga + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: name + type: keyword + description: Topic name + - name: messages.enqueue.time.avg + type: double + description: Average time a message was held on this destination. + - name: messages.size.avg + type: long + description: Average message size on this destination. + - name: consumers.count + type: long + description: Number of consumers subscribed to this destination. + - name: messages.dequeue.count + type: long + description: Number of messages that has been acknowledged (and removed) from + the destination. + - name: messages.dispatch.count + type: long + description: Number of messages that has been delivered to consumers, including + those not acknowledged. + - name: messages.enqueue.count + type: long + description: Number of messages that have been sent to the destination. + - name: messages.expired.count + type: long + description: Number of messages that have been expired. + - name: messages.inflight.count + type: long + description: Number of messages that have been dispatched to, but not acknowledged + by, consumers. + - name: messages.enqueue.time.max + type: long + description: The longest time a message was held on this destination. + - name: memory.broker.pct + type: scaled_float + format: percent + description: Percent of memory limit used. + - name: messages.enqueue.time.min + type: long + description: The shortest time a message was held on this destination. + - name: producers.count + type: long + description: Number of producers attached to this destination. diff --git a/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/package-fields.yml b/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/package-fields.yml new file mode 100644 index 00000000000..118ddd28031 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/topic/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: activemq + type: group diff --git a/dev/packages/beats/activemq/0.0.1/dataset/topic/manifest.yml b/dev/packages/beats/activemq/0.0.1/dataset/topic/manifest.yml new file mode 100644 index 00000000000..8996b3ec46d --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/dataset/topic/manifest.yml @@ -0,0 +1,15 @@ +title: activemq topic metrics +release: experimental +type: metrics +streams: +- input: activemq/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: activemq topic metrics + description: Collect activemq topic metrics diff --git a/dev/packages/beats/activemq/0.0.1/docs/README.md b/dev/packages/beats/activemq/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/img/activemq.svg b/dev/packages/beats/activemq/0.0.1/img/activemq.svg new file mode 100644 index 00000000000..8d525c23e68 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/img/activemq.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-application-events.png b/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-application-events.png new file mode 100644 index 00000000000..3b75889a1bb Binary files /dev/null and b/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-application-events.png differ diff --git a/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-audit-events.png b/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-audit-events.png new file mode 100644 index 00000000000..6138f5c4134 Binary files /dev/null and b/dev/packages/beats/activemq/0.0.1/img/filebeat-activemq-audit-events.png differ diff --git a/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-broker-overview.png b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-broker-overview.png new file mode 100644 index 00000000000..847ba914979 Binary files /dev/null and b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-broker-overview.png differ diff --git a/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-queues-overview.png b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-queues-overview.png new file mode 100644 index 00000000000..4f80189339d Binary files /dev/null and b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-queues-overview.png differ diff --git a/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-topics-overview.png b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-topics-overview.png new file mode 100644 index 00000000000..d5cbdc6ae74 Binary files /dev/null and b/dev/packages/beats/activemq/0.0.1/img/metricbeat-activemq-topics-overview.png differ diff --git a/dev/packages/beats/activemq/0.0.1/kibana/dashboard/26434790-1464-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/26434790-1464-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..2e7f70db00f --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/26434790-1464-11ea-8fd8-030a13064883.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "This dashboard shows application logs collected by the ActiveMQ logs integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "f0cad176-b0ef-4623-bd59-a9ce65db8b73", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "f0cad176-b0ef-4623-bd59-a9ce65db8b73", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7e3a3b6b-5fd9-491d-ad73-423bca90206f", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "7e3a3b6b-5fd9-491d-ad73-423bca90206f", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "a3093cd3-7edf-4e25-949e-631f3e5e8dec", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "a3093cd3-7edf-4e25-949e-631f3e5e8dec", + "panelRefName": "panel_2", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs ActiveMQ] Application Events", + "version": 1 + }, + "id": "26434790-1464-11ea-8fd8-030a13064883", + "references": [ + { + "id": "a0f15d50-1460-11ea-8fd8-030a13064883", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "026da780-1463-11ea-8fd8-030a13064883", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d784ec10-1460-11ea-8fd8-030a13064883", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/dashboard/a8160560-0bd0-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/a8160560-0bd0-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..b47362df35a --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/a8160560-0bd0-11ea-81bb-cf244189d349.json @@ -0,0 +1,172 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing ActiveMQ queues. Metrics show statistics of exchanged messages, consumers, producers and memory usage.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "446c6be8-61e2-4c9c-9bfa-8da8879db215", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "446c6be8-61e2-4c9c-9bfa-8da8879db215", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "85158251-14d2-4100-9ce2-1eea4885adf6", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "85158251-14d2-4100-9ce2-1eea4885adf6", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "e0104818-b373-4a20-990a-aa7558522e9e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "e0104818-b373-4a20-990a-aa7558522e9e", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7b83ee6f-cd69-4748-80c5-305fdf49b9d0", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "7b83ee6f-cd69-4748-80c5-305fdf49b9d0", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "b2cfe5e4-f220-480e-91fa-4088484eda17", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "b2cfe5e4-f220-480e-91fa-4088484eda17", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5f4b107c-94d0-4bdb-be30-b3cd26257658", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5f4b107c-94d0-4bdb-be30-b3cd26257658", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "b5a5ea30-c313-4c80-8e28-2894f292d779", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "b5a5ea30-c313-4c80-8e28-2894f292d779", + "panelRefName": "panel_6", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4a004976-426b-445e-9ecf-1f9964074523", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "4a004976-426b-445e-9ecf-1f9964074523", + "panelRefName": "panel_7", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics ActiveMQ] Queues Overview", + "version": 1 + }, + "id": "a8160560-0bd0-11ea-81bb-cf244189d349", + "references": [ + { + "id": "ad2d4960-0bd4-11ea-81bb-cf244189d349", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "00e33010-0bd5-11ea-81bb-cf244189d349", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "4a93ef10-0bd5-11ea-81bb-cf244189d349", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "fab93e30-0bbd-11ea-81bb-cf244189d349", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "99f41030-0bd5-11ea-81bb-cf244189d349", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "55cc9840-0bd6-11ea-81bb-cf244189d349", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "8599cea0-0c2e-11ea-81bb-cf244189d349", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "a8ac8950-0c2e-11ea-81bb-cf244189d349", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/dashboard/d97b7520-0bbe-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/d97b7520-0bbe-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..3168e1a7e30 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/d97b7520-0bbe-11ea-81bb-cf244189d349.json @@ -0,0 +1,172 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing ActiveMQ topics. Metrics show statistics of exchanged messages, consumers, producers and memory usage.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "099a7d74-8287-4717-b1d1-77f7ed2b67d0", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "099a7d74-8287-4717-b1d1-77f7ed2b67d0", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "c22e6794-6c79-4f2d-b942-f4a4bb73948e", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "c22e6794-6c79-4f2d-b942-f4a4bb73948e", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "adb64a5b-bfe9-4225-a712-f51ad30cab9d", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "adb64a5b-bfe9-4225-a712-f51ad30cab9d", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "09ea3c98-d808-4c5f-9d04-7a94fd3cc2c8", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "09ea3c98-d808-4c5f-9d04-7a94fd3cc2c8", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "43902672-df24-4be2-beb5-34961f190b5c", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "43902672-df24-4be2-beb5-34961f190b5c", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "ddce0ec5-f393-4479-a8a9-e1c7ffc339cb", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "ddce0ec5-f393-4479-a8a9-e1c7ffc339cb", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "c591ef68-9215-49de-a548-30196faa31bd", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "c591ef68-9215-49de-a548-30196faa31bd", + "panelRefName": "panel_6", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "88a65079-a0b4-49c7-abbe-6e181c5dbbc3", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "88a65079-a0b4-49c7-abbe-6e181c5dbbc3", + "panelRefName": "panel_7", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics ActiveMQ] Topics Overview", + "version": 1 + }, + "id": "d97b7520-0bbe-11ea-81bb-cf244189d349", + "references": [ + { + "id": "a85c09b0-0bbd-11ea-81bb-cf244189d349", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "e91f2b80-0bbd-11ea-81bb-cf244189d349", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d22e5e00-0bbd-11ea-81bb-cf244189d349", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "8ae8aa90-0bc8-11ea-81bb-cf244189d349", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "21fb23a0-0bbe-11ea-81bb-cf244189d349", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "89de30b0-0bce-11ea-81bb-cf244189d349", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "e73c2af0-0bce-11ea-81bb-cf244189d349", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "3db29790-0bd7-11ea-81bb-cf244189d349", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/dashboard/fc27a270-0b95-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/fc27a270-0b95-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..9eaad514438 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/fc27a270-0b95-11ea-81bb-cf244189d349.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing ActiveMQ broker. Metrics show statistics of enqueued and dequeued messages, consumers, producers and memory usage (broker, store, temp).", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "cd2b33a6-3c4c-4d97-9cfb-7c6e47f248dc", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "cd2b33a6-3c4c-4d97-9cfb-7c6e47f248dc", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "dc086d82-511a-45e3-b20e-6eef48e22ee1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "dc086d82-511a-45e3-b20e-6eef48e22ee1", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "84a09081-449a-44f8-bc43-7119730dc74b", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "84a09081-449a-44f8-bc43-7119730dc74b", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "e5e43ead-2ed5-4290-86f3-5dd623500f87", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "e5e43ead-2ed5-4290-86f3-5dd623500f87", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "f891ea87-7718-4820-a0dc-21b160c1e684", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "f891ea87-7718-4820-a0dc-21b160c1e684", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "54a788b6-5ede-4217-a975-ba6bc57f5274", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "54a788b6-5ede-4217-a975-ba6bc57f5274", + "panelRefName": "panel_5", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics ActiveMQ] Broker Overview", + "version": 1 + }, + "id": "fc27a270-0b95-11ea-81bb-cf244189d349", + "references": [ + { + "id": "55cacee0-0ba7-11ea-81bb-cf244189d349", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ce456e60-0b99-11ea-81bb-cf244189d349", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "33cbfa60-0b95-11ea-81bb-cf244189d349", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "594db510-0b9c-11ea-81bb-cf244189d349", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "bfad8290-0d22-11ea-ba76-7fb26815d86c", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cb475400-0d22-11ea-ba76-7fb26815d86c", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/dashboard/ffe86390-145f-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/ffe86390-145f-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..746fb2e24f7 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/dashboard/ffe86390-145f-11ea-8fd8-030a13064883.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "This dashboard shows audit logs collected by the ActiveMQ logs integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "11105044-eb78-45ab-9206-571e86f5f10d", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "11105044-eb78-45ab-9206-571e86f5f10d", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8f349d14-40d9-4a10-b7d5-0f57c2a69f69", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "8f349d14-40d9-4a10-b7d5-0f57c2a69f69", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 23, + "i": "f2a1e6f8-cd1a-4fbd-a0b1-da4ee9db7c54", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "f2a1e6f8-cd1a-4fbd-a0b1-da4ee9db7c54", + "panelRefName": "panel_2", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs ActiveMQ] Audit Events", + "version": 1 + }, + "id": "ffe86390-145f-11ea-8fd8-030a13064883", + "references": [ + { + "id": "38011a70-145a-11ea-8fd8-030a13064883", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "38874920-1454-11ea-8fd8-030a13064883", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "896ef3a0-145f-11ea-8fd8-030a13064883", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/search/896ef3a0-145f-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/search/896ef3a0-145f-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..281f798c5fc --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/search/896ef3a0-145f-11ea-8fd8-030a13064883.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "log.level", + "activemq.user", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"activemq.audit\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Audit Events [Logs ActiveMQ]", + "version": 1 + }, + "id": "896ef3a0-145f-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/search/d784ec10-1460-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/search/d784ec10-1460-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..3636acd2144 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/search/d784ec10-1460-11ea-8fd8-030a13064883.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "log.level", + "message", + "activemq.thread" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"activemq.log\" " + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Application Events [Logs ActiveMQ]", + "version": 1 + }, + "id": "d784ec10-1460-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/00e33010-0bd5-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/00e33010-0bd5-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..e5cfb59e33d --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/00e33010-0bd5-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages Enqueue [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Enqueue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.enqueue.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages Enqueue [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "00e33010-0bd5-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/026da780-1463-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/026da780-1463-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..d29f9a04502 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/026da780-1463-11ea-8fd8-030a13064883.json @@ -0,0 +1,165 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.level", + "negate": false, + "params": { + "query": "ERROR" + }, + "type": "phrase", + "value": "ERROR" + }, + "query": { + "match": { + "log.level": { + "query": "ERROR", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "activemq.log" + }, + "type": "phrase", + "value": "activemq.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "activemq.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top ERROR callers [Logs ActiveMQ]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "activemq.caller", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top ERROR callers [Logs ActiveMQ]", + "type": "table" + } + }, + "id": "026da780-1463-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/21fb23a0-0bbe-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/21fb23a0-0bbe-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..9c1b17bd1c2 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/21fb23a0-0bbe-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages In-flight [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "In-flight", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.inflight.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages In-flight [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "21fb23a0-0bbe-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/33cbfa60-0b95-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/33cbfa60-0b95-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..be7b25e1734 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/33cbfa60-0b95-11ea-81bb-cf244189d349.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Connections [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "178caf70-0b95-11ea-81df-8dc66a02be3a" + } + ], + "bar_color_rules": [ + { + "id": "1996d750-0b95-11ea-81df-8dc66a02be3a" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "1a5bd500-0b95-11ea-81df-8dc66a02be3a" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Connections", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.connections.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "90525b80-0ba4-11ea-8c5c-257c67a7a008", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "b1b376f0-0b96-11ea-81df-8dc66a02be3a", + "label": "" + } + ], + "split_mode": "everything", + "stacked": "none", + "terms_field": "activemq.broker.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Broker Connections [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "33cbfa60-0b95-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/38011a70-145a-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/38011a70-145a-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..c04bb95b20a --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/38011a70-145a-11ea-8fd8-030a13064883.json @@ -0,0 +1,246 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "activemq.audit" + }, + "type": "phrase", + "value": "activemq.audit" + }, + "query": { + "match": { + "stream.dataset": { + "query": "activemq.audit", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Audit Event Results [Logs ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-1d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "stream.dataset : \"activemq.audit\"" + }, + "label": "" + } + ], + "row": false + }, + "schema": "split", + "type": "filters" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-12-01T16:41:18.507Z", + "min": "2019-11-30T16:41:18.507Z" + }, + "date": true, + "format": "HH:mm", + "interval": "PT30M" + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "radiusRatio": 50, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Audit Event Results [Logs ActiveMQ]", + "type": "histogram" + } + }, + "id": "38011a70-145a-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/38874920-1454-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/38874920-1454-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..98dda848ae1 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/38874920-1454-11ea-8fd8-030a13064883.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "activemq.audit" + }, + "type": "phrase", + "value": "activemq.audit" + }, + "query": { + "match": { + "stream.dataset": { + "query": "activemq.audit", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Audit Account Tag Cloud [Logs ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "activemq.user", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "bucket": { + "accessor": 0, + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "type": "vis_dimension" + }, + "maxFontSize": 72, + "metric": { + "accessor": 1, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Audit Account Tag Cloud [Logs ActiveMQ]", + "type": "tagcloud" + } + }, + "id": "38874920-1454-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/3db29790-0bd7-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/3db29790-0bd7-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..a4249210d93 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/3db29790-0bd7-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages Expired [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Expired", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.expired.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages Expired [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "3db29790-0bd7-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/4a93ef10-0bd5-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/4a93ef10-0bd5-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..f11c3ca38e3 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/4a93ef10-0bd5-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages Dispatch [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Dispatch", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.dispatch.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages Dispatch [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "4a93ef10-0bd5-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cacee0-0ba7-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cacee0-0ba7-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..2bdc46c017b --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cacee0-0ba7-11ea-81bb-cf244189d349.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Messages [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "aa435ec0-0ba6-11ea-b0d5-191f327f6941" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Dequeue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.messages.dequeue.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "03adf430-0ba6-11ea-b0d5-191f327f6941", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "149ece90-0ba6-11ea-b0d5-191f327f6941", + "label": "Enqueue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.messages.enqueue.count", + "id": "149ef5a0-0ba6-11ea-b0d5-191f327f6941", + "type": "max" + }, + { + "field": "149ef5a0-0ba6-11ea-b0d5-191f327f6941", + "id": "149ef5a1-0ba6-11ea-b0d5-191f327f6941", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "39964ed0-0ba6-11ea-b0d5-191f327f6941", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.messages.enqueue.count", + "id": "39964ed1-0ba6-11ea-b0d5-191f327f6941", + "type": "max" + }, + { + "field": "39964ed1-0ba6-11ea-b0d5-191f327f6941", + "id": "8920b440-0ba6-11ea-b0d5-191f327f6941", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Broker Messages [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "55cacee0-0ba7-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cc9840-0bd6-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cc9840-0bd6-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..efb7f57245a --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/55cc9840-0bd6-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages Enqueue Time [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": 0.5, + "formatter": "ms,ms,", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Equeue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.enqueue.time.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages Enqueue Time [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "55cc9840-0bd6-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/594db510-0b9c-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/594db510-0b9c-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..d61d60eb0ae --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/594db510-0b9c-11ea-81bb-cf244189d349.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Memory Usage [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "a19e8b60-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "bar_color_rules": [ + { + "id": "f6955680-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "9acca240-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Broker Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.broker.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "7716c9c0-0b9b-11ea-8e0f-4970006b3ce7", + "label": "Store Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.store.pct", + "id": "7716c9c1-0b9b-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "13799400-0b9c-11ea-8e0f-4970006b3ce7", + "label": "Temp Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.temp.pct", + "id": "13799401-0b9c-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Broker Memory Usage [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "594db510-0b9c-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/8599cea0-0c2e-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/8599cea0-0c2e-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..f6b9497b90b --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/8599cea0-0c2e-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Consumers [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.consumers.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Consumers [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "8599cea0-0c2e-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/89de30b0-0bce-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/89de30b0-0bce-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..d448802af66 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/89de30b0-0bce-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Producers [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Producers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.producers.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Producers [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "89de30b0-0bce-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/8ae8aa90-0bc8-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/8ae8aa90-0bc8-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..3ff2e717436 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/8ae8aa90-0bc8-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages Enqueue Time [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": 0.5, + "formatter": "ms,ms,", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.enqueue.time.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages Enqueue Time [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "8ae8aa90-0bc8-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/99f41030-0bd5-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/99f41030-0bd5-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..7bf2d862002 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/99f41030-0bd5-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages In-flight [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "In-flight", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.inflight.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages In-flight [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "99f41030-0bd5-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/a0f15d50-1460-11ea-8fd8-030a13064883.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a0f15d50-1460-11ea-8fd8-030a13064883.json new file mode 100644 index 00000000000..f38ba09ae60 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a0f15d50-1460-11ea-8fd8-030a13064883.json @@ -0,0 +1,236 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "activemq.log" + }, + "type": "phrase", + "value": "activemq.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "activemq.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Application Event Results [Logs ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-2d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "splitColumn": [ + { + "accessor": 1, + "aggType": "filters", + "format": {}, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-12-01T17:52:01.645Z", + "min": "2019-11-29T17:52:01.645Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT1H" + } + }, + "y": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "radiusRatio": 50, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Application Event Results [Logs ActiveMQ]", + "type": "histogram" + } + }, + "id": "a0f15d50-1460-11ea-8fd8-030a13064883", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/a85c09b0-0bbd-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a85c09b0-0bbd-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..0b4f7e84599 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a85c09b0-0bbd-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages Dequeue [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Dequeue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.dequeue.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages Dequeue [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "a85c09b0-0bbd-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/a8ac8950-0c2e-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a8ac8950-0c2e-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..ddb0ddee23d --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/a8ac8950-0c2e-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Producers [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Producers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.producers.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Producers [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "a8ac8950-0c2e-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/ad2d4960-0bd4-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/ad2d4960-0bd4-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..392352d5577 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/ad2d4960-0bd4-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages Dequeue [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Dequeue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.dequeue.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages Dequeue [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "ad2d4960-0bd4-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/bfad8290-0d22-11ea-ba76-7fb26815d86c.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/bfad8290-0d22-11ea-ba76-7fb26815d86c.json new file mode 100644 index 00000000000..cdb9f2485ed --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/bfad8290-0d22-11ea-ba76-7fb26815d86c.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Temp Memory Usage [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "a19e8b60-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "bar_color_rules": [ + { + "id": "f6955680-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "9acca240-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Temp Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.temp.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "7716c9c0-0b9b-11ea-8e0f-4970006b3ce7", + "label": "Store Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.store.pct", + "id": "7716c9c1-0b9b-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "13799400-0b9c-11ea-8e0f-4970006b3ce7", + "label": "Temp Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.temp.pct", + "id": "13799401-0b9c-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Broker Temp Memory Usage [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "bfad8290-0d22-11ea-ba76-7fb26815d86c", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/cb475400-0d22-11ea-ba76-7fb26815d86c.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/cb475400-0d22-11ea-ba76-7fb26815d86c.json new file mode 100644 index 00000000000..13f4b736d1f --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/cb475400-0d22-11ea-ba76-7fb26815d86c.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Store Memory Usage [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "a19e8b60-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "bar_color_rules": [ + { + "id": "f6955680-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "9acca240-0b9b-11ea-8e0f-4970006b3ce7" + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Store Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.store.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "7716c9c0-0b9b-11ea-8e0f-4970006b3ce7", + "label": "Store Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.store.pct", + "id": "7716c9c1-0b9b-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "13799400-0b9c-11ea-8e0f-4970006b3ce7", + "label": "Temp Memory", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.memory.temp.pct", + "id": "13799401-0b9c-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Broker Store Memory Usage [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "cb475400-0d22-11ea-ba76-7fb26815d86c", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/ce456e60-0b99-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/ce456e60-0b99-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..839a7d89c43 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/ce456e60-0b99-11ea-81bb-cf244189d349.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Broker Consumers/Producers [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "60dba290-0b99-11ea-8e0f-4970006b3ce7" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.consumers.count", + "id": "50a86850-0b98-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "activemq.broker.name", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(65,157,247,1)", + "fill": 0.5, + "formatter": "number", + "id": "9a1e6840-0b98-11ea-8e0f-4970006b3ce7", + "label": "Producers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.broker.producers.count", + "id": "9a1e6841-0b98-11ea-8e0f-4970006b3ce7", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "activemq.broker.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Broker Consumers/Producers [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "ce456e60-0b99-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/d22e5e00-0bbd-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/d22e5e00-0bbd-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..6ffbd7fedef --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/d22e5e00-0bbd-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages Dispatch [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Dispatch", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.dispatch.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages Dispatch [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "d22e5e00-0bbd-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/e73c2af0-0bce-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/e73c2af0-0bce-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..54fc6b69d2b --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/e73c2af0-0bce-11ea-81bb-cf244189d349.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Consumers [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumers", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.consumers.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Consumers [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "e73c2af0-0bce-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/e91f2b80-0bbd-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/e91f2b80-0bbd-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..041fc5bd2f0 --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/e91f2b80-0bbd-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Messages Enqueue [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Enqueue", + "line_width": 1, + "metrics": [ + { + "field": "activemq.topic.messages.enqueue.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.topic.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Topics Messages Enqueue [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "e91f2b80-0bbd-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/kibana/visualization/fab93e30-0bbd-11ea-81bb-cf244189d349.json b/dev/packages/beats/activemq/0.0.1/kibana/visualization/fab93e30-0bbd-11ea-81bb-cf244189d349.json new file mode 100644 index 00000000000..87f77eaa08b --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/kibana/visualization/fab93e30-0bbd-11ea-81bb-cf244189d349.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Queues Messages Expired [Metrics ActiveMQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Expired", + "line_width": 1, + "metrics": [ + { + "field": "activemq.queue.messages.expired.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4f39bd50-0bbd-11ea-b87b-6d4c24968040", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "activemq.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Queues Messages Expired [Metrics ActiveMQ]", + "type": "metrics" + } + }, + "id": "fab93e30-0bbd-11ea-81bb-cf244189d349", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/activemq/0.0.1/manifest.yml b/dev/packages/beats/activemq/0.0.1/manifest.yml new file mode 100644 index 00000000000..5be1f33f43f --- /dev/null +++ b/dev/packages/beats/activemq/0.0.1/manifest.yml @@ -0,0 +1,84 @@ +format_version: 1.0.0 +name: activemq +title: activemq +version: 0.0.1 +license: basic +description: activemq Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.4.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-activemq-application-events.png + title: filebeat activemq application events + size: 4102x2424 + type: image/png +- src: /img/filebeat-activemq-audit-events.png + title: filebeat activemq audit events + size: 4102x2480 + type: image/png +- src: /img/metricbeat-activemq-broker-overview.png + title: metricbeat activemq broker overview + size: 2560x2032 + type: image/png +- src: /img/metricbeat-activemq-queues-overview.png + title: metricbeat activemq queues overview + size: 2560x3712 + type: image/png +- src: /img/metricbeat-activemq-topics-overview.png + title: metricbeat activemq topics overview + size: 2560x3712 + type: image/png +icons: +- src: /img/activemq.svg + title: activemq + size: 32x32 + type: image/svg+xml +datasources: +- name: activemq + title: activemq logs and metrics + description: Collect logs and metrics from activemq instances + inputs: + - type: logs + title: Collect logs from activemq instances + description: Collecting activemq audit and log logs + - type: activemq/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8161 + - name: password + type: password + title: Password + multi: false + required: true + show_user: true + default: admin + - name: path + type: text + title: Path + multi: false + required: true + show_user: true + default: /api/jolokia/?ignoreErrors=true&canonicalNaming=false + - name: username + type: text + title: Username + multi: false + required: true + show_user: true + default: admin + title: Collect metrics from activemq instances + description: Collecting activemq broker, queue and topic metrics diff --git a/dev/packages/beats/aerospike/0.0.1/dataset/namespace/agent/stream/stream.yml.hbs b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..fecf7105c12 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["namespace"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/fields.yml b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/fields.yml new file mode 100644 index 00000000000..570e355bb1b --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/fields.yml @@ -0,0 +1,142 @@ +- name: aerospike.namespace + type: group + release: ga + fields: + - name: client + type: group + fields: + - name: delete + type: group + fields: + - name: error + type: long + description: | + Number of client delete transactions that failed with an error. + - name: not_found + type: long + description: | + Number of client delete transactions that resulted in a not found. + - name: success + type: long + description: | + Number of successful client delete transactions. + - name: timeout + type: long + description: | + Number of client delete transactions that timed out. + - name: read + type: group + fields: + - name: error + type: long + description: | + Number of client read transaction errors. + - name: not_found + type: long + description: | + Number of client read transaction that resulted in not found. + - name: success + type: long + description: | + Number of successful client read transactions. + - name: timeout + type: long + description: | + Number of client read transaction that timed out. + - name: write + type: group + fields: + - name: error + type: long + description: | + Number of client write transactions that failed with an error. + - name: success + type: long + description: | + Number of successful client write transactions. + - name: timeout + type: long + description: | + Number of client write transactions that timed out. + - name: device + type: group + fields: + - name: available.pct + type: scaled_float + format: percent + description: | + Measures the minimum contiguous disk space across all disks in a namespace. + - name: free.pct + type: scaled_float + format: percent + description: | + Percentage of disk capacity free for this namespace. + - name: total.bytes + type: long + format: bytes + description: | + Total bytes of disk space allocated to this namespace on this node. + - name: used.bytes + type: long + format: bytes + description: | + Total bytes of disk space used by this namespace on this node. + - name: hwm_breached + type: boolean + description: | + If true, Aerospike has breached 'high-water-[disk|memory]-pct' for this namespace. + - name: memory + type: group + fields: + - name: free.pct + type: scaled_float + format: percent + description: | + Percentage of memory capacity free for this namespace on this node. + - name: used.data.bytes + type: long + format: bytes + description: | + Amount of memory occupied by data for this namespace on this node. + - name: used.index.bytes + type: long + format: bytes + description: | + Amount of memory occupied by the index for this namespace on this node. + - name: used.sindex.bytes + type: long + format: bytes + description: | + Amount of memory occupied by secondary indexes for this namespace on this node. + - name: used.total.bytes + type: long + format: bytes + description: | + Total bytes of memory used by this namespace on this node. + - name: name + type: keyword + description: | + Namespace name + - name: node.host + type: keyword + description: | + Node host + - name: node.name + type: keyword + description: | + Node name + - name: objects + type: group + fields: + - name: master + type: long + description: | + Number of records on this node which are active masters. + - name: total + type: long + description: | + Number of records in this namespace for this node. + - name: stop_writes + type: boolean + description: | + If true this namespace is currently not allowing writes. diff --git a/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/package-fields.yml b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/package-fields.yml new file mode 100644 index 00000000000..a82d4d93e36 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aerospike + type: group diff --git a/dev/packages/beats/aerospike/0.0.1/dataset/namespace/manifest.yml b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/manifest.yml new file mode 100644 index 00000000000..71e028a7e17 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/dataset/namespace/manifest.yml @@ -0,0 +1,15 @@ +title: Aerospike namespace metrics +release: experimental +type: metrics +streams: +- input: aerospike/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Aerospike namespace metrics + description: Collect Aerospike namespace metrics diff --git a/dev/packages/beats/aerospike/0.0.1/docs/README.md b/dev/packages/beats/aerospike/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/img/logo_aerospike.svg b/dev/packages/beats/aerospike/0.0.1/img/logo_aerospike.svg new file mode 100644 index 00000000000..8bb21448d95 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/img/logo_aerospike.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/dev/packages/beats/aerospike/0.0.1/img/metricbeat-aerospike-overview.png b/dev/packages/beats/aerospike/0.0.1/img/metricbeat-aerospike-overview.png new file mode 100644 index 00000000000..00eea07ed77 Binary files /dev/null and b/dev/packages/beats/aerospike/0.0.1/img/metricbeat-aerospike-overview.png differ diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/dashboard/b15668d0-bac3-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/dashboard/b15668d0-bac3-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..e8f38db5520 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/dashboard/b15668d0-bac3-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,231 @@ +{ + "attributes": { + "description": "This Aerospike dashboard visualizes the most important metrics for Aerospike namespaces.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1565367993423", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "aerospike.namespace.name", + "negate": false, + "params": { + "query": "metrics" + }, + "type": "phrase", + "value": "metrics" + }, + "query": { + "match": { + "aerospike.namespace.name": { + "query": "metrics", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "1", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Namespace Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "2", + "w": 9, + "x": 0, + "y": 6 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Node Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "3", + "w": 25, + "x": 23, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Client Error Rates", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Client Success Rates", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "5", + "w": 25, + "x": 23, + "y": 25 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Client Timeout Rates", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "6", + "w": 23, + "x": 0, + "y": 25 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Disk Space", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 14, + "x": 9, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Number of Objects", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "8", + "w": 12, + "x": 0, + "y": 12 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Writes per second", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "9", + "w": 11, + "x": 12, + "y": 12 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Reads per second", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Aerospike] Database Overview ", + "version": 1 + }, + "id": "b15668d0-bac3-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "72523510-bac3-11e9-a579-f5c0a5d81340", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8c173130-bac3-11e9-a579-f5c0a5d81340", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "b5121f00-bac8-11e9-a579-f5c0a5d81340", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "5b9bf0d0-bac9-11e9-a579-f5c0a5d81340", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "23758d10-bac9-11e9-a579-f5c0a5d81340", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bd767280-bac9-11e9-a579-f5c0a5d81340", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "9ce7ae20-baca-11e9-a579-f5c0a5d81340", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "3586e810-bac8-11e9-a579-f5c0a5d81340", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "eae846a0-bac7-11e9-a579-f5c0a5d81340", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/23758d10-bac9-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/23758d10-bac9-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..9db4b6796a9 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/23758d10-bac9-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client Timeout Rates [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec962840-bac8-11e9-8c31-ed10485dacc9", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "ec962841-bac8-11e9-8c31-ed10485dacc9", + "label": "read", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.timeout", + "id": "ec962842-bac8-11e9-8c31-ed10485dacc9", + "type": "max" + }, + { + "field": "ec962842-bac8-11e9-8c31-ed10485dacc9", + "id": "ec962844-bac8-11e9-8c31-ed10485dacc9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "ec962844-bac8-11e9-8c31-ed10485dacc9", + "id": "ec962843-bac8-11e9-8c31-ed10485dacc9", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "ec962845-bac8-11e9-8c31-ed10485dacc9", + "label": "write", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.timeout", + "id": "ec964f50-bac8-11e9-8c31-ed10485dacc9", + "type": "max" + }, + { + "field": "ec964f50-bac8-11e9-8c31-ed10485dacc9", + "id": "ec964f52-bac8-11e9-8c31-ed10485dacc9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "ec964f52-bac8-11e9-8c31-ed10485dacc9", + "id": "ec964f51-bac8-11e9-8c31-ed10485dacc9", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "ec964f53-bac8-11e9-8c31-ed10485dacc9", + "label": "delete", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.delete.timeout", + "id": "ec964f54-bac8-11e9-8c31-ed10485dacc9", + "type": "max" + }, + { + "field": "ec964f54-bac8-11e9-8c31-ed10485dacc9", + "id": "ec964f56-bac8-11e9-8c31-ed10485dacc9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "ec964f56-bac8-11e9-8c31-ed10485dacc9", + "id": "ec964f55-bac8-11e9-8c31-ed10485dacc9", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Client Timeout Rates [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "23758d10-bac9-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/3586e810-bac8-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/3586e810-bac8-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..7f531342c38 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/3586e810-bac8-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client Write Rates [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "0316eb50-bac8-11e9-a2f5-271fa90cc176", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "0316eb51-bac8-11e9-a2f5-271fa90cc176", + "label": "success", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.success", + "id": "0316eb52-bac8-11e9-a2f5-271fa90cc176", + "type": "max" + }, + { + "field": "0316eb52-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb54-bac8-11e9-a2f5-271fa90cc176", + "type": "derivative", + "unit": "1s" + }, + { + "field": "0316eb54-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb53-bac8-11e9-a2f5-271fa90cc176", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "0316eb55-bac8-11e9-a2f5-271fa90cc176", + "label": "error", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.error", + "id": "0316eb56-bac8-11e9-a2f5-271fa90cc176", + "type": "max" + }, + { + "field": "0316eb56-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb58-bac8-11e9-a2f5-271fa90cc176", + "type": "derivative", + "unit": "1s" + }, + { + "field": "0316eb58-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb57-bac8-11e9-a2f5-271fa90cc176", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "0316eb59-bac8-11e9-a2f5-271fa90cc176", + "label": "timeout", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.timeout", + "id": "0316eb5a-bac8-11e9-a2f5-271fa90cc176", + "type": "max" + }, + { + "field": "0316eb5a-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb5c-bac8-11e9-a2f5-271fa90cc176", + "type": "derivative", + "unit": "1s" + }, + { + "field": "0316eb5c-bac8-11e9-a2f5-271fa90cc176", + "id": "0316eb5b-bac8-11e9-a2f5-271fa90cc176", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Client Write Rates [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "3586e810-bac8-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/5b9bf0d0-bac9-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/5b9bf0d0-bac9-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..af93d5c8aeb --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/5b9bf0d0-bac9-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client Success Rates [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "3b633120-bac9-11e9-9a9a-2f5e8f21d503", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "3b633121-bac9-11e9-9a9a-2f5e8f21d503", + "label": "read", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.success", + "id": "3b633122-bac9-11e9-9a9a-2f5e8f21d503", + "type": "max" + }, + { + "field": "3b633122-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b633124-bac9-11e9-9a9a-2f5e8f21d503", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3b633124-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b633123-bac9-11e9-9a9a-2f5e8f21d503", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "3b633125-bac9-11e9-9a9a-2f5e8f21d503", + "label": "write", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.success", + "id": "3b633126-bac9-11e9-9a9a-2f5e8f21d503", + "type": "max" + }, + { + "field": "3b633126-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b633128-bac9-11e9-9a9a-2f5e8f21d503", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3b633128-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b633127-bac9-11e9-9a9a-2f5e8f21d503", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "3b633129-bac9-11e9-9a9a-2f5e8f21d503", + "label": "delete", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.delete.success", + "id": "3b63312a-bac9-11e9-9a9a-2f5e8f21d503", + "type": "max" + }, + { + "field": "3b63312a-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b63312c-bac9-11e9-9a9a-2f5e8f21d503", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3b63312c-bac9-11e9-9a9a-2f5e8f21d503", + "id": "3b63312b-bac9-11e9-9a9a-2f5e8f21d503", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Client Success Rates [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "5b9bf0d0-bac9-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/72523510-bac3-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/72523510-bac3-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..7287b8a529b --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/72523510-bac3-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Namespace Filter [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aerospike.namespace.name", + "id": "1565367993423", + "indexPatternRefName": "control_0_index_pattern", + "label": "namespace", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Namespace Filter [Metrics Aerospike] ECS", + "type": "input_control_vis" + } + }, + "id": "72523510-bac3-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/8c173130-bac3-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/8c173130-bac3-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..c4a9f34e9a6 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/8c173130-bac3-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Node Filter [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aerospike.namespace.node.host", + "id": "1565367993423", + "indexPatternRefName": "control_0_index_pattern", + "label": "node", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Node Filter [Metrics Aerospike] ECS", + "type": "input_control_vis" + } + }, + "id": "8c173130-bac3-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/9ce7ae20-baca-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/9ce7ae20-baca-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..0df9ea0fb23 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/9ce7ae20-baca-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of Objects [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": null, + "id": "689053c0-baca-11e9-a6e8-09b17988a9ca", + "value": 0 + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "6a3d4070-baca-11e9-a6e8-09b17988a9ca" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "63159630-baca-11e9-b44b-b5d06880c15a", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "63159631-baca-11e9-b44b-b5d06880c15a", + "label": "objects", + "line_width": 2, + "metrics": [ + { + "field": "aerospike.namespace.objects.total", + "id": "63159632-baca-11e9-b44b-b5d06880c15a", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Number of Objects [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "9ce7ae20-baca-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/b5121f00-bac8-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/b5121f00-bac8-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..f1bef5edb35 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/b5121f00-bac8-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client Error Rates [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "8674fc30-bac8-11e9-986e-1d8d9532a1f1", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "8674fc31-bac8-11e9-986e-1d8d9532a1f1", + "label": "read", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.error", + "id": "8674fc32-bac8-11e9-986e-1d8d9532a1f1", + "type": "max" + }, + { + "field": "8674fc32-bac8-11e9-986e-1d8d9532a1f1", + "id": "8674fc34-bac8-11e9-986e-1d8d9532a1f1", + "type": "derivative", + "unit": "1s" + }, + { + "field": "8674fc34-bac8-11e9-986e-1d8d9532a1f1", + "id": "8674fc33-bac8-11e9-986e-1d8d9532a1f1", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "86752340-bac8-11e9-986e-1d8d9532a1f1", + "label": "write", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.write.error", + "id": "86752341-bac8-11e9-986e-1d8d9532a1f1", + "type": "max" + }, + { + "field": "86752341-bac8-11e9-986e-1d8d9532a1f1", + "id": "86752343-bac8-11e9-986e-1d8d9532a1f1", + "type": "derivative", + "unit": "1s" + }, + { + "field": "86752343-bac8-11e9-986e-1d8d9532a1f1", + "id": "86752342-bac8-11e9-986e-1d8d9532a1f1", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "86752344-bac8-11e9-986e-1d8d9532a1f1", + "label": "delete", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.delete.error", + "id": "86752345-bac8-11e9-986e-1d8d9532a1f1", + "type": "max" + }, + { + "field": "86752345-bac8-11e9-986e-1d8d9532a1f1", + "id": "86752347-bac8-11e9-986e-1d8d9532a1f1", + "type": "derivative", + "unit": "1s" + }, + { + "field": "86752347-bac8-11e9-986e-1d8d9532a1f1", + "id": "86752346-bac8-11e9-986e-1d8d9532a1f1", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Client Error Rates [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "b5121f00-bac8-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/bd767280-bac9-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/bd767280-bac9-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..473ec83ff20 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/bd767280-bac9-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk Space [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "8f321e10-bac9-11e9-a715-c7f36757ae84", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0, + "formatter": "bytes", + "id": "8f321e11-bac9-11e9-a715-c7f36757ae84", + "label": "Total", + "line_width": 2, + "metrics": [ + { + "field": "aerospike.namespace.device.total.bytes", + "id": "8f321e12-bac9-11e9-a715-c7f36757ae84", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0.2", + "formatter": "bytes", + "id": "8f321e13-bac9-11e9-a715-c7f36757ae84", + "label": "Used", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.device.used.bytes", + "id": "8f321e14-bac9-11e9-a715-c7f36757ae84", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Disk Space [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "bd767280-bac9-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/kibana/visualization/eae846a0-bac7-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/eae846a0-bac7-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..a56c2025684 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/kibana/visualization/eae846a0-bac7-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,181 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client Read Rates [Metrics Aerospike] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "98667320-bac7-11e9-9324-49d4f7fb9626", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "98667321-bac7-11e9-9324-49d4f7fb9626", + "label": "success", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.success", + "id": "98667322-bac7-11e9-9324-49d4f7fb9626", + "type": "max" + }, + { + "field": "98667322-bac7-11e9-9324-49d4f7fb9626", + "id": "98667324-bac7-11e9-9324-49d4f7fb9626", + "type": "derivative", + "unit": "1s" + }, + { + "field": "98667324-bac7-11e9-9324-49d4f7fb9626", + "id": "98667323-bac7-11e9-9324-49d4f7fb9626", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "98667325-bac7-11e9-9324-49d4f7fb9626", + "label": "error", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.error", + "id": "98667326-bac7-11e9-9324-49d4f7fb9626", + "type": "max" + }, + { + "field": "98667326-bac7-11e9-9324-49d4f7fb9626", + "id": "98667328-bac7-11e9-9324-49d4f7fb9626", + "type": "derivative", + "unit": "1s" + }, + { + "field": "98667328-bac7-11e9-9324-49d4f7fb9626", + "id": "98667327-bac7-11e9-9324-49d4f7fb9626", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "98667329-bac7-11e9-9324-49d4f7fb9626", + "label": "not_found", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.not_found", + "id": "9866732a-bac7-11e9-9324-49d4f7fb9626", + "type": "max" + }, + { + "field": "9866732a-bac7-11e9-9324-49d4f7fb9626", + "id": "9866732c-bac7-11e9-9324-49d4f7fb9626", + "type": "derivative", + "unit": "1s" + }, + { + "field": "9866732c-bac7-11e9-9324-49d4f7fb9626", + "id": "9866732b-bac7-11e9-9324-49d4f7fb9626", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#490092", + "fill": "0.2", + "formatter": "number", + "id": "9866732d-bac7-11e9-9324-49d4f7fb9626", + "label": "timeout", + "line_width": "1", + "metrics": [ + { + "field": "aerospike.namespace.client.read.timeout", + "id": "9866732e-bac7-11e9-9324-49d4f7fb9626", + "type": "max" + }, + { + "field": "9866732e-bac7-11e9-9324-49d4f7fb9626", + "id": "98667330-bac7-11e9-9324-49d4f7fb9626", + "type": "derivative", + "unit": "1s" + }, + { + "field": "98667330-bac7-11e9-9324-49d4f7fb9626", + "id": "9866732f-bac7-11e9-9324-49d4f7fb9626", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Client Read Rates [Metrics Aerospike] ECS", + "type": "metrics" + } + }, + "id": "eae846a0-bac7-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aerospike/0.0.1/manifest.yml b/dev/packages/beats/aerospike/0.0.1/manifest.yml new file mode 100644 index 00000000000..1e41b1f32d1 --- /dev/null +++ b/dev/packages/beats/aerospike/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: aerospike +title: Aerospike +version: 0.0.1 +license: basic +description: Aerospike Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-aerospike-overview.png + title: metricbeat aerospike overview + size: 4988x2558 + type: image/png +icons: +- src: /img/logo_aerospike.svg + title: logo aerospike + size: 32x32 + type: image/svg+xml +datasources: +- name: aerospike + title: Aerospike metrics + description: Collect metrics from Aerospike instances + inputs: + - type: aerospike/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:3000 + title: Collect metrics from Aerospike instances + description: Collecting Aerospike namespace metrics diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/agent/stream/log.yml.hbs b/dev/packages/beats/apache/0.0.1/dataset/access/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/apache/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..db30d1734aa --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,104 @@ +--- +description: "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins." + +processors: +- grok: + field: message + patterns: + - '%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \[%{HTTPDATE:apache.access.time}\] + "(?:%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}|-)?" + %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( + "%{DATA:http.request.referrer}")?( "%{DATA:user_agent.original}")?' + - '%{IPORHOST:source.address} - %{DATA:user.name} \[%{HTTPDATE:apache.access.time}\] + "(?:%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}|-)?" + %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( + "%{DATA:http.request.referrer}")?( "%{DATA:user_agent.original}")?' + - '%{IPORHOST:source.address} - %{DATA:user.name} \[%{HTTPDATE:apache.access.time}\] + "-" %{NUMBER:http.response.status_code:long} -' + - \[%{HTTPDATE:apache.access.time}\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} + %{DATA:apache.access.ssl.cipher} "%{WORD:http.request.method} %{DATA:url.original} + HTTP/%{NUMBER:http.version}" (-|%{NUMBER:http.response.body.bytes:long}) + ignore_missing: true +- remove: + field: message +- set: + field: event.kind + value: event +- set: + field: event.category + value: web +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" +- lowercase: + field: http.request.method + ignore_missing: true +- grok: + field: source.address + ignore_missing: true + patterns: + - ^(%{IP:source.ip}|%{HOSTNAME:source.domain})$ +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: apache.access.time + target_field: '@timestamp' + formats: + - dd/MMM/yyyy:H:m:s Z + ignore_failure: true +- remove: + field: apache.access.time + ignore_failure: true +- user_agent: + field: user_agent.original + ignore_failure: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: tls.cipher + value: '{{apache.access.ssl.cipher}}' + if: ctx?.apache?.access?.ssl?.cipher != null + +- script: + lang: painless + if: ctx?.apache?.access?.ssl?.protocol != null + source: >- + def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken("v"); + if (parts.length != 2) { + return; + } + if (parts[1].contains(".")) { + ctx.tls.version = parts[1]; + } else { + ctx.tls.version = parts[1] + ".0"; + } + ctx.tls.version_protocol = parts[0]; + +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/fields/ecs.yml b/dev/packages/beats/apache/0.0.1/dataset/access/fields/ecs.yml new file mode 100644 index 00000000000..5bf59b9b71b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/fields/ecs.yml @@ -0,0 +1,175 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. + - name: thread.id + level: extended + type: long + format: string + description: Thread ID. +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/apache/0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 00000000000..b39dc4e598f --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,11 @@ +- name: apache.access + type: group + fields: + - name: ssl.protocol + type: keyword + description: | + SSL protocol version. + - name: ssl.cipher + type: keyword + description: | + SSL cipher name. diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/fields/package-fields.yml b/dev/packages/beats/apache/0.0.1/dataset/access/fields/package-fields.yml new file mode 100644 index 00000000000..c87d08d011b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/fields/package-fields.yml @@ -0,0 +1,14 @@ +- name: apache2 + type: group + fields: + - name: access + type: group + fields: + - name: user_agent + type: group + - name: geoip + type: group + - name: error + type: group +- name: apache + type: group diff --git a/dev/packages/beats/apache/0.0.1/dataset/access/manifest.yml b/dev/packages/beats/apache/0.0.1/dataset/access/manifest.yml new file mode 100644 index 00000000000..f4a7b27bf66 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/access/manifest.yml @@ -0,0 +1,27 @@ +title: Apache access logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/apache2/access.log* + - /var/log/apache2/other_vhosts_access.log* + - /var/log/httpd/access_log* + os: + darwin: + default: + - /usr/local/var/log/apache2/access_log* + windows: + default: + - C:/tools/Apache/httpd-2.*/Apache24/logs/access.log* + - C:/Program Files/Apache Software Foundation/Apache2.*/logs/access.log* + template_path: log.yml.hbs + title: Apache access logs (log) + description: Collect Apache access logs using log input diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/agent/stream/log.yml.hbs b/dev/packages/beats/apache/0.0.1/dataset/error/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ed4036fef5b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/apache/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..a39c890f698 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,86 @@ +--- +description: Pipeline for parsing apache error logs +processors: +- grok: + field: message + patterns: + - \[%{APACHE_TIME:apache.error.timestamp}\] \[%{LOGLEVEL:log.level}\]( \[client + %{IPORHOST:source.address}(:%{POSINT:source.port})?\])? %{GREEDYDATA:message} + - \[%{APACHE_TIME:apache.error.timestamp}\] \[%{DATA:apache.error.module}:%{LOGLEVEL:log.level}\] + \[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\]( + \[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\])? %{GREEDYDATA:message} + pattern_definitions: + APACHE_TIME: '%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}' + ignore_missing: true +- date: + if: ctx.event.timezone == null + field: apache.error.timestamp + target_field: '@timestamp' + formats: + - EEE MMM dd H:m:s yyyy + - EEE MMM dd H:m:s.SSSSSS yyyy + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: apache.error.timestamp + target_field: '@timestamp' + formats: + - EEE MMM dd H:m:s yyyy + - EEE MMM dd H:m:s.SSSSSS yyyy + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: apache.error.timestamp + ignore_failure: true +- set: + field: event.kind + value: event +- set: + field: event.category + value: web +- script: + if: "ctx?.log?.level != null" + lang: painless + source: >- + def err_levels = ["emerg", "alert", "crit", "error", "warn"]; + if (err_levels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + +- grok: + field: source.address + ignore_missing: true + patterns: + - ^(%{IP:source.ip}|%{HOSTNAME:source.domain})$ +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/fields/ecs.yml b/dev/packages/beats/apache/0.0.1/dataset/error/fields/ecs.yml new file mode 100644 index 00000000000..5bf59b9b71b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/fields/ecs.yml @@ -0,0 +1,175 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. + - name: thread.id + level: extended + type: long + format: string + description: Thread ID. +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/apache/0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 00000000000..a1c6712cadc --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,7 @@ +- name: apache.error + type: group + fields: + - name: module + type: keyword + description: | + The module producing the logged message. diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/fields/package-fields.yml b/dev/packages/beats/apache/0.0.1/dataset/error/fields/package-fields.yml new file mode 100644 index 00000000000..c87d08d011b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/fields/package-fields.yml @@ -0,0 +1,14 @@ +- name: apache2 + type: group + fields: + - name: access + type: group + fields: + - name: user_agent + type: group + - name: geoip + type: group + - name: error + type: group +- name: apache + type: group diff --git a/dev/packages/beats/apache/0.0.1/dataset/error/manifest.yml b/dev/packages/beats/apache/0.0.1/dataset/error/manifest.yml new file mode 100644 index 00000000000..e67c3e9df81 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/error/manifest.yml @@ -0,0 +1,26 @@ +title: Apache error logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/apache2/error.log* + - /var/log/httpd/error_log* + os: + darwin: + default: + - /usr/local/var/log/apache2/error_log* + windows: + default: + - C:/tools/Apache/httpd-2.*/Apache24/logs/error.log* + - C:/Program Files/Apache Software Foundation/Apache2.*/logs/error.log* + template_path: log.yml.hbs + title: Apache error logs (log) + description: Collect Apache error logs using log input diff --git a/dev/packages/beats/apache/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/apache/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..576a3ad4b99 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["status"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/apache/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/apache/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..3c29924fdeb --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,155 @@ +- name: apache.status + type: group + release: ga + fields: + - name: hostname + type: keyword + description: | + Apache hostname. + - name: total_accesses + type: long + description: | + Total number of access requests. + - name: total_kbytes + type: long + description: | + Total number of kilobytes served. + - name: requests_per_sec + type: scaled_float + description: | + Requests per second. + - name: bytes_per_sec + type: scaled_float + description: | + Bytes per second. + - name: bytes_per_request + type: scaled_float + description: | + Bytes per request. + - name: workers.busy + type: long + description: | + Number of busy workers. + - name: workers.idle + type: long + description: | + Number of idle workers. + - name: uptime + type: group + fields: + - name: server_uptime + type: long + description: | + Server uptime in seconds. + - name: uptime + type: long + description: | + Server uptime. + - name: cpu + type: group + fields: + - name: load + type: scaled_float + description: | + CPU Load. + - name: user + type: scaled_float + description: | + CPU user load. + - name: system + type: scaled_float + description: | + System cpu. + - name: children_user + type: scaled_float + description: | + CPU of children user. + - name: children_system + type: scaled_float + description: | + CPU of children system. + - name: connections + type: group + fields: + - name: total + type: long + description: | + Total connections. + - name: async.writing + type: long + description: | + Async connection writing. + - name: async.keep_alive + type: long + description: | + Async keeped alive connections. + - name: async.closing + type: long + description: | + Async closed connections. + - name: load + type: group + fields: + - name: "1" + type: scaled_float + description: | + Load average for the last minute. + - name: "5" + type: scaled_float + description: | + Load average for the last 5 minutes. + - name: "15" + type: scaled_float + description: | + Load average for the last 15 minutes. + - name: scoreboard + type: group + fields: + - name: starting_up + type: long + description: | + Starting up. + - name: reading_request + type: long + description: | + Reading requests. + - name: sending_reply + type: long + description: | + Sending Reply. + - name: keepalive + type: long + description: | + Keep alive. + - name: dns_lookup + type: long + description: | + Dns Lookups. + - name: closing_connection + type: long + description: | + Closing connections. + - name: logging + type: long + description: | + Logging + - name: gracefully_finishing + type: long + description: | + Gracefully finishing. + - name: idle_cleanup + type: long + description: | + Idle cleanups. + - name: open_slot + type: long + description: | + Open slots. + - name: waiting_for_connection + type: long + description: | + Waiting for connections. + - name: total + type: long + description: | + Total. diff --git a/dev/packages/beats/apache/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/apache/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..265ba459f28 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: apache + type: group diff --git a/dev/packages/beats/apache/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/apache/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..ef47b330a39 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,15 @@ +title: Apache status metrics +release: experimental +type: metrics +streams: +- input: apache/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Apache status metrics + description: Collect Apache status metrics diff --git a/dev/packages/beats/apache/0.0.1/docs/README.md b/dev/packages/beats/apache/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/img/apache_httpd_server_status.png b/dev/packages/beats/apache/0.0.1/img/apache_httpd_server_status.png new file mode 100644 index 00000000000..b28bbecb34c Binary files /dev/null and b/dev/packages/beats/apache/0.0.1/img/apache_httpd_server_status.png differ diff --git a/dev/packages/beats/apache/0.0.1/img/kibana-apache.png b/dev/packages/beats/apache/0.0.1/img/kibana-apache.png new file mode 100644 index 00000000000..badfee933a5 Binary files /dev/null and b/dev/packages/beats/apache/0.0.1/img/kibana-apache.png differ diff --git a/dev/packages/beats/apache/0.0.1/img/logo_apache.svg b/dev/packages/beats/apache/0.0.1/img/logo_apache.svg new file mode 100644 index 00000000000..384761f6410 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/img/logo_apache.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/apache/0.0.1/kibana/dashboard/Filebeat-Apache-Dashboard-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/dashboard/Filebeat-Apache-Dashboard-ecs.json new file mode 100644 index 00000000000..93b92eda88e --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/dashboard/Filebeat-Apache-Dashboard-ecs.json @@ -0,0 +1,193 @@ +{ + "attributes": { + "description": "Logs Apache integration dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "mapBounds": { + "bottom_right": { + "lat": -3.864254615721396, + "lon": 205.3125 + }, + "top_left": { + "lat": 67.7427590666639, + "lon": -205.6640625 + } + }, + "mapCenter": [ + 40.713955826286046, + -0.17578125 + ], + "mapCollar": { + "bottom_right": { + "lat": -39.667755, + "lon": 180 + }, + "top_left": { + "lat": 90, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + }, + "gridData": { + "h": 12, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 32, + "x": 0, + "y": 20 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 8, + "x": 40, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 40, + "x": 0, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "source.address", + "log.level", + "apache2.error.integration", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Apache] Access and error logs ECS", + "version": 1 + }, + "id": "Logs-Apache-Dashboard-ecs", + "references": [ + { + "id": "Apache-access-unique-IPs-map-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Apache-response-codes-of-top-URLs-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Apache-browsers-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Apache-operating-systems-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "Apache-error-logs-over-time-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "Apache-response-codes-over-time-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "Apache-errors-log-ecs", + "name": "panel_6", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/dashboard/Metricbeat-Apache-HTTPD-server-status-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/dashboard/Metricbeat-Apache-HTTPD-server-status-ecs.json new file mode 100644 index 00000000000..f12bc67c2bd --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/dashboard/Metricbeat-Apache-HTTPD-server-status-ecs.json @@ -0,0 +1,176 @@ +{ + "attributes": { + "description": "Overview of Apache server status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "6", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Apache] Overview ECS", + "version": 1 + }, + "id": "Metrics-Apache-HTTPD-server-status-ecs", + "references": [ + { + "id": "Apache-HTTPD-CPU-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Hostname-list-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Load1-slash-5-slash-15-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Scoreboard-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Total-accesses-and-kbytes-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Uptime-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "Apache-HTTPD-Workers-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/search/Apache-HTTPD-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-HTTPD-ecs.json new file mode 100644 index 00000000000..25af0307345 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-HTTPD-ecs.json @@ -0,0 +1,49 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:apache.status)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Apache HTTPD ECS", + "version": 1 + }, + "id": "Apache-HTTPD-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/search/Apache-access-logs-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-access-logs-ecs.json new file mode 100644 index 00000000000..6c93d5ab07d --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-access-logs-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "columns": [ + "source.address", + "http.request.method", + "url.original", + "http.response.status_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:apache.access" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Apache access logs [Logs Apache] ECS", + "version": 1 + }, + "id": "Apache-access-logs-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/search/Apache-errors-log-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-errors-log-ecs.json new file mode 100644 index 00000000000..c23703fdee3 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/search/Apache-errors-log-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "columns": [ + "source.address", + "log.level", + "apache2.error.integration", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:apache.error" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Apache errors log [Logs Apache] ECS", + "version": 1 + }, + "id": "Apache-errors-log-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-CPU-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-CPU-ecs.json new file mode 100644 index 00000000000..de735e7f96f --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-CPU-ecs.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "CPU usage [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "CPU load", + "field": "apache.status.cpu.load" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "id": "3", + "params": { + "field": "apache.status.hostname", + "order": "desc", + "orderBy": "1", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "id": "4", + "params": { + "customLabel": "CPU user", + "field": "apache.status.cpu.user" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "5", + "params": { + "customLabel": "CPU system", + "field": "apache.status.cpu.system" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "6", + "params": { + "customLabel": "CPU children user", + "field": "apache.status.cpu.children_user" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "7", + "params": { + "customLabel": "CPU children system", + "field": "apache.status.cpu.children_system" + }, + "schema": "metric", + "type": "avg" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "yAxis": {} + }, + "title": "Apache HTTPD - CPU ECS", + "type": "line" + } + }, + "id": "Apache-HTTPD-CPU-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Hostname-list-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Hostname-list-ecs.json new file mode 100644 index 00000000000..11b70b3132d --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Hostname-list-ecs.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Hostname list [Metrics Apache] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Events count" + }, + "schema": "metric", + "type": "count" + }, + { + "id": "2", + "params": { + "customLabel": "Apache HTTD Hostname", + "field": "apache.status.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "sort": { + "columnIndex": null, + "direction": null + } + }, + "title": "Apache HTTPD - Hostname list ECS", + "type": "table" + } + }, + "id": "Apache-HTTPD-Hostname-list-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Load1-slash-5-slash-15-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Load1-slash-5-slash-15-ecs.json new file mode 100644 index 00000000000..dbf72f44e7c --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Load1-slash-5-slash-15-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Load1/5/15 [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Load 5", + "field": "apache.status.load.5" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "id": "3", + "params": { + "customLabel": "Load 1", + "field": "apache.status.load.1" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "4", + "params": { + "customLabel": "Load 15", + "field": "apache.status.load.15" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "5", + "params": { + "customLabel": "Hostname", + "field": "apache.status.hostname", + "order": "desc", + "orderBy": "1", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "yAxis": {} + }, + "title": "Apache HTTPD - Load1/5/15 ECS", + "type": "line" + } + }, + "id": "Apache-HTTPD-Load1-slash-5-slash-15-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Scoreboard-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Scoreboard-ecs.json new file mode 100644 index 00000000000..661761581b9 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Scoreboard-ecs.json @@ -0,0 +1,178 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Scoreboard [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Closing connection", + "field": "apache.status.scoreboard.closing_connection" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "id": "3", + "params": { + "customLabel": "Hostname", + "field": "apache.status.hostname", + "order": "desc", + "orderBy": "1", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "id": "4", + "params": { + "customLabel": "DNS lookup", + "field": "apache.status.scoreboard.dns_lookup" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "5", + "params": { + "customLabel": "Gracefully finishing", + "field": "apache.status.scoreboard.gracefully_finishing" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "6", + "params": { + "customLabel": "Idle cleanup", + "field": "apache.status.scoreboard.idle_cleanup" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "7", + "params": { + "customLabel": "Keepalive", + "field": "apache.status.scoreboard.keepalive" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "8", + "params": { + "customLabel": "Logging", + "field": "apache.status.scoreboard.logging" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "9", + "params": { + "customLabel": "Open slot", + "field": "apache.status.scoreboard.open_slot" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "10", + "params": { + "customLabel": "Reading request", + "field": "apache.status.scoreboard.reading_request" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "11", + "params": { + "customLabel": "Sending reply", + "field": "apache.status.scoreboard.sending_reply" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "12", + "params": { + "customLabel": "Starting up", + "field": "apache.status.scoreboard.starting_up" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "13", + "params": { + "customLabel": "Total", + "field": "apache.status.scoreboard.total" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "14", + "params": { + "customLabel": "Waiting for connection", + "field": "apache.status.scoreboard.waiting_for_connection" + }, + "schema": "metric", + "type": "avg" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "yAxis": {} + }, + "title": "Apache HTTPD - Scoreboard ECS", + "type": "line" + } + }, + "id": "Apache-HTTPD-Scoreboard-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Total-accesses-and-kbytes-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Total-accesses-and-kbytes-ecs.json new file mode 100644 index 00000000000..f51f36f1444 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Total-accesses-and-kbytes-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Total accesses and kbytes [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Total kbytes", + "field": "apache.status.total_kbytes" + }, + "schema": "metric", + "type": "max" + }, + { + "id": "2", + "params": { + "customLabel": "Total accesses", + "field": "apache.status.total_accesses" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "fontSize": 60, + "handleNoResults": true + }, + "title": "Apache HTTPD - Total accesses and kbytes ECS", + "type": "metric" + } + }, + "id": "Apache-HTTPD-Total-accesses-and-kbytes-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Uptime-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Uptime-ecs.json new file mode 100644 index 00000000000..525083aba9b --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Uptime-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Uptime [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Uptime", + "field": "apache.status.uptime.uptime" + }, + "schema": "metric", + "type": "max" + }, + { + "id": "2", + "params": { + "customLabel": "Server uptime", + "field": "apache.status.uptime.server_uptime" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "fontSize": 60, + "handleNoResults": true + }, + "title": "Apache HTTPD - Uptime ECS", + "type": "metric" + } + }, + "id": "Apache-HTTPD-Uptime-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Workers-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Workers-ecs.json new file mode 100644 index 00000000000..48eb186d23a --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-HTTPD-Workers-ecs.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Workers [Metrics Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "id": "1", + "params": { + "customLabel": "Busy workers", + "field": "apache.status.workers.busy" + }, + "schema": "metric", + "type": "avg" + }, + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "id": "3", + "params": { + "customLabel": "Hostname", + "field": "apache.status.hostname", + "order": "desc", + "orderBy": "1", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "id": "4", + "params": { + "customLabel": "Idle workers", + "field": "apache.status.workers.idle" + }, + "schema": "metric", + "type": "avg" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "yAxis": {} + }, + "title": "Apache HTTPD - Workers ECS", + "type": "line" + } + }, + "id": "Apache-HTTPD-Workers-ecs", + "references": [ + { + "id": "Apache-HTTPD-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-access-unique-IPs-map-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-access-unique-IPs-map-ecs.json new file mode 100644 index 00000000000..bace1314568 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-access-unique-IPs-map-ecs.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Unique IPs map [Logs Apache] ECS", + "uiStateJSON": { + "mapCenter": [ + 14.944784875088372, + 5.09765625 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Apache access unique IPs map ECS", + "type": "tile_map" + } + }, + "id": "Apache-access-unique-IPs-map-ecs", + "references": [ + { + "id": "Apache-access-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-browsers-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-browsers-ecs.json new file mode 100644 index 00000000000..72bb48618d2 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-browsers-ecs.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Browsers breakdown [Logs Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Apache browsers ECS", + "type": "pie" + } + }, + "id": "Apache-browsers-ecs", + "references": [ + { + "id": "Apache-access-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-error-logs-over-time-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-error-logs-over-time-ecs.json new file mode 100644 index 00000000000..7ee5be5a1bb --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-error-logs-over-time-ecs.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Error logs over time [Logs Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Apache error logs over time ECS", + "type": "histogram" + } + }, + "id": "Apache-error-logs-over-time-ecs", + "references": [ + { + "id": "Apache-errors-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-operating-systems-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-operating-systems-ecs.json new file mode 100644 index 00000000000..4a42b86252e --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-operating-systems-ecs.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Operating systems breakdown [Logs Apache] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.os.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Apache operating systems ECS", + "type": "pie" + } + }, + "id": "Apache-operating-systems-ecs", + "references": [ + { + "id": "Apache-access-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-of-top-URLs-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-of-top-URLs-ecs.json new file mode 100644 index 00000000000..d8b4f5e9dda --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-of-top-URLs-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top URLs by response code [Logs Apache] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "URL", + "field": "url.original", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Apache response codes of top URLs ECS", + "type": "pie" + } + }, + "id": "Apache-response-codes-of-top-URLs-ecs", + "references": [ + { + "id": "Apache-access-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-over-time-ecs.json b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-over-time-ecs.json new file mode 100644 index 00000000000..6373e8906d6 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/kibana/visualization/Apache-response-codes-over-time-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Response codes over time [Logs Apache] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#629E51", + "404": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Apache response codes over time ECS", + "type": "histogram" + } + }, + "id": "Apache-response-codes-over-time-ecs", + "references": [ + { + "id": "Apache-access-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/apache/0.0.1/manifest.yml b/dev/packages/beats/apache/0.0.1/manifest.yml new file mode 100644 index 00000000000..e22aeb2add4 --- /dev/null +++ b/dev/packages/beats/apache/0.0.1/manifest.yml @@ -0,0 +1,51 @@ +format_version: 1.0.0 +name: apache +title: Apache +version: 0.0.1 +license: basic +description: Apache Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-apache.png + title: kibana apache + size: 1215x1199 + type: image/png +- src: /img/apache_httpd_server_status.png + title: apache httpd server status + size: 1919x1079 + type: image/png +icons: +- src: /img/logo_apache.svg + title: logo apache + size: 32x32 + type: image/svg+xml +datasources: +- name: apache + title: Apache logs and metrics + description: Collect logs and metrics from Apache instances + inputs: + - type: logs + title: Collect logs from Apache instances + description: Collecting Apache access and error logs + - type: apache/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://127.0.0.1 + title: Collect metrics from Apache instances + description: Collecting Apache status metrics diff --git a/dev/packages/beats/appsearch/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/appsearch/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..658fe27a325 --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,106 @@ +- name: appsearch.stats + type: group + release: beta + fields: + - name: jvm + type: group + fields: + - name: memory_usage + type: group + fields: + - name: heap_init.bytes + type: long + description: | + Heap init used by the JVM in bytes. + - name: heap_used.bytes + type: long + description: | + Heap used by the JVM in bytes. + - name: heap_committed.bytes + type: long + description: | + Committed heap to the JVM in bytes. + - name: heap_max.bytes + type: long + description: | + Max heap used by the JVM in bytes + - name: non_heap_init.bytes + type: long + description: | + Non-Heap initial memory used by the JVM in bytes. + - name: non_heap_committed.bytes + type: long + description: | + Non-Heap committed memory used by the JVM in bytes. + - name: queues + type: group + fields: + - name: analytics_events.count + type: long + description: | + Number of pending jobs in the `analytics_events` queue. + - name: document_destroyer.count + type: long + description: | + Number of pending jobs in the `document_destroyer` queue. + - name: engine_destroyer.count + type: long + description: | + Number of pending jobs in the `engine_destroyer` queue. + - name: index_adder.count + type: long + description: | + Number of pending jobs in the `index_adder` queue. + - name: indexed_doc_remover.count + type: long + description: | + Number of pending jobs in the `indexed_doc_remover` queue. + - name: mailer.count + type: long + description: | + Number of pending jobs in the `mailer` queue. + - name: refresh_document_counts.count + type: long + description: | + Number of pending jobs in the `refresh_document_counts` queue. + - name: reindexer.count + type: long + description: | + Number of pending jobs in the `reindexer` queue. + - name: schema_updater.count + type: long + description: | + Number of pending jobs in the `schema_updater` queue. + - name: failed.count + type: long + description: | + Number of failed jobs waiting to be retried. + - name: requests + type: group + fields: + - name: count + type: long + description: | + Number of recently completed requests + - name: api.duration + type: group + fields: + - name: avg.ms + type: long + description: | + Average response time in milliseconds + - name: max.ms + type: long + description: | + Max response time in milliseconds + - name: web.response_time + type: group + fields: + - name: avg.ms + type: long + description: | + Average response time in milliseconds + - name: max.ms + type: long + description: | + Max response time in milliseconds diff --git a/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..85fb2bfd246 --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: appsearch + type: group diff --git a/dev/packages/beats/appsearch/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/appsearch/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..5dd9f107782 --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: App Search stats metrics +release: experimental +type: metrics +streams: +- input: appsearch/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: App Search stats metrics + description: Collect App Search stats metrics diff --git a/dev/packages/beats/appsearch/0.0.1/docs/README.md b/dev/packages/beats/appsearch/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/appsearch/0.0.1/img/logo_app_search.svg b/dev/packages/beats/appsearch/0.0.1/img/logo_app_search.svg new file mode 100644 index 00000000000..17e25731355 --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/img/logo_app_search.svg @@ -0,0 +1,7 @@ + + + + + + + diff --git a/dev/packages/beats/appsearch/0.0.1/manifest.yml b/dev/packages/beats/appsearch/0.0.1/manifest.yml new file mode 100644 index 00000000000..337963ea12f --- /dev/null +++ b/dev/packages/beats/appsearch/0.0.1/manifest.yml @@ -0,0 +1,36 @@ +format_version: 1.0.0 +name: appsearch +title: App Search +version: 0.0.1 +license: basic +description: App Search Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/logo_app_search.svg + title: logo app search + size: 32x32 + type: image/svg+xml +datasources: +- name: appsearch + title: App Search metrics + description: Collect metrics from App Search instances + inputs: + - type: appsearch/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://localhost:3002 + title: Collect metrics from App Search instances + description: Collecting App Search stats metrics diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/auditd/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/auditd/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..061821fd3aa --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,352 @@ +--- +description: Pipeline for parsing Linux auditd logs +processors: +- grok: + field: message + pattern_definitions: + AUDIT_TYPE: "^type=%{NOTSPACE:auditd.log.record_type}" + AUDIT_PREFIX: "%{AUDIT_TYPE} msg=audit\\(%{NUMBER:auditd.log.epoch}:%{NUMBER:auditd.log.sequence}\\):(%{DATA})?" + AUDIT_KEY_VALUES: "%{WORD}=%{GREEDYDATA}" + patterns: + - "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv} old auid=%{NUMBER:auditd.log.old_auid} + new auid=%{NUMBER:auditd.log.new_auid} old ses=%{NUMBER:auditd.log.old_ses} + new ses=%{NUMBER:auditd.log.new_ses}" + - "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv} msg=['\"]%{AUDIT_KEY_VALUES:auditd.log.sub_kv}['\"]" + - "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv}" + - "%{AUDIT_PREFIX}" + - "%{AUDIT_TYPE} %{AUDIT_KEY_VALUES:auditd.log.kv}" +- kv: + field: auditd.log.kv + field_split: "\\s+" + value_split: "=" + target_field: auditd.log +- kv: + field: auditd.log.sub_kv + field_split: "\\s+" + value_split: "=" + target_field: auditd.log + ignore_missing: true +- remove: + field: auditd.log.kv + ignore_failure: true +- remove: + field: auditd.log.sub_kv + ignore_failure: true +- remove: + field: message + ignore_failure: true +- date: + field: auditd.log.epoch + target_field: "@timestamp" + formats: + - UNIX + ignore_failure: true +- remove: + field: auditd.log.epoch + ignore_failure: true +- convert: + field: auditd.log.sequence + type: integer + ignore_missing: true +- script: + lang: painless + source: | + String trimQuotes(def singleQuote, def doubleQuote, def v) { + if (v.startsWith(singleQuote) || v.startsWith(doubleQuote)) { + v = v.substring(1, v.length()); + } + if (v.endsWith(singleQuote) || v.endsWith(doubleQuote)) { + v = v.substring(0, v.length()-1); + } + return v; + } + + boolean isHexAscii(String v) { + def len = v.length(); + + if (len == 0 || len % 2 != 0) { + return false; + } + + for (int i = 0 ; i < len ; i++) { + if (Character.digit(v.charAt(i), 16) == -1) { + return false; + } + } + return true; + } + + String convertHexToString(String hex) { + StringBuilder sb = new StringBuilder(); + boolean needed_encoding = false; + + for (int i=0; i < hex.length() - 1; i+=2) { + int cp = Integer.parseInt(hex.substring(i, (i +2)), 16); + if (cp < 33 || cp == 34 || cp == 127) { + needed_encoding = true; + } + if (cp < 32 || cp == 127) { + sb.append('^'); + cp ^= 64; + } + sb.append((char)cp); + } + if (needed_encoding) { + return sb.toString(); + } + return hex; + } + + def possibleHexKeys = ["exe", "cmd", "data", "path", "comm", "file", "name", "watch", "cwd", "acct", "dir", "vm", "old-chardev", "new-chardev", "old-disk", "new-disk", "old-fs", "new-fs", "old-net", "new-net", "device", "cgroup", "apparmor", "operation", "denied_mask", "info", "profile", "requested_mask", "old-rng", "new-rng", "ocomm", "grp", "new_group", "invalid_context", "sw", "root_dir", "proctitle"]; + def audit = ctx.auditd.get("log"); + Iterator entries = audit.entrySet().iterator(); + + while (entries.hasNext()) { + def e = entries.next(); + def k = e.getKey(); + def v = e.getValue(); + + // Remove entries whose value is ? + if (v == "?" || v == "(null)" || v == "") { + entries.remove(); + continue; + } + + // Convert hex values to ASCII. + if (possibleHexKeys.contains(k) && isHexAscii(v)) { + v = convertHexToString(v); + audit.put(k, v); + } + + // Trim quotes. + if (v instanceof String) { + v = trimQuotes(params.single_quote, params.double_quote, v); + audit.put(k, v); + } + + // Convert arch. + if (k == "arch" && v == "c000003e") { + audit.put(k, "x86_64"); + } + } + params: + single_quote: "'" + double_quote: "\"" +- set: + field: event.kind + value: event +- set: + if: "ctx.auditd.log?.record_type == 'USER_AUTH'" + field: event.type + value: authentication +- set: + if: "ctx.auditd.log?.record_type == 'KERN_MODULE'" + field: event.type + value: driver +- set: + if: "ctx.auditd.log?.record_type == 'SOFTWARE_UPDATE'" + field: event.type + value: package +- set: + if: "ctx.auditd.log?.record_type == 'SYSTEM_BOOT' || ctx.auditd.log?.record_type == 'SYSTEM_SHUTDOWN'" + field: event.type + value: host +- set: + if: "ctx.auditd.log?.record_type == 'SYSCALL' && ctx.auditd.log?.syscall == 'execve'" + field: event.type + value: process +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_CONTROL' || ctx.auditd.log?.record_type == 'VIRT_MACHINE_ID'" + field: event.category + value: host +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_CONTROL' && ctx.auditd.log?.op == 'start'" + field: event.type + value: start +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_CONTROL' && ctx.auditd.log?.op == 'stop'" + field: event.type + value: end +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_CONTROL' && ctx.auditd.log?.op == 'create'" + field: event.type + value: creation +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_CONTROL' && ctx.auditd.log?.op == 'delete'" + field: event.type + value: deletion +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_MACHINE_ID'" + field: event.type + value: creation +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_MACHINE_ID' && ctx.auditd.log?.vm != null" + field: container.name + value: "{{ auditd.log.vm }}" +- set: + if: "ctx.auditd.log?.record_type == 'VIRT_MACHINE_ID' && ctx.auditd.log?.virt != null" + field: container.runtime + value: "{{ auditd.log.virt }}" +- rename: + ignore_failure: true + field: auditd.log.arch + target_field: host.architecture +- rename: + ignore_failure: true + field: auditd.log.acct + target_field: user.name +- rename: + ignore_failure: true + field: auditd.log.uid + target_field: user.id +- rename: + ignore_failure: true + field: auditd.log.gid + target_field: user.group.id +- rename: + ignore_failure: true + field: auditd.log.agid + target_field: user.audit.group.id +- rename: + ignore_failure: true + field: auditd.log.auid + target_field: user.audit.id +- rename: + ignore_failure: true + field: auditd.log.fsgid + target_field: user.filesystem.group.id +- rename: + ignore_failure: true + field: auditd.log.fsuid + target_field: user.filesystem.id +- rename: + ignore_failure: true + field: auditd.log.egid + target_field: user.effective.group.id +- rename: + ignore_failure: true + field: auditd.log.euid + target_field: user.effective.id +- rename: + ignore_failure: true + field: auditd.log.sgid + target_field: user.saved.group.id +- rename: + ignore_failure: true + field: auditd.log.suid + target_field: user.saved.id +- rename: + ignore_failure: true + field: auditd.log.ogid + target_field: user.owner.group.id +- rename: + ignore_failure: true + field: auditd.log.ouid + target_field: user.owner.id +- rename: + ignore_failure: true + field: auditd.log.comm + target_field: process.name +- rename: + ignore_failure: true + field: auditd.log.exe + target_field: process.executable +- rename: + ignore_failure: true + field: auditd.log.pid + target_field: process.pid +- rename: + ignore_failure: true + field: auditd.log.ppid + target_field: process.ppid +- convert: + ignore_missing: true + field: process.pid + type: long +- convert: + ignore_missing: true + field: process.ppid + type: long +- rename: + ignore_failure: true + field: auditd.log.cmd + target_field: process.args +- split: + ignore_failure: true + field: process.args + separator: "\\s+" +- script: + if: "ctx?.process?.args != null" + lang: painless + source: >- + if (ctx.process.args instanceof List) { + ctx.process.args_count = ctx.process.args.length; + } +- rename: + ignore_failure: true + field: auditd.log.exit + target_field: process.exit_code +- convert: + ignore_missing: true + field: process.exit_code + type: long +- rename: + ignore_missing: true + field: auditd.log.cwd + target_field: process.working_directory +- rename: + ignore_failure: true + field: auditd.log.terminal + target_field: user.terminal +- rename: + ignore_failure: true + field: auditd.log.msg + target_field: message +- rename: + ignore_failure: true + field: auditd.log.res + target_field: event.outcome +- rename: + ignore_failure: true + field: auditd.log.record_type + target_field: event.action +- lowercase: + ignore_failure: true + field: event.action +- rename: + ignore_failure: true + field: auditd.log.src + target_field: source.address +- rename: + ignore_failure: true + field: auditd.log.dst + target_field: destination.address +- grok: + field: source.address + patterns: + - "^%{IP:source.ip}$" + ignore_failure: true +- geoip: + field: source.ip + target_field: source.geo + ignore_failure: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +on_failure: +- set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..8b21850ff0c --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,154 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: event + title: Event + group: 2 + type: group + fields: + - name: action + level: core + type: keyword + description: |- + The action captured by the event. + This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. + ignore_above: 1024 + - name: outcome + level: core + type: keyword + description: |- + This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. + Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. + Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + ignore_above: 1024 +- name: host + title: Host + group: 2 + type: group + fields: + - name: architecture + level: core + type: keyword + description: Operating system architecture. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: executable + level: extended + type: keyword + description: Absolute path to the process executable. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pid + level: core + type: long + format: string + description: Process id. + - name: ppid + level: extended + type: long + format: string + description: Parent process' pid. +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: user + title: User + group: 2 + type: group + fields: + - name: group.id + level: extended + type: keyword + description: Unique identifier for the group on the system/platform. + ignore_above: 1024 + - name: id + level: core + type: keyword + description: Unique identifier of the user. + ignore_above: 1024 + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..9da38fcc43f --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,47 @@ +- name: auditd.log + type: group + fields: + - name: old_auid + type: keyword + description: | + For login events this is the old audit ID used for the user prior to this login. + - name: new_auid + type: keyword + description: | + For login events this is the new audit ID. The audit ID can be used to trace future events to the user even if their identity changes (like becoming root). + - name: old_ses + type: keyword + description: | + For login events this is the old session ID used for the user prior to this login. + - name: new_ses + type: keyword + description: | + For login events this is the new session ID. It can be used to tie a user to future events by session ID. + - name: sequence + type: long + description: | + The audit event sequence number. + - name: items + type: keyword + description: | + The number of items in an event. + - name: item + type: keyword + description: | + The item field indicates which item out of the total number of items. This number is zero-based; a value of 0 means it is the first item. + - name: tty + type: keyword + - name: a0 + type: keyword + description: | + The first argument to the system call. + - name: addr + type: ip + - name: rport + type: long + - name: laddr + type: ip + - name: lport + type: long + - name: geoip + type: group diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..58f2656b3b6 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,104 @@ +- name: user + type: group + fields: + - name: terminal + type: keyword + description: | + Terminal or tty device on which the user is performing the observed activity. + - name: audit + type: group + fields: + - name: id + type: keyword + description: | + One or multiple unique identifiers of the user. + - name: name + type: keyword + description: | + Short name or login of the user. + - name: group.id + type: keyword + description: | + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: | + Name of the group. + - name: effective + type: group + fields: + - name: id + type: keyword + description: | + One or multiple unique identifiers of the user. + - name: name + type: keyword + description: | + Short name or login of the user. + - name: group.id + type: keyword + description: | + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: | + Name of the group. + - name: filesystem + type: group + fields: + - name: id + type: keyword + description: | + One or multiple unique identifiers of the user. + - name: name + type: keyword + description: | + Short name or login of the user. + - name: group.id + type: keyword + description: | + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: | + Name of the group. + - name: owner + type: group + fields: + - name: id + type: keyword + description: | + One or multiple unique identifiers of the user. + - name: name + type: keyword + description: | + Short name or login of the user. + - name: group.id + type: keyword + description: | + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: | + Name of the group. + - name: saved + type: group + fields: + - name: id + type: keyword + description: | + One or multiple unique identifiers of the user. + - name: name + type: keyword + description: | + Short name or login of the user. + - name: group.id + type: keyword + description: | + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: | + Name of the group. +- name: auditd + type: group diff --git a/dev/packages/beats/auditd/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/auditd/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..b124fc68022 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,23 @@ +title: Auditd log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/audit/audit.log* + os: + darwin: + default: + - "" + windows: + default: [] + template_path: log.yml.hbs + title: Auditd log logs (log) + description: Collect Auditd log logs using log input diff --git a/dev/packages/beats/auditd/0.0.1/docs/README.md b/dev/packages/beats/auditd/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/img/kibana-audit-auditd.png b/dev/packages/beats/auditd/0.0.1/img/kibana-audit-auditd.png new file mode 100644 index 00000000000..732afa18dc1 Binary files /dev/null and b/dev/packages/beats/auditd/0.0.1/img/kibana-audit-auditd.png differ diff --git a/dev/packages/beats/auditd/0.0.1/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb-ecs.json new file mode 100644 index 00000000000..7b0a508a3da --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb-ecs.json @@ -0,0 +1,179 @@ +{ + "attributes": { + "description": "Dashboard for the Auditd Logs integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "1", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapBounds": { + "bottom_right": { + "lat": -43.580390855607845, + "lon": 102.65625 + }, + "top_left": { + "lat": 43.58039085560784, + "lon": -102.3046875 + } + }, + "mapCollar": { + "bottom_right": { + "lat": -87.16078, + "lon": 180 + }, + "top_left": { + "lat": 87.16078, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "6", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "event.action", + "auditd.log.sequence", + "user.name" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Auditd] Audit Events ECS", + "version": 1 + }, + "id": "dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb-ecs", + "references": [ + { + "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c5411910-0a87-11e7-8b04-eb22a5669f27-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27-ecs", + "name": "panel_5", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27-ecs.json new file mode 100644 index 00000000000..6a0ea7b9384 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27-ecs.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "event.action", + "auditd.log.sequence", + "user.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:auditd.log" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Audit Events [Logs Auditd] ECS", + "version": 1 + }, + "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7-ecs.json new file mode 100644 index 00000000000..2bc6454a397 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Event Results [Logs Auditd] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(q=\"stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", + "interval": "auto" + }, + "title": "Event Results [Logs Auditd] ECS", + "type": "timelion" + } + }, + "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json new file mode 100644 index 00000000000..47887871ce2 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action:EXECVE" + } + } + }, + "title": "Top Exec Commands [Logs Auditd] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Command (arg 0)", + "field": "auditd.log.a0", + "order": "desc", + "orderBy": "1", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Audit Top Exec Commands ECS", + "type": "table" + } + }, + "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858-ecs.json new file mode 100644 index 00000000000..7a3011c447c --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858-ecs.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event types breakdown [Logs Auditd] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Audit Event Types ECS", + "type": "pie" + } + }, + "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27-ecs.json new file mode 100644 index 00000000000..2647c2446a7 --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event Account Tag Cloud [Logs Auditd] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 42, + "minFontSize": 15, + "orientation": "single", + "scale": "linear" + }, + "title": "Audit Event Account Tag Cloud ECS", + "type": "tagcloud" + } + }, + "id": "c5411910-0a87-11e7-8b04-eb22a5669f27-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27-ecs.json b/dev/packages/beats/auditd/0.0.1/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27-ecs.json new file mode 100644 index 00000000000..26ad71b019b --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27-ecs.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event Address Geo Location [Logs Auditd] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Audit Event Address Geo Location ECS", + "type": "tile_map" + } + }, + "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/auditd/0.0.1/manifest.yml b/dev/packages/beats/auditd/0.0.1/manifest.yml new file mode 100644 index 00000000000..76a80ea653f --- /dev/null +++ b/dev/packages/beats/auditd/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: auditd +title: Auditd +version: 0.0.1 +license: basic +description: Auditd Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-audit-auditd.png + title: kibana audit auditd + size: 1230x997 + type: image/png +datasources: +- name: auditd + title: Auditd logs + description: Collect logs from Auditd instances + inputs: + - type: logs + title: Collect logs from Auditd instances + description: Collecting Auditd log logs diff --git a/dev/packages/beats/aws/0.0.1/dataset/billing/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/billing/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..32af19bf840 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/billing/agent/stream/stream.yml.hbs @@ -0,0 +1,5 @@ +metricsets: ["billing"] +period: {{period}} +{{#if regions}} +regions: {{regions}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/billing/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/billing/fields/fields.yml new file mode 100644 index 00000000000..b1bf7150c38 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/billing/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.billing + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/billing/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/billing/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/billing/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/billing/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/billing/manifest.yml new file mode 100644 index 00000000000..8fdd17ca5c2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/billing/manifest.yml @@ -0,0 +1,23 @@ +title: aws billing metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 12h + - name: regions + type: text + title: Regions + multi: true + required: true + show_user: true + default: + - us-east-1 + title: aws billing metrics + description: Collect aws billing metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..b338e059c18 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} + - {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..ceab7fbedd8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/agent/stream/s3.yml.hbs @@ -0,0 +1,29 @@ +queue_url: {{queue_url}} +expand_event_list_from_field: Records +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..eef0c339b99 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,273 @@ +--- +description: Pipeline for AWS CloudTrail Logs +processors: + - rename: + field: "message" + target_field: "event.original" + - json: + field: "event.original" + target_field: "json" + - date: + field: "json.eventTime" + target_field: "@timestamp" + ignore_failure: true + formats: + - ISO8601 + - rename: + field: "json.eventVersion" + target_field: "aws.cloudtrail.event_version" + ignore_failure: true + - rename: + field: "json.userIdentity.type" + target_field: "aws.cloudtrail.user_identity.type" + ignore_failure: true + - rename: + field: "json.userIdentity.userName" + target_field: "user.name" + ignore_failure: true + - rename: + field: "json.userIdentity.principalId" + target_field: "user.id" + ignore_failure: true + - rename: + field: "json.userIdentity.arn" + target_field: "aws.cloudtrail.user_identity.arn" + ignore_failure: true + - rename: + field: "json.userIdentity.accountId" + target_field: "cloud.account.id" + ignore_failure: true + - rename: + field: "json.userIdentity.accessKeyId" + target_field: "aws.cloudtrail.user_identity.access_key_id" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionContext.attributes.mfaAuthenticated" + target_field: "aws.cloudtrail.user_identity.session_context.mfa_authenticated" + ignore_failure: true + - date: + field: "json.userIdentity.sessionContext.attributes.creationDate" + target_field: "aws.cloudtrail.user_identity.session_context.creation_date" + ignore_failure: true + formats: + - ISO8601 + - rename: + field: "json.userIdentity.invokedBy" + target_field: "aws.cloudtrail.user_identity.invoked_by" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.type" + target_field: "aws.cloudtrail.user_identity.session_issuer.type" + ignore_failure: true +# userIdentity.sessionIssuer.userName is only set with assumed roles. + - rename: + field: "json.userIdentity.sessionIssuer.userName" + target_field: "user.name" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.principalId" + target_field: "aws.cloudtrail.user_identity.session_issuer.principal_id" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.arn" + target_field: "aws.cloudtrail.user_identity.session_issuer.arn" + ignore_failure: true + - rename: + field: "json.userIdentity.sessionIssuer.accountId" + target_field: "aws.cloudtrail.user_identity.session_issuer.account_id" + ignore_failure: true + - rename: + field: "json.eventSource" + target_field: "event.provider" + ignore_failure: true + - set: + field: "event.action" + value: "{{json.eventName}}" + ignore_failure: true + - rename: + field: "json.awsRegion" + target_field: "cloud.region" + ignore_failure: true + - rename: + field: "json.sourceIPAddress" + target_field: "source.address" + ignore_failure: true + - grok: + field: source.address + ignore_failure: true + patterns: + - ^%{IP:source.ip}$ + - geoip: + field: "source.ip" + target_field: "source.geo" + ignore_failure: true + ignore_missing: true + - user_agent: + field: "json.userAgent" + target_field: "user_agent" + on_failure: + - rename: + field: "json.userAgent" + target_field: "user_agent.original" + ignore_failure: true + - rename: + field: "json.errorCode" + target_field: "aws.cloudtrail.error_code" + ignore_failure: true + - rename: + field: "json.errorMessage" + target_field: "aws.cloudtrail.error_message" + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.requestParameters != null) { + ctx.aws.cloudtrail.request_parameters = ctx.json.requestParameters.toString(); + } + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.responseElements != null) { + ctx.aws.cloudtrail.response_elements = ctx.json.responseElements.toString(); + } + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.additionalEventData != null) { + ctx.aws.cloudtrail.additional_eventdata = ctx.json.additionalEventData.toString(); + } + ignore_failure: true + - rename: + field: "json.requestId" + target_field: "aws.cloudtrail.request_id" + ignore_failure: true + - rename: + field: "json.eventID" + target_field: event.id + ignore_failure: true + - rename: + field: "json.eventType" + target_field: "aws.cloudtrail.event_type" + ignore_failure: true + - rename: + field: "json.apiVersion" + target_field: "aws.cloudtrail.api_version" + ignore_failure: true + - rename: + field: "json.managementEvent" + target_field: "aws.cloudtrail.management_event" + ignore_failure: true + - rename: + field: "json.readOnly" + target_field: "aws.cloudtrail.read_only" + ignore_failure: true + - rename: + field: "json.resources.ARN" + target_field: "aws.cloudtrail.resources.arn" + ignore_failure: true + - rename: + field: "json.resources.accountId" + target_field: "aws.cloudtrail.resources.account_id" + ignore_failure: true + - rename: + field: "json.resources.type" + target_field: "aws.cloudtrail.resources.type" + ignore_failure: true + - rename: + field: "json.recipientAccountId" + target_field: "aws.cloudtrail.recipient_account_id" + ignore_failure: true + - script: + lang: painless + source: | + if (ctx.json.serviceEventDetails != null) { + ctx.aws.cloudtrail.service_event_details = ctx.json.serviceEventDetails.toString(); + } + ignore_failure: true + - rename: + field: "json.sharedEventId" + target_field: "aws.cloudtrail.shared_event_id" + ignore_failure: true + - rename: + field: "json.vpcEndpointId" + target_field: "aws.cloudtrail.vpc_endpoint_id" + ignore_failure: true + - script: + lang: painless + ignore_failure: true + source: >- + void addRelatedUser(def ctx, String userName) { + if (ctx.related == null) { + Map map = new HashMap(); + ctx.put("related", map); + } + if (ctx.related.user == null) { + ArrayList al = new ArrayList(); + ctx.related.put("user", al); + } + ctx.related.user.add(userName); + } + + ctx.event.type = 'info'; + ctx.event.kind = 'event'; + if (ctx.aws.cloudtrail.error_code != null || ctx.aws.cloudtrail.error_message != null) { + ctx.event.outcome = 'failure' + } else { + ctx.event.outcome = 'success' + } + + if (ctx.json?.eventName == 'ConsoleLogin') { + ctx.event.category = 'authentication'; + if (ctx.json?.responseElements.ConsoleLogin != null) { + ctx.event.outcome = Processors.lowercase(ctx.json.responseElements.ConsoleLogin); + } + } + + if (ctx.json?.requestParameters.userName != null) { + addRelatedUser(ctx, ctx.json.requestParameters.userName); + } + if (ctx.json?.requestParameters.newUserName != null) { + addRelatedUser(ctx, ctx.json.requestParameters.newUserName); + } + + - script: + lang: painless + ignore_failure: true + source: >- + if (ctx.json?.eventName != 'ConsoleLogin') { + return; + } + Map aed_map = new HashMap(); + if (ctx.json?.additionalEventData?.MobileVersion != null) { + if (ctx.json.additionalEventData.MobileVersion == 'No') { + aed_map.put("mobile_version", false); + } else { + aed_map.put("mobile_version", true); + } + } + if (ctx.json?.additionalEventData?.LoginTo != null) { + aed_map.put("login_to", ctx.json.additionalEventData.LoginTo); + } + if (ctx.json?.additionalEventData?.MFAUsed != null) { + if (ctx.json.additionalEventData.MFAUsed == 'No') { + aed_map.put("mfa_used", false); + } else { + aed_map.put("mfa_used", true); + } + } + if (aed_map.size() > 0) { + Map cl_map = new HashMap(); + cl_map.put("additional_eventdata", aed_map); + ctx.aws.cloudtrail.put("console_login", cl_map); + } + + - remove: + field: + - "json" + ignore_missing: true +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/fields.yml new file mode 100644 index 00000000000..59ac3749bf9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/fields.yml @@ -0,0 +1,132 @@ +- name: aws.cloudtrail + type: group + release: beta + fields: + - name: event_version + type: keyword + description: | + The CloudTrail version of the log event format. + - name: user_identity + type: group + fields: + - name: type + type: keyword + description: | + The type of the identity + - name: arn + type: keyword + description: The Amazon Resource Name (ARN) of the principal that made the call. + - name: access_key_id + type: keyword + description: The access key ID that was used to sign the request. + - name: session_context + type: group + fields: + - name: mfa_authenticated + type: keyword + description: The value is true if the root user or IAM user whose credentials + were used for the request also was authenticated with an MFA device; otherwise, + false. + - name: creation_date + type: date + description: The date and time when the temporary security credentials were + issued. + - name: invoked_by + type: keyword + description: The name of the AWS service that made the request, such as Amazon + EC2 Auto Scaling or AWS Elastic Beanstalk. + - name: session_issuer + type: group + fields: + - name: type + type: keyword + description: The source of the temporary security credentials, such as Root, + IAMUser, or Role. + - name: principal_id + type: keyword + description: The internal ID of the entity that was used to get credentials. + - name: arn + type: keyword + description: The ARN of the source (account, IAM user, or role) that was used + to get temporary security credentials. + - name: account_id + type: keyword + description: The account that owns the entity that was used to get credentials. + - name: error_code + type: keyword + description: The AWS service error if the request returns an error. + - name: error_message + type: keyword + description: If the request returns an error, the description of the error. + - name: request_parameters + type: keyword + description: The parameters, if any, that were sent with the request. + - name: response_elements + type: keyword + description: The response element for actions that make changes (create, update, + or delete actions). + - name: additional_eventdata + type: keyword + description: Additional data about the event that was not part of the request + or response. + - name: request_id + type: keyword + description: The value that identifies the request. The service being called generates + this value. + - name: event_type + type: keyword + description: Identifies the type of event that generated the event record. + - name: api_version + type: keyword + description: Identifies the API version associated with the AwsApiCall eventType + value. + - name: management_event + type: keyword + description: A Boolean value that identifies whether the event is a management + event. + - name: read_only + type: keyword + description: Identifies whether this operation is a read-only operation. + - name: resources + type: group + fields: + - name: arn + type: keyword + description: Resource ARNs + - name: account_id + type: keyword + description: Account ID of the resource owner + - name: type + type: keyword + description: 'Resource type identifier in the format: AWS::aws-service-name::data-type-name' + - name: recipient_account_id + type: keyword + description: Represents the account ID that received this event. + - name: service_event_details + type: keyword + description: Identifies the service event, including what triggered the event + and the result. + - name: shared_event_id + type: keyword + description: GUID generated by CloudTrail to uniquely identify CloudTrail events + from the same AWS action that is sent to different AWS accounts. + - name: vpc_endpoint_id + type: keyword + description: Identifies the VPC endpoint in which requests were made from a VPC + to another AWS service, such as Amazon S3. + - name: console_login + type: group + fields: + - name: additional_eventdata + type: group + fields: + - name: mobile_version + type: boolean + description: Identifies whether ConsoleLogin was from mobile version + - name: login_to + type: keyword + description: URL for ConsoleLogin + - name: mfa_used + type: boolean + description: Identifies whether multi factor authentication was used during + ConsoleLogin diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/manifest.yml new file mode 100644 index 00000000000..3aea036a232 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudtrail/manifest.yml @@ -0,0 +1,73 @@ +title: AWS cloudtrail logs +release: experimental +type: logs +streams: +- input: logs + template_path: log.yml.hbs + title: AWS cloudtrail logs (log) + description: Collect AWS cloudtrail logs using log input +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS cloudtrail logs (s3) + description: Collect AWS cloudtrail logs using s3 input diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..b338e059c18 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} + - {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..99ade800a35 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs @@ -0,0 +1,28 @@ +queue_url: {{queue_url}} +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..dd30dc36a46 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,26 @@ +--- +description: "Pipeline for CloudWatch logs" + +processors: + - grok: + field: message + patterns: + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{GREEDYDATA:message}" + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{GREEDYDATA:message}" + + - date: + field: '_tmp.timestamp' + target_field: "@timestamp" + ignore_failure: true + formats: + - 'ISO8601' + + - remove: + field: + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/fields.yml new file mode 100644 index 00000000000..6b461f7ed82 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.cloudwatch + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/manifest.yml new file mode 100644 index 00000000000..06a4e68da86 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-logs/manifest.yml @@ -0,0 +1,73 @@ +title: AWS cloudwatch logs +release: experimental +type: logs +streams: +- input: logs + template_path: log.yml.hbs + title: AWS cloudwatch logs (log) + description: Collect AWS cloudwatch logs using log input +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS cloudwatch logs (s3) + description: Collect AWS cloudwatch logs using s3 input diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..4f766a5ddd2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["cloudwatch"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if metrics}} +metrics: {{metrics}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/fields.yml new file mode 100644 index 00000000000..c7b4bc3ae67 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/fields.yml @@ -0,0 +1,7 @@ +- name: aws.cloudwatch + type: group + release: ga + fields: + - name: namespace + type: keyword + description: The namespace specified when query cloudwatch api. diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/manifest.yml new file mode 100644 index 00000000000..28e6fba26a6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/cloudwatch-metrics/manifest.yml @@ -0,0 +1,41 @@ +title: aws cloudwatch metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: metrics + type: yaml + title: Metrics + multi: false + required: true + show_user: true + default: | + - dimensions: + - name: InstanceId + value: i-0686946e22cf9494a + name: + - CPUUtilization + namespace: AWS/EC2 + - namespace: AWS/EBS + - namespace: AWS/ELB + tags: + - key: Organization + value: Engineering + tags.resource_type_filter: elasticloadbalancing + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: aws cloudwatch metrics + description: Collect aws cloudwatch metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/dynamodb/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b5948ca8f46 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["dynamodb"] +period: {{period}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/fields.yml new file mode 100644 index 00000000000..d392890f45d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/fields.yml @@ -0,0 +1,110 @@ +- name: aws.dynamodb + type: group + release: beta + fields: + - name: metrics + type: group + fields: + - name: SuccessfulRequestLatency + type: group + fields: + - name: avg + type: double + - name: max + type: double + - name: OnlineIndexPercentageProgress.avg + type: double + description: | + The percentage of completion when a new global secondary index is being added to a table. + - name: ProvisionedWriteCapacityUnits.avg + type: double + description: | + The number of provisioned write capacity units for a table or a global secondary index. + - name: ProvisionedReadCapacityUnits.avg + type: double + description: | + The number of provisioned read capacity units for a table or a global secondary index. + - name: ConsumedReadCapacityUnits + type: group + fields: + - name: avg + type: double + - name: sum + type: long + - name: ConsumedWriteCapacityUnits + type: group + fields: + - name: avg + type: double + - name: sum + type: long + - name: ReplicationLatency + type: group + fields: + - name: avg + type: double + - name: max + type: double + - name: TransactionConflict + type: group + fields: + - name: avg + type: double + - name: sum + type: long + - name: AccountProvisionedReadCapacityUtilization.avg + type: double + description: | + The average percentage of provisioned read capacity units utilized by the account. + - name: AccountProvisionedWriteCapacityUtilization.avg + type: double + description: | + The average percentage of provisioned write capacity units utilized by the account. + - name: SystemErrors.sum + type: long + description: | + The requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 500 status code during the specified time period. + - name: ConditionalCheckFailedRequests.sum + type: long + description: | + The number of failed attempts to perform conditional writes. + - name: PendingReplicationCount.sum + type: long + description: | + The number of item updates that are written to one replica table, but that have not yet been written to another replica in the global table. + - name: ReadThrottleEvents.sum + type: long + description: | + Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. + - name: ThrottledRequests.sum + type: long + description: | + Requests to DynamoDB that exceed the provisioned throughput limits on a resource (such as a table or an index). + - name: WriteThrottleEvents.sum + type: long + description: | + Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. + - name: AccountMaxReads.max + type: long + description: | + The maximum number of read capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes. + - name: AccountMaxTableLevelReads.max + type: long + description: | + The maximum number of read capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum read request units a table or a global secondary index can use. + - name: AccountMaxTableLevelWrites.max + type: long + description: | + The maximum number of write capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum write request units a table or a global secondary index can use. + - name: AccountMaxWrites.max + type: long + description: | + The maximum number of write capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes. + - name: MaxProvisionedTableReadCapacityUtilization.max + type: double + description: | + The percentage of provisioned read capacity units utilized by the highest provisioned read table or global secondary index of an account. + - name: MaxProvisionedTableWriteCapacityUtilization.max + type: double + description: | + The percentage of provisioned write capacity utilized by the highest provisioned write table or global secondary index of an account. diff --git a/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/dynamodb/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/manifest.yml new file mode 100644 index 00000000000..fda829330e3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/dynamodb/manifest.yml @@ -0,0 +1,15 @@ +title: aws dynamodb metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 5m + title: aws dynamodb metrics + description: Collect aws dynamodb metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/ebs/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/ebs/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..35eb0e750c7 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ebs/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["ebs"] +period: {{period}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/fields.yml new file mode 100644 index 00000000000..4db663b2ae6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.ebs + type: group + release: ga diff --git a/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ebs/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/ebs/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/ebs/manifest.yml new file mode 100644 index 00000000000..730175342e8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ebs/manifest.yml @@ -0,0 +1,15 @@ +title: aws ebs metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 5m + title: aws ebs metrics + description: Collect aws ebs metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..b338e059c18 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} + - {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..99ade800a35 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/agent/stream/s3.yml.hbs @@ -0,0 +1,28 @@ +queue_url: {{queue_url}} +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..002e3d24df8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,25 @@ +--- +description: "Pipeline for EC2 logs in CloudWatch" + +processors: + - grok: + field: message + patterns: + - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{IPORHOST:aws.ec2.ip_address} %{DATA:process.name}(?:\\[%{POSINT:process.pid}\\])?: %{GREEDYDATA:message}" + + - date: + field: '_tmp.timestamp' + target_field: "@timestamp" + ignore_failure: true + formats: + - 'ISO8601' + + - remove: + field: + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/fields.yml new file mode 100644 index 00000000000..e3954f9e146 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/fields.yml @@ -0,0 +1,8 @@ +- name: aws.ec2 + type: group + release: beta + fields: + - name: ip_address + type: keyword + description: | + The internet address of the requester. diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/manifest.yml new file mode 100644 index 00000000000..a4ea2a4d9a2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-logs/manifest.yml @@ -0,0 +1,73 @@ +title: AWS ec2 logs +release: experimental +type: logs +streams: +- input: logs + template_path: log.yml.hbs + title: AWS ec2 logs (log) + description: Collect AWS ec2 logs using log input +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS ec2 logs (s3) + description: Collect AWS ec2 logs using s3 input diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..2ceb71026a9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["ec2"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/fields.yml new file mode 100644 index 00000000000..d3f84cb2b72 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/fields.yml @@ -0,0 +1,144 @@ +- name: aws.ec2 + type: group + release: ga + fields: + - name: cpu.total.pct + type: scaled_float + description: | + The percentage of allocated EC2 compute units that are currently in use on the instance. + - name: cpu.credit_usage + type: long + description: | + The number of CPU credits spent by the instance for CPU utilization. + - name: cpu.credit_balance + type: long + description: | + The number of earned CPU credits that an instance has accrued since it was launched or started. + - name: cpu.surplus_credit_balance + type: long + description: | + The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero. + - name: cpu.surplus_credits_charged + type: long + description: | + The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge. + - name: network.in.packets + type: long + description: | + The number of packets received on all network interfaces by the instance. + - name: network.in.packets_per_sec + type: long + description: | + The number of packets per second sent out on all network interfaces by the instance. + - name: network.out.packets + type: long + description: | + The number of packets sent out on all network interfaces by the instance. + - name: network.out.packets_per_sec + type: long + description: | + The number of packets per second sent out on all network interfaces by the instance. + - name: network.in.bytes + type: long + format: bytes + description: | + The number of bytes received on all network interfaces by the instance. + - name: network.in.bytes_per_sec + type: long + description: | + The number of bytes per second received on all network interfaces by the instance. + - name: network.out.bytes + type: long + format: bytes + description: | + The number of bytes sent out on all network interfaces by the instance. + - name: network.out.bytes_per_sec + type: long + description: | + The number of bytes per second sent out on all network interfaces by the instance. + - name: diskio.read.bytes + type: long + format: bytes + description: | + Bytes read from all instance store volumes available to the instance. + - name: diskio.read.bytes_per_sec + type: long + description: | + Bytes read per second from all instance store volumes available to the instance. + - name: diskio.write.bytes + type: long + format: bytes + description: | + Bytes written to all instance store volumes available to the instance. + - name: diskio.write.bytes_per_sec + type: long + description: | + Bytes written per second to all instance store volumes available to the instance. + - name: diskio.read.ops + type: long + description: | + Completed read operations from all instance store volumes available to the instance in a specified period of time. + - name: diskio.read.ops_per_sec + type: long + description: | + Completed read operations per second from all instance store volumes available to the instance in a specified period of time. + - name: diskio.write.ops + type: long + description: | + Completed write operations to all instance store volumes available to the instance in a specified period of time. + - name: diskio.write.ops_per_sec + type: long + description: | + Completed write operations per second to all instance store volumes available to the instance in a specified period of time. + - name: status.check_failed + type: long + description: | + Reports whether the instance has passed both the instance status check and the system status check in the last minute. + - name: status.check_failed_system + type: long + description: | + Reports whether the instance has passed the system status check in the last minute. + - name: status.check_failed_instance + type: long + description: | + Reports whether the instance has passed the instance status check in the last minute. + - name: instance.core.count + type: integer + description: | + The number of CPU cores for the instance. + - name: instance.image.id + type: keyword + description: | + The ID of the image used to launch the instance. + - name: instance.monitoring.state + type: keyword + description: | + Indicates whether detailed monitoring is enabled. + - name: instance.private.dns_name + type: keyword + description: | + The private DNS name of the network interface. + - name: instance.private.ip + type: ip + description: | + The private IPv4 address associated with the network interface. + - name: instance.public.dns_name + type: keyword + description: | + The public DNS name of the instance. + - name: instance.public.ip + type: ip + description: | + The address of the Elastic IP address (IPv4) bound to the network interface. + - name: instance.state.code + type: integer + description: | + The state of the instance, as a 16-bit unsigned integer. + - name: instance.state.name + type: keyword + description: | + The state of the instance (pending | running | shutting-down | terminated | stopping | stopped). + - name: instance.threads_per_core + type: integer + description: | + The number of threads per CPU core. diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/manifest.yml new file mode 100644 index 00000000000..b204128123a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/ec2-metrics/manifest.yml @@ -0,0 +1,31 @@ +title: aws ec2 metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: Organization + value: Engineering + title: aws ec2 metrics + description: Collect aws ec2 metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a5151635ea --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..99ade800a35 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/agent/stream/s3.yml.hbs @@ -0,0 +1,28 @@ +queue_url: {{queue_url}} +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..0c31f7256ff --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,208 @@ +--- +description: "Pipeline for ELB logs" + +processors: + - grok: + field: message + # Classic ELB patterns documented in https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html + # ELB v2 Application load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html + # ELB v2 Netwwork load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html + # + patterns: + # HTTP (Classic ELB) + - >- + %{ELBHTTPLOG} + + # TCP (Classic ELB) + - >- + %{ELBTCPLOG} + + # HTTP from Application Load Balancers (v2 Load Balancers) + - >- + %{ELBV2TYPE} + %{ELBHTTPLOG} + %{NOTSPACE:aws.elb.target_group.arn} + \"%{DATA:aws.elb.trace_id}\" + \"(?:-|%{DATA:destination.domain})\" + \"(?:-|%{DATA:aws.elb.chosen_cert.arn})\" + (?:-1|%{NUMBER:aws.elb.matched_rule_priority}) + %{TIMESTAMP_ISO8601:event.start} + \"(?:-|%{DATA:_tmp.actions_executed})\" + \"(?:-|%{DATA:aws.elb.redirect_url})\" + \"(?:-|%{DATA:aws.elb.error.reason})\" + + # TCP from Network Load Balancers (v2 Load Balancers) + - >- + %{ELBV2TYPE} + %{ELBV2LOGVERSION} + %{ELBTIMESTAMP} + %{ELBNAME} + %{NOTSPACE:aws.elb.listener} + %{ELBSOURCE} + %{ELBBACKEND} + %{NUMBER:aws.elb.connection_time.ms:float} + %{NUMBER:aws.elb.tls_handshake_time.ms:float} + %{NUMBER:source.bytes:long} + %{NUMBER:destination.bytes:long} + (?:-|%{NUMBER:aws.elb.incoming_tls_alert}) + (?:-|%{NOTSPACE:aws.elb.chosen_cert.arn}) + (?:-|%{NOTSPACE:aws.elb.chosen_cert.serial}) + %{ELBSSL} + (?:-|%{NOTSPACE:aws.elb.ssl_named_group}) + (?:-|%{NOTSPACE:destination.domain}) + + pattern_definitions: + ELBTIMESTAMP: '%{TIMESTAMP_ISO8601:_tmp.timestamp}' + ELBNAME: '%{NOTSPACE:aws.elb.name}' + ELBSOURCE: '%{IP:source.ip}:%{POSINT:source.port}' + ELBBACKEND: '(?:-|%{IP:aws.elb.backend.ip}:%{POSINT:aws.elb.backend.port})' + ELBPROCESSINGTIME: >- + (?:-1|%{NUMBER:aws.elb.request_processing_time.sec:float}) + (?:-1|%{NUMBER:aws.elb.backend_processing_time.sec:float}) + (?:-1|%{NUMBER:aws.elb.response_processing_time.sec:float}) + ELBSSL: >- + (?:-|%{NOTSPACE:aws.elb.ssl_cipher}) + (?:-|%{NOTSPACE:aws.elb.ssl_protocol}) + ELBCOMMON: >- + %{ELBTIMESTAMP} + %{ELBNAME} + %{ELBSOURCE} + %{ELBBACKEND} + %{ELBPROCESSINGTIME} + ELBHTTPLOG: >- + %{ELBCOMMON} + %{NUMBER:http.response.status_code:long} + (?:-|%{NUMBER:aws.elb.backend.http.response.status_code:long}) + %{NUMBER:http.request.body.bytes:long} + %{NUMBER:http.response.body.bytes:long} + \"(?:-|%{WORD:http.request.method}) (?:-|%{NOTSPACE:http.request.referrer}) (?:-|HTTP/%{NOTSPACE:http.version})\" + \"%{DATA:user_agent.original}\" + %{ELBSSL} + ELBTCPLOG: >- + %{ELBCOMMON} + - + - + %{NUMBER:source.bytes:long} + %{NUMBER:destination.bytes:long} + \"- - - \" + \"-\" + %{ELBSSL} + ELBV2TYPE: '%{WORD:aws.elb.type}' + ELBV2LOGVERSION: '%{NOTSPACE}' # Could be used to support different log versions, only 1.0 exists now + + - set: + field: event.kind + value: event + + - set: + field: cloud.provider + value: aws + + - set: + if: 'ctx.http != null' + field: 'aws.elb.protocol' + value: 'http' + + - set: + if: 'ctx.http != null' + field: event.category + value: web + + - set: + if: 'ctx.http == null' + field: 'aws.elb.protocol' + value: 'tcp' + + - set: + if: 'ctx.http == null' + field: event.category + value: network + + - set: + if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400' + field: event.outcome + value: success + + - set: + if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400' + field: event.outcome + value: failure + + - lowercase: + field: http.request.method + ignore_missing: true + + - set: + if: "ctx?.aws?.elb?.trace_id != null" + field: tracing.trace.id + value: "{{aws.elb.trace_id}}" + + - split: + field: '_tmp.actions_executed' + target_field: 'aws.elb.action_executed' + separator: ',' + ignore_missing: true + + - date: + field: '_tmp.timestamp' + formats: + - 'ISO8601' + + - set: + field: 'event.end' + value: '{{ @timestamp }}' + + - geoip: + field: 'source.ip' + target_field: 'source.geo' + ignore_missing: true + + - geoip: + database_file: 'GeoLite2-ASN.mmdb' + field: 'source.ip' + target_field: 'source.as' + properties: + - 'asn' + - 'organization_name' + ignore_missing: true + + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + + - set: + field: tls.cipher + value: '{{aws.elb.ssl_cipher}}' + if: ctx.aws?.elb?.ssl_cipher != null + + - script: + lang: painless + if: ctx.aws?.elb?.ssl_protocol != null + source: >- + def parts = ctx.aws.elb.ssl_protocol.splitOnToken("v"); + if (parts.length != 2) { + return; + } + if (parts[1].contains(".")) { + ctx.tls.version = parts[1]; + } else { + ctx.tls.version = parts[1].substring(0,1) + "." + parts[1].substring(1); + } + ctx.tls.version_protocol = parts[0].toLowerCase(); + + - remove: + field: + - message + - _tmp + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/fields.yml new file mode 100644 index 00000000000..2976bc85f02 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/fields.yml @@ -0,0 +1,99 @@ +- name: aws.elb + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The name of the load balancer. + - name: type + type: keyword + description: | + The type of the load balancer for v2 Load Balancers. + - name: target_group.arn + type: keyword + description: | + The ARN of the target group handling the request. + - name: listener + type: keyword + description: | + The ELB listener that received the connection. + - name: protocol + type: keyword + description: | + The protocol of the load balancer (http or tcp). + - name: request_processing_time.sec + type: float + description: | + The total time in seconds since the connection or request is received until it is sent to a registered backend. + - name: backend_processing_time.sec + type: float + description: | + The total time in seconds since the connection is sent to the backend till the backend starts responding. + - name: response_processing_time.sec + type: float + description: | + The total time in seconds since the response is received from the backend till it is sent to the client. + - name: connection_time.ms + type: long + description: | + The total time of the connection in milliseconds, since it is opened till it is closed. + - name: tls_handshake_time.ms + type: long + description: | + The total time for the TLS handshake to complete in milliseconds once the connection has been established. + - name: backend.ip + type: keyword + description: | + The IP address of the backend processing this connection. + - name: backend.port + type: keyword + description: | + The port in the backend processing this connection. + - name: backend.http.response.status_code + type: keyword + description: | + The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code` + - name: ssl_cipher + type: keyword + description: | + The SSL cipher used in TLS/SSL connections. + - name: ssl_protocol + type: keyword + description: | + The SSL protocol used in TLS/SSL connections. + - name: chosen_cert.arn + type: keyword + description: | + The ARN of the chosen certificate presented to the client in TLS/SSL connections. + - name: chosen_cert.serial + type: keyword + description: | + The serial number of the chosen certificate presented to the client in TLS/SSL connections. + - name: incoming_tls_alert + type: keyword + description: | + The integer value of TLS alerts received by the load balancer from the client, if present. + - name: tls_named_group + type: keyword + description: | + The TLS named group. + - name: trace_id + type: keyword + description: | + The contents of the `X-Amzn-Trace-Id` header. + - name: matched_rule_priority + type: keyword + description: | + The priority value of the rule that matched the request, if a rule matched. + - name: action_executed + type: keyword + description: | + The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values. + - name: redirect_url + type: keyword + description: | + The URL used if a redirection action was executed. + - name: error.reason + type: keyword + description: The error reason if the executed action failed. diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-logs/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/manifest.yml new file mode 100644 index 00000000000..005164354d2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-logs/manifest.yml @@ -0,0 +1,73 @@ +title: AWS elb logs +release: experimental +type: logs +streams: +- input: logs + template_path: log.yml.hbs + title: AWS elb logs (log) + description: Collect AWS elb logs using log input +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS elb logs (s3) + description: Collect AWS elb logs using s3 input diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..35c887cb450 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["elb"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/fields.yml new file mode 100644 index 00000000000..1fff50f40e9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.elb + type: group + release: ga diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/manifest.yml new file mode 100644 index 00000000000..938a74294ee --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/elb-metrics/manifest.yml @@ -0,0 +1,31 @@ +title: aws elb metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws elb metrics + description: Collect aws elb metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/lambda/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/lambda/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5e64e0cfda5 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/lambda/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["lambda"] +period: {{period}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/fields.yml new file mode 100644 index 00000000000..32c194c8c55 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.lambda + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/lambda/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/lambda/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/lambda/manifest.yml new file mode 100644 index 00000000000..dc4019f52c2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/lambda/manifest.yml @@ -0,0 +1,15 @@ +title: aws lambda metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 5m + title: aws lambda metrics + description: Collect aws lambda metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/natgateway/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/natgateway/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..24257520e49 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/natgateway/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["natgateway"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/fields.yml new file mode 100644 index 00000000000..822627db4ad --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.natgateway + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/natgateway/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/natgateway/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/natgateway/manifest.yml new file mode 100644 index 00000000000..d92be7b9152 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/natgateway/manifest.yml @@ -0,0 +1,31 @@ +title: aws natgateway metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws natgateway metrics + description: Collect aws natgateway metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/rds/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/rds/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d9b5520f25a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/rds/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["rds"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/rds/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/rds/fields/fields.yml new file mode 100644 index 00000000000..af361166af6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/rds/fields/fields.yml @@ -0,0 +1,319 @@ +- name: aws.rds + type: group + release: ga + fields: + - name: cpu.total.pct + type: scaled_float + format: percent + description: | + The percentage of CPU utilization. + - name: cpu.credit_usage + type: long + description: | + The number of CPU credits spent by the instance for CPU utilization. + - name: cpu.credit_balance + type: long + description: | + The number of earned CPU credits that an instance has accrued since it was launched or started. + - name: database_connections + type: long + description: | + The number of database connections in use. + - name: db_instance.arn + type: keyword + description: | + Amazon Resource Name(ARN) for each rds. + - name: db_instance.class + type: keyword + description: | + Contains the name of the compute and memory capacity class of the DB instance. + - name: db_instance.identifier + type: keyword + description: | + Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance. + - name: db_instance.status + type: keyword + description: | + Specifies the current state of this database. + - name: disk_queue_depth + type: float + description: | + The number of outstanding IOs (read/write requests) waiting to access the disk. + - name: failed_sql_server_agent_jobs + type: long + description: | + The number of failed SQL Server Agent jobs during the last minute. + - name: freeable_memory.bytes + type: long + format: bytes + description: | + The amount of available random access memory. + - name: free_storage.bytes + type: long + format: bytes + description: | + The amount of available storage space. + - name: maximum_used_transaction_ids + type: long + description: | + The maximum transaction ID that has been used. Applies to PostgreSQL. + - name: oldest_replication_slot_lag.mb + type: long + description: | + The lagging size of the replica lagging the most in terms of WAL data received. Applies to PostgreSQL. + - name: read_io.ops_per_sec + type: float + description: | + The average number of disk read I/O operations per second. + - name: replica_lag.sec + type: long + format: duration + description: | + The amount of time a Read Replica DB instance lags behind the source DB instance. Applies to MySQL, MariaDB, and PostgreSQL Read Replicas. + - name: swap_usage.bytes + type: long + format: bytes + description: | + The amount of swap space used on the DB instance. This metric is not available for SQL Server. + - name: transaction_logs_generation + type: long + description: | + The disk space used by transaction logs. Applies to PostgreSQL. + - name: write_io.ops_per_sec + type: float + description: | + The average number of disk write I/O operations per second. + - name: queries + type: long + description: | + The average number of queries executed per second. + - name: deadlocks + type: long + description: | + The average number of deadlocks in the database per second. + - name: volume_used.bytes + type: long + format: bytes + description: | + The amount of storage used by your Aurora DB instance, in bytes. + - name: volume.read.iops + type: long + format: bytes + description: | + The number of billed read I/O operations from a cluster volume, reported at 5-minute intervals. + - name: volume.write.iops + type: long + format: bytes + description: | + The number of write disk I/O operations to the cluster volume, reported at 5-minute intervals. + - name: free_local_storage.bytes + type: long + format: bytes + description: | + The amount of storage available for temporary tables and logs, in bytes. + - name: login_failures + type: long + description: | + The average number of failed login attempts per second. + - name: throughput.commit + type: float + description: | + The average number of commit operations per second. + - name: throughput.delete + type: float + description: | + The average number of delete queries per second. + - name: throughput.ddl + type: float + description: | + The average number of DDL requests per second. + - name: throughput.dml + type: float + description: | + The average number of inserts, updates, and deletes per second. + - name: throughput.insert + type: float + description: | + The average number of insert queries per second. + - name: throughput.network + type: float + description: | + The amount of network throughput both received from and transmitted to clients by each instance in the Aurora MySQL DB cluster, in bytes per second. + - name: throughput.network_receive + type: float + description: | + The incoming (Receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. + - name: throughput.network_transmit + type: float + description: | + The outgoing (Transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. + - name: throughput.read + type: float + description: | + The average amount of time taken per disk I/O operation. + - name: throughput.select + type: float + description: | + The average number of select queries per second. + - name: throughput.update + type: float + description: | + The average number of update queries per second. + - name: throughput.write + type: float + description: | + The average number of bytes written to disk per second. + - name: latency.commit + type: float + format: duration + description: | + The amount of latency for commit operations, in milliseconds. + - name: latency.ddl + type: float + format: duration + description: | + The amount of latency for data definition language (DDL) requests, in milliseconds. + - name: latency.dml + type: float + format: duration + description: | + The amount of latency for inserts, updates, and deletes, in milliseconds. + - name: latency.insert + type: float + format: duration + description: | + The amount of latency for insert queries, in milliseconds. + - name: latency.read + type: float + format: duration + description: | + The average amount of time taken per disk I/O operation. + - name: latency.select + type: float + format: duration + description: | + The amount of latency for select queries, in milliseconds. + - name: latency.update + type: float + format: duration + description: | + The amount of latency for update queries, in milliseconds. + - name: latency.write + type: float + format: duration + description: | + The average amount of time taken per disk I/O operation. + - name: latency.delete + type: float + format: duration + description: | + The amount of latency for delete queries, in milliseconds. + - name: disk_usage.bin_log.bytes + type: long + format: bytes + description: | + The amount of disk space occupied by binary logs on the master. Applies to MySQL read replicas. + - name: disk_usage.replication_slot.mb + type: long + description: | + The disk space used by replication slot files. Applies to PostgreSQL. + - name: disk_usage.transaction_logs.mb + type: long + description: | + The disk space used by transaction logs. Applies to PostgreSQL. + - name: transactions.active + type: long + description: | + The average number of current transactions executing on an Aurora database instance per second. + - name: transactions.blocked + type: long + description: | + The average number of transactions in the database that are blocked per second. + - name: db_instance.db_cluster_identifier + type: keyword + description: | + This identifier is the unique key that identifies a DB cluster specifically for Amazon Aurora DB cluster. + - name: db_instance.role + type: keyword + description: | + DB roles like WRITER or READER, specifically for Amazon Aurora DB cluster. + - name: db_instance.engine_name + type: keyword + description: | + Each DB instance runs a DB engine, like MySQL, MariaDB, PostgreSQL and etc. + - name: aurora_bin_log_replica_lag + type: long + description: | + The amount of time a replica DB cluster running on Aurora with MySQL compatibility lags behind the source DB cluster. + - name: aurora_global_db.replicated_write_io.bytes + type: long + description: | + In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region. + - name: aurora_global_db.data_transfer.bytes + type: long + description: | + In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region. + - name: aurora_global_db.replication_lag.ms + type: long + description: | + For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds. + - name: aurora_replica.lag.ms + type: long + description: | + For an Aurora Replica, the amount of lag when replicating updates from the primary instance, in milliseconds. + - name: aurora_replica.lag_max.ms + type: long + description: | + The maximum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. + - name: aurora_replica.lag_min.ms + type: long + description: | + The minimum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. + - name: backtrack_change_records.creation_rate + type: long + description: | + The number of backtrack change records created over five minutes for your DB cluster. + - name: backtrack_change_records.stored + type: long + description: | + The actual number of backtrack change records used by your DB cluster. + - name: backtrack_window.actual + type: long + description: | + The difference between the target backtrack window and the actual backtrack window. + - name: backtrack_window.alert + type: long + description: | + The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time. + - name: storage_used.backup_retention_period.bytes + type: long + description: | + The total amount of backup storage in bytes used to support the point-in-time restore feature within the Aurora DB cluster's backup retention window. + - name: storage_used.snapshot.bytes + type: long + description: | + The total amount of backup storage in bytes consumed by all Aurora snapshots for an Aurora DB cluster outside its backup retention window. + - name: cache_hit_ratio.buffer + type: long + description: | + The percentage of requests that are served by the buffer cache. + - name: cache_hit_ratio.result_set + type: long + description: | + The percentage of requests that are served by the Resultset cache. + - name: engine_uptime.sec + type: long + description: | + The amount of time that the instance has been running, in seconds. + - name: rds_to_aurora_postgresql_replica_lag.sec + type: long + description: | + The amount of lag in seconds when replicating updates from the primary RDS PostgreSQL instance to other nodes in the cluster. + - name: backup_storage_billed_total.bytes + type: long + description: | + The total amount of backup storage in bytes for which you are billed for a given Aurora DB cluster. + - name: aurora_volume_left_total.bytes + type: long + description: | + The remaining available space for the cluster volume, measured in bytes. diff --git a/dev/packages/beats/aws/0.0.1/dataset/rds/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/rds/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/rds/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/rds/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/rds/manifest.yml new file mode 100644 index 00000000000..0402132e697 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/rds/manifest.yml @@ -0,0 +1,31 @@ +title: aws rds metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws rds metrics + description: Collect aws rds metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ea55c2ad80d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/agent/stream/stream.yml.hbs @@ -0,0 +1,11 @@ +metricsets: ["s3_daily_storage"] +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +period: {{period}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/fields.yml new file mode 100644 index 00000000000..cfeac286146 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/fields.yml @@ -0,0 +1,13 @@ +- name: aws.s3_daily_storage + type: group + release: ga + fields: + - name: bucket.size.bytes + type: long + format: bytes + description: | + The amount of data in bytes stored in a bucket. + - name: number_of_objects + type: long + description: | + The total number of objects stored in a bucket for all storage classes. diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/manifest.yml new file mode 100644 index 00000000000..851fc7e7e1c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_daily_storage/manifest.yml @@ -0,0 +1,36 @@ +title: aws s3_daily_storage metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: true + show_user: true + default: ${AWS_ACCESS_KEY_ID:""} + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 86400s + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: true + show_user: true + default: ${AWS_SECRET_ACCESS_KEY:""} + - name: session_token + type: text + title: Session Token + multi: false + required: true + show_user: true + default: ${AWS_SESSION_TOKEN:""} + title: aws s3_daily_storage metrics + description: Collect aws s3_daily_storage metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_request/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/s3_request/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..80fa801105a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_request/agent/stream/stream.yml.hbs @@ -0,0 +1,11 @@ +metricsets: ["s3_request"] +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +period: {{period}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/fields.yml new file mode 100644 index 00000000000..bd936ff67e2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/fields.yml @@ -0,0 +1,74 @@ +- name: aws.s3_request + type: group + release: ga + fields: + - name: requests.total + type: long + description: | + The total number of HTTP requests made to an Amazon S3 bucket, regardless of type. + - name: requests.get + type: long + description: | + The number of HTTP GET requests made for objects in an Amazon S3 bucket. + - name: requests.put + type: long + description: | + The number of HTTP PUT requests made for objects in an Amazon S3 bucket. + - name: requests.delete + type: long + description: | + The number of HTTP DELETE requests made for objects in an Amazon S3 bucket. + - name: requests.head + type: long + description: | + The number of HTTP HEAD requests made to an Amazon S3 bucket. + - name: requests.post + type: long + description: | + The number of HTTP POST requests made to an Amazon S3 bucket. + - name: requests.select + type: long + description: | + The number of Amazon S3 SELECT Object Content requests made for objects in an Amazon S3 bucket. + - name: requests.select_scanned.bytes + type: long + format: bytes + description: | + The number of bytes of data scanned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. + - name: requests.select_returned.bytes + type: long + format: bytes + description: | + The number of bytes of data returned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. + - name: requests.list + type: long + description: | + The number of HTTP requests that list the contents of a bucket. + - name: downloaded.bytes + type: long + format: bytes + description: | + The number bytes downloaded for requests made to an Amazon S3 bucket, where the response includes a body. + - name: uploaded.bytes + type: long + format: bytes + description: | + The number bytes uploaded that contain a request body, made to an Amazon S3 bucket. + - name: errors.4xx + type: long + description: | + The number of HTTP 4xx client error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. + - name: errors.5xx + type: long + description: | + The number of HTTP 5xx server error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. + - name: latency.first_byte.ms + type: long + format: duration + description: | + The per-request time from the complete request being received by an Amazon S3 bucket to when the response starts to be returned. + - name: latency.total_request.ms + type: long + format: duration + description: | + The elapsed per-request time from the first byte received to the last byte sent to an Amazon S3 bucket. diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_request/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3_request/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/s3_request/manifest.yml new file mode 100644 index 00000000000..2a8b4813d8f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3_request/manifest.yml @@ -0,0 +1,36 @@ +title: aws s3_request metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: true + show_user: true + default: ${AWS_ACCESS_KEY_ID:""} + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 86400s + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: true + show_user: true + default: ${AWS_SECRET_ACCESS_KEY:""} + - name: session_token + type: text + title: Session Token + multi: false + required: true + show_user: true + default: ${AWS_SESSION_TOKEN:""} + title: aws s3_request metrics + description: Collect aws s3_request metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a5151635ea --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..99ade800a35 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/agent/stream/s3.yml.hbs @@ -0,0 +1,28 @@ +queue_url: {{queue_url}} +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/s3access/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f346b427c0b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,150 @@ +--- +description: "Pipeline for s3 server access logs" + +processors: + - grok: + field: message + patterns: + - >- + %{BASE16NUM:aws.s3access.bucket_owner} %{HOSTNAME:aws.s3access.bucket} \[%{HTTPDATE:_temp_.s3access_time}\] + %{IP:aws.s3access.remote_ip} (?:-|%{S3REQUESTER:aws.s3access.requester}) %{S3REQUESTID:aws.s3access.request_id} + %{S3OPERATION:aws.s3access.operation} (?:-|%{S3KEY:aws.s3access.key}) (?:-|\"%{DATA:aws.s3access.request_uri}\") + %{NUMBER:aws.s3access.http_status:long} (?:-|%{WORD:aws.s3access.error_code}) (?:-|%{NUMBER:aws.s3access.bytes_sent:long}) + (?:-|%{NUMBER:aws.s3access.object_size:long}) (?:-|%{NUMBER:aws.s3access.total_time:long}) (?:-|%{NUMBER:aws.s3access.turn_around_time:long}) + (?:-|\"-\"|\"%{DATA:aws.s3access.referrer}\") (?:-|\"(-|%{DATA:aws.s3access.user_agent})\") (?:-|%{S3KEY:aws.s3access.version_id}) + (?:-|%{S3ID:aws.s3access.host_id}) (?:-|%{S3VERSION:aws.s3access.signature_version}) (?:-|%{S3KEY:aws.s3access.cipher_suite}) + (?:-|%{WORD:aws.s3access.authentication_type}) (?:-|%{S3ID:aws.s3access.host_header}) (?:-|%{S3VERSION:aws.s3access.tls_version}) + pattern_definitions: + S3REQUESTER: "[a-zA-Z0-9\\/_\\.\\-%:@]+" + S3REQUESTID: "[a-zA-Z0-9]+" + S3OPERATION: "%{WORD}.%{WORD}.%{WORD}" + S3KEY: "[a-zA-Z0-9\\/_\\.\\-%+]+" + S3ID: "[a-zA-Z0-9\\/_\\.\\-%+=]+" + S3VERSION: "[a-zA-Z0-9.]+" + + - append: + if: "ctx?.aws?.s3access?.bucket_owner != null" + field: related.user + value: "{{aws.s3access.bucket_owner}}" + + # + # Parse the date included in s3 access logs + # + - date: + field: "_temp_.s3access_time" + target_field: "@timestamp" + ignore_failure: true + formats: + - "dd/MMM/yyyy:H:m:s Z" + + - set: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: client.ip + value: "{{aws.s3access.remote_ip}}" + + - append: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: related.ip + value: "{{aws.s3access.remote_ip}}" + + - set: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: client.address + value: "{{aws.s3access.remote_ip}}" + + - geoip: + if: "ctx?.aws?.s3access?.remote_ip != null" + field: aws.s3access.remote_ip + target_field: geo + + - set: + if: "ctx?.aws?.s3access?.requester != null" + field: client.user.id + value: "{{aws.s3access.requester}}" + + - set: + if: "ctx?.aws?.s3access?.request_id != null" + field: event.id + value: "{{aws.s3access.request_id}}" + + - set: + if: "ctx?.aws?.s3access?.operation != null" + field: event.action + value: "{{aws.s3access.operation}}" + + - set: + if: "ctx?.aws?.s3access?.http_status != null" + field: http.response.status_code + value: "{{aws.s3access.http_status}}" + + - convert: + if: "ctx?.http?.response?.status_code != null" + field: http.response.status_code + type: long + + - set: + if: "ctx?.aws?.s3access?.error_code != null" + field: event.outcome + value: failure + + - set: + if: "ctx?.aws?.s3access?.error_code != null" + field: event.code + value: "{{aws.s3access.error_code}}" + + - set: + if: "ctx?.aws?.s3access?.error_code == null" + field: event.outcome + value: success + + - set: + if: "ctx?.aws?.s3access?.total_time != null" + field: event.duration + value: "{{aws.s3access.total_time}}" + + - set: + if: "ctx?.aws?.s3access?.referrer != null" + field: http.request.referrer + value: "{{aws.s3access.referrer}}" + + - user_agent: + if: "ctx?.aws?.s3access?.user_agent != null" + field: aws.s3access.user_agent + + - set: + field: tls.cipher + value: '{{aws.s3access.cipher_suite}}' + if: ctx.aws?.s3access?.cipher_suite != null + + - script: + lang: painless + if: ctx.aws?.s3access?.tls_version != null + source: >- + def parts = ctx.aws.s3access.tls_version.toLowerCase().splitOnToken("v"); + if (parts.length != 2) { + return; + } + ctx.tls.version = parts[1]; + ctx.tls.version_protocol = parts[0] + + - set: + field: cloud.provider + value: aws + + - set: + field: event.kind + value: event + + # + # Remove temporary fields + # + - remove: + field: + - message + - _temp_ + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/fields.yml new file mode 100644 index 00000000000..a201fc06e83 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/fields.yml @@ -0,0 +1,96 @@ +- name: aws.s3access + type: group + release: ga + fields: + - name: bucket_owner + type: keyword + description: | + The canonical user ID of the owner of the source bucket. + - name: bucket + type: keyword + description: | + The name of the bucket that the request was processed against. + - name: remote_ip + type: ip + description: | + The apparent internet address of the requester. + - name: requester + type: keyword + description: | + The canonical user ID of the requester, or a - for unauthenticated requests. + - name: request_id + type: keyword + description: | + A string generated by Amazon S3 to uniquely identify each request. + - name: operation + type: keyword + description: | + The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT. + - name: key + type: keyword + description: | + The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. + - name: request_uri + type: keyword + description: | + The Request-URI part of the HTTP request message. + - name: http_status + type: long + description: | + The numeric HTTP status code of the response. + - name: error_code + type: keyword + description: | + The Amazon S3 Error Code, or "-" if no error occurred. + - name: bytes_sent + type: long + description: | + The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. + - name: object_size + type: long + description: | + The total size of the object in question. + - name: total_time + type: long + description: | + The number of milliseconds the request was in flight from the server's perspective. + - name: turn_around_time + type: long + description: | + The number of milliseconds that Amazon S3 spent processing your request. + - name: referrer + type: keyword + description: | + The value of the HTTP Referrer header, if present. + - name: user_agent + type: keyword + description: | + The value of the HTTP User-Agent header. + - name: version_id + type: keyword + description: | + The version ID in the request, or "-" if the operation does not take a versionId parameter. + - name: host_id + type: keyword + description: | + The x-amz-id-2 or Amazon S3 extended request ID. + - name: signature_version + type: keyword + description: | + The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests. + - name: cipher_suite + type: keyword + description: | + The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP. + - name: authentication_type + type: keyword + description: | + The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests. + - name: host_header + type: keyword + description: | + The endpoint used to connect to Amazon S3. + - name: tls_version + type: keyword + description: | + The Transport Layer Security (TLS) version negotiated by the client. diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/s3access/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/s3access/manifest.yml new file mode 100644 index 00000000000..608aadf18d2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/s3access/manifest.yml @@ -0,0 +1,73 @@ +title: AWS s3access logs +release: experimental +type: logs +streams: +- input: logs + template_path: log.yml.hbs + title: AWS s3access logs (log) + description: Collect AWS s3access logs using log input +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS s3access logs (s3) + description: Collect AWS s3access logs using s3 input diff --git a/dev/packages/beats/aws/0.0.1/dataset/sns/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/sns/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f4aad6dc5f8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sns/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["sns"] +period: {{period}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/sns/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/sns/fields/fields.yml new file mode 100644 index 00000000000..52be1790528 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sns/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.sns + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/sns/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/sns/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sns/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/sns/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/sns/manifest.yml new file mode 100644 index 00000000000..5509ce6be11 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sns/manifest.yml @@ -0,0 +1,15 @@ +title: aws sns metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 5m + title: aws sns metrics + description: Collect aws sns metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/sqs/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/sqs/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..69659b7bb9f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sqs/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["sqs"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if regions}} +regions: {{regions}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/fields.yml new file mode 100644 index 00000000000..13aa0cec9cc --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/fields.yml @@ -0,0 +1,46 @@ +- name: aws.sqs + type: group + release: ga + fields: + - name: oldest_message_age.sec + type: long + format: duration + description: | + The approximate age of the oldest non-deleted message in the queue. + - name: messages.delayed + type: long + description: | + TThe number of messages in the queue that are delayed and not available for reading immediately. + - name: messages.not_visible + type: long + description: | + The number of messages that are in flight. + - name: messages.visible + type: long + description: | + The number of messages available for retrieval from the queue. + - name: messages.deleted + type: long + description: | + The number of messages deleted from the queue. + - name: messages.received + type: long + description: | + The number of messages returned by calls to the ReceiveMessage action. + - name: messages.sent + type: long + description: | + The number of messages added to a queue. + - name: empty_receives + type: long + description: | + The number of ReceiveMessage API calls that did not return a message. + - name: sent_message_size.bytes + type: long + format: bytes + description: | + The size of messages added to a queue. + - name: queue.name + type: keyword + description: | + SQS queue name diff --git a/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sqs/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/sqs/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/sqs/manifest.yml new file mode 100644 index 00000000000..3e3d13396be --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/sqs/manifest.yml @@ -0,0 +1,30 @@ +title: aws sqs metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + - name: regions + type: text + title: Regions + multi: true + required: true + show_user: true + default: + - us-west-1 + title: aws sqs metrics + description: Collect aws sqs metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/transitgateway/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5e3a0516fc1 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["transitgateway"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/fields.yml new file mode 100644 index 00000000000..c0932cfeec2 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.transitgateway + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/transitgateway/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/manifest.yml new file mode 100644 index 00000000000..d15554fd85a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/transitgateway/manifest.yml @@ -0,0 +1,31 @@ +title: aws transitgateway metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws transitgateway metrics + description: Collect aws transitgateway metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/usage/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/usage/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0602cd120e6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/usage/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["usage"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/usage/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/usage/fields/fields.yml new file mode 100644 index 00000000000..6386cb72c17 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/usage/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.usage + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/usage/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/usage/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/usage/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/usage/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/usage/manifest.yml new file mode 100644 index 00000000000..903b9589bd1 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/usage/manifest.yml @@ -0,0 +1,31 @@ +title: aws usage metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws usage metrics + description: Collect aws usage metrics diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..68c15055467 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs @@ -0,0 +1,109 @@ +paths: + {{#each paths as |path i|}} + - {{path}} + {{/each}} +exclude_files: [".gz$"] +processors: + - drop_event: + when.regexp.message: "^version" + - drop_event: + when.regexp.message: "^instance-id" + - script: + lang: javascript + source: > + function process(event) { + var message = event.Get("message"); + var tokens = message.split(" ").length; + event.Put("@metadata.message_token_count", tokens); + } + # Default vpc flow log format + - dissect: + when: + equals: + '@metadata.message_token_count': 14 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{account_id} %{interface_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{packets} %{bytes} %{start} %{end} %{action} %{log_status}' + # Custom flow log for traffic through a NAT gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 6 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{instance_id} %{interface_id} %{srcaddr} %{dstaddr} %{pkt_srcaddr} %{pkt_dstaddr}' + # Custom flow log for traffic through a transit gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 17 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{interface_id} %{account_id} %{vpc_id} %{subnet_id} %{instance_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{tcp_flags} %{type} %{pkt_srcaddr} %{pkt_dstaddr} %{action} %{log_status}' + # TCP Flag Sequence + - dissect: + when: + equals: + '@metadata.message_token_count': 21 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{vpc_id} %{subnet_id} %{instance_id} %{interface_id} %{account_id} %{type} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{pkt_srcaddr} %{pkt_dstaddr} %{protocol} %{bytes} %{packets} %{start} %{end} %{action} %{tcp_flags} %{log_status}' + - convert: + ignore_missing: true + fields: + - {from: aws.vpcflow.srcaddr, to: source.address} + - {from: aws.vpcflow.srcaddr, to: source.ip, type: ip} + - {from: aws.vpcflow.srcport, to: source.port, type: long} + - {from: aws.vpcflow.dstaddr, to: destination.address} + - {from: aws.vpcflow.dstaddr, to: destination.ip, type: ip} + - {from: aws.vpcflow.dstport, to: destination.port, type: long} + - {from: aws.vpcflow.protocol, to: network.iana_number, type: string} + - {from: aws.vpcflow.packets, to: source.packets, type: long} + - {from: aws.vpcflow.bytes, to: source.bytes, type: long} + - {from: aws.vpcflow.packets, to: network.packets, type: long} + - {from: aws.vpcflow.bytes, to: network.bytes, type: long} + - drop_fields: + fields: ["aws.vpcflow.srcaddr", "aws.vpcflow.srcport", "aws.vpcflow.dstaddr", "aws.vpcflow.dstport", "aws.vpcflow.bytes", "aws.vpcflow.packets", "aws.vpcflow.protocol"] + - community_id: ~ + # Use the aws.vpcflow.action value to set the event.outcome value to either "allow" or "deny". + - add_fields: + when.equals.aws.vpcflow.action: ACCEPT + target: event + fields: {outcome: allow} + - add_fields: + when.equals.aws.vpcflow.action: REJECT + target: event + fields: {outcome: deny} + - add_fields: + target: event + fields: {type: flow} + - add_fields: + target: event + fields: {category: network_traffic} + # Add network.type: ipv4 or ipv6 + - if: + contains.source.ip: "." + then: + - add_fields: + target: network + fields: {type: ipv4} + - if: + contains.source.ip: ":" + then: + - add_fields: + target: network + fields: {type: ipv6} + # Add network.transport: based on IANA protocol number of the traffic + # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml + - if: + equals.network.iana_number: "6" + then: + - add_fields: + target: network + fields: {transport: tcp} + - if: + equals.network.iana_number: "17" + then: + - add_fields: + target: network + fields: {transport: udp} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/s3.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/s3.yml.hbs new file mode 100644 index 00000000000..fb85a442e22 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/agent/stream/s3.yml.hbs @@ -0,0 +1,132 @@ +queue_url: {{queue_url}} +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} +processors: + - drop_event: + when.regexp.message: "^version" + - drop_event: + when.regexp.message: "^instance-id" + - script: + lang: javascript + source: > + function process(event) { + var message = event.Get("message"); + var tokens = message.split(" ").length; + event.Put("@metadata.message_token_count", tokens); + } + # Default vpc flow log format + - dissect: + when: + equals: + '@metadata.message_token_count': 14 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{account_id} %{interface_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{packets} %{bytes} %{start} %{end} %{action} %{log_status}' + # Custom flow log for traffic through a NAT gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 6 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{instance_id} %{interface_id} %{srcaddr} %{dstaddr} %{pkt_srcaddr} %{pkt_dstaddr}' + # Custom flow log for traffic through a transit gateway + - dissect: + when: + equals: + '@metadata.message_token_count': 17 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{interface_id} %{account_id} %{vpc_id} %{subnet_id} %{instance_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{tcp_flags} %{type} %{pkt_srcaddr} %{pkt_dstaddr} %{action} %{log_status}' + # TCP Flag Sequence + - dissect: + when: + equals: + '@metadata.message_token_count': 21 + field: message + target_prefix: aws.vpcflow + tokenizer: '%{version} %{vpc_id} %{subnet_id} %{instance_id} %{interface_id} %{account_id} %{type} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{pkt_srcaddr} %{pkt_dstaddr} %{protocol} %{bytes} %{packets} %{start} %{end} %{action} %{tcp_flags} %{log_status}' + - convert: + ignore_missing: true + fields: + - {from: aws.vpcflow.srcaddr, to: source.address} + - {from: aws.vpcflow.srcaddr, to: source.ip, type: ip} + - {from: aws.vpcflow.srcport, to: source.port, type: long} + - {from: aws.vpcflow.dstaddr, to: destination.address} + - {from: aws.vpcflow.dstaddr, to: destination.ip, type: ip} + - {from: aws.vpcflow.dstport, to: destination.port, type: long} + - {from: aws.vpcflow.protocol, to: network.iana_number, type: string} + - {from: aws.vpcflow.packets, to: source.packets, type: long} + - {from: aws.vpcflow.bytes, to: source.bytes, type: long} + - {from: aws.vpcflow.packets, to: network.packets, type: long} + - {from: aws.vpcflow.bytes, to: network.bytes, type: long} + - drop_fields: + fields: ["aws.vpcflow.srcaddr", "aws.vpcflow.srcport", "aws.vpcflow.dstaddr", "aws.vpcflow.dstport", "aws.vpcflow.bytes", "aws.vpcflow.packets", "aws.vpcflow.protocol"] + - community_id: ~ + # Use the aws.vpcflow.action value to set the event.outcome value to either "allow" or "deny". + - add_fields: + when.equals.aws.vpcflow.action: ACCEPT + target: event + fields: {outcome: allow} + - add_fields: + when.equals.aws.vpcflow.action: REJECT + target: event + fields: {outcome: deny} + - add_fields: + target: event + fields: {type: flow} + - add_fields: + target: event + fields: {category: network_traffic} + # Add network.type: ipv4 or ipv6 + - if: + contains.source.ip: "." + then: + - add_fields: + target: network + fields: {type: ipv4} + - if: + contains.source.ip: ":" + then: + - add_fields: + target: network + fields: {type: ipv6} + # Add network.transport: based on IANA protocol number of the traffic + # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml + - if: + equals.network.iana_number: "6" + then: + - add_fields: + target: network + fields: {transport: tcp} + - if: + equals.network.iana_number: "17" + then: + - add_fields: + target: network + fields: {transport: udp} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..1ea0a4484e3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,104 @@ +--- +description: Pipeline for AWS VPC Flow Logs + +processors: + # Convert Unix epoch to timestamp + - date: + field: "aws.vpcflow.end" + target_field: "@timestamp" + ignore_failure: true + formats: + - UNIX + - date: + field: "aws.vpcflow.start" + target_field: "event.start" + ignore_failure: true + formats: + - UNIX + - date: + field: "aws.vpcflow.end" + target_field: "event.end" + ignore_failure: true + formats: + - UNIX + - remove: + field: ["aws.vpcflow.start", "aws.vpcflow.end"] + ignore_missing: true + + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - rename: + field: message + target_field: event.original + ignore_missing: true + + # Generate related.ip field + - append: + if: ctx.source?.ip != null && ctx.destination?.ip != null + field: related.ip + value: ["{{source.ip}}", "{{destination.ip}}"] + + - set: + field: cloud.provider + value: aws + + - set: + if: "ctx?.aws?.vpcflow?.account_id != null" + field: cloud.account.id + value: "{{aws.vpcflow.account_id}}" + + - set: + if: "ctx?.aws?.vpcflow?.instance_id != null && ctx.aws.vpcflow.instance_id != '-'" + field: cloud.instance.id + value: "{{aws.vpcflow.instance_id}}" + + - set: + field: event.kind + value: event + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/fields.yml new file mode 100644 index 00000000000..7ef4243d52a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/fields.yml @@ -0,0 +1,52 @@ +- name: aws.vpcflow + type: group + release: beta + fields: + - name: version + type: keyword + description: | + The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3. + - name: account_id + type: keyword + description: | + The AWS account ID for the flow log. + - name: interface_id + type: keyword + description: | + The ID of the network interface for which the traffic is recorded. + - name: action + type: keyword + description: | + The action that is associated with the traffic, ACCEPT or REJECT. + - name: log_status + type: keyword + description: | + The logging status of the flow log, OK, NODATA or SKIPDATA. + - name: instance_id + type: keyword + description: | + The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. + - name: pkt_srcaddr + type: ip + description: | + The packet-level (original) source IP address of the traffic. + - name: pkt_dstaddr + type: ip + description: | + The packet-level (original) destination IP address for the traffic. + - name: vpc_id + type: keyword + description: | + The ID of the VPC that contains the network interface for which the traffic is recorded. + - name: subnet_id + type: keyword + description: | + The ID of the subnet that contains the network interface for which the traffic is recorded. + - name: tcp_flags + type: keyword + description: | + The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST + - name: type + type: keyword + description: | + The type of traffic: IPv4, IPv6, or EFA. diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/package-fields.yml new file mode 100644 index 00000000000..7f6b7c89946 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: aws + type: group diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpcflow/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/manifest.yml new file mode 100644 index 00000000000..abe68f71cf4 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpcflow/manifest.yml @@ -0,0 +1,73 @@ +title: AWS vpcflow logs +release: experimental +type: logs +streams: +- input: s3 + vars: + - name: queue_url + type: text + title: Queue Url + multi: false + required: false + show_user: true + - name: shared_credential_file + type: text + title: Shared Credential File + multi: false + required: false + show_user: true + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: false + show_user: true + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: true + - name: api_timeout + type: text + title: Api Timeout + multi: false + required: false + show_user: true + - name: endpoint + type: text + title: Endpoint + multi: false + required: false + show_user: true + - name: access_key_id + type: text + title: Access Key Id + multi: false + required: false + show_user: true + - name: secret_access_key + type: text + title: Secret Access Key + multi: false + required: false + show_user: true + - name: session_token + type: text + title: Session Token + multi: false + required: false + show_user: true + - name: role_arn + type: text + title: Role Arn + multi: false + required: false + show_user: true + template_path: s3.yml.hbs + title: AWS vpcflow logs (s3) + description: Collect AWS vpcflow logs using s3 input +- input: logs + template_path: log.yml.hbs + title: AWS vpcflow logs (log) + description: Collect AWS vpcflow logs using log input diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpn/agent/stream/stream.yml.hbs b/dev/packages/beats/aws/0.0.1/dataset/vpn/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1d829aa8024 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpn/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["vpn"] +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +period: {{period}} +{{#if tags_filter}} +tags_filter: {{tags_filter}} +{{/if}} diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/fields.yml b/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/fields.yml new file mode 100644 index 00000000000..0e479a144d7 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/fields.yml @@ -0,0 +1,3 @@ +- name: aws.vpn + type: group + release: beta diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/package-fields.yml b/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/package-fields.yml new file mode 100644 index 00000000000..3b28ce140f6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpn/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: cloud.account.name + type: keyword + description: | + The cloud account name or alias used to identify different entities in a multi-tenant environment. +- name: aws + type: group + fields: + - name: tags.* + type: object + description: | + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: | + Name of a S3 bucket. + - name: dimensions.* + type: object + description: | + Metric dimensions. + - name: '*.metrics.*.*' + type: object + description: | + Metrics that returned from Cloudwatch API query. diff --git a/dev/packages/beats/aws/0.0.1/dataset/vpn/manifest.yml b/dev/packages/beats/aws/0.0.1/dataset/vpn/manifest.yml new file mode 100644 index 00000000000..f350f28abb5 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/dataset/vpn/manifest.yml @@ -0,0 +1,31 @@ +title: aws vpn metrics +release: experimental +type: metrics +streams: +- input: aws/metrics + vars: + - name: credential_profile_name + type: text + title: Credential Profile Name + multi: false + required: true + show_user: true + default: test-mb + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: tags_filter + type: yaml + title: Tags Filter + multi: false + required: true + show_user: true + default: | + - key: dept + value: eng + title: aws vpn metrics + description: Collect aws vpn metrics diff --git a/dev/packages/beats/aws/0.0.1/docs/README.md b/dev/packages/beats/aws/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/img/filebeat-aws-cloudtrail.png b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-cloudtrail.png new file mode 100644 index 00000000000..5ec69e272be Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-cloudtrail.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/filebeat-aws-elb-overview.png b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-elb-overview.png new file mode 100644 index 00000000000..6b0cc1b74bc Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-elb-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/filebeat-aws-s3access-overview.png b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-s3access-overview.png new file mode 100644 index 00000000000..a6b762aacaf Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-s3access-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/filebeat-aws-vpcflow-overview.png b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-vpcflow-overview.png new file mode 100644 index 00000000000..d0524b898ac Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/filebeat-aws-vpcflow-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/logo_aws.svg b/dev/packages/beats/aws/0.0.1/img/logo_aws.svg new file mode 100644 index 00000000000..f6ac6f71962 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/img/logo_aws.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-billing-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-billing-overview.png new file mode 100644 index 00000000000..9544b1fa8a8 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-billing-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-dynamodb-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-dynamodb-overview.png new file mode 100644 index 00000000000..386c960f22b Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-dynamodb-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ebs-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ebs-overview.png new file mode 100644 index 00000000000..48d09ae90d1 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ebs-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ec2-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ec2-overview.png new file mode 100644 index 00000000000..f9b2d621f4f Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-ec2-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-elb-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-elb-overview.png new file mode 100644 index 00000000000..37eecc1bd09 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-elb-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-lambda-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-lambda-overview.png new file mode 100644 index 00000000000..84a228b51e3 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-lambda-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-overview.png new file mode 100644 index 00000000000..7f93b5d99db Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-rds-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-rds-overview.png new file mode 100644 index 00000000000..d44b0215884 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-rds-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-s3-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-s3-overview.png new file mode 100644 index 00000000000..f64b8606e32 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-s3-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sns-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sns-overview.png new file mode 100644 index 00000000000..29df3a010d9 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sns-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sqs-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sqs-overview.png new file mode 100644 index 00000000000..c45a261f782 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-sqs-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-usage-overview.png b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-usage-overview.png new file mode 100644 index 00000000000..3c4e67f4930 Binary files /dev/null and b/dev/packages/beats/aws/0.0.1/img/metricbeat-aws-usage-overview.png differ diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..dede7e5ea32 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,217 @@ +{ + "attributes": { + "description": "Overview of AWS Transit Gateway Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "filters" + }, + "gridData": { + "h": 5, + "i": "af1453d8-04d3-4b44-a3b0-138111255a23", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "af1453d8-04d3-4b44-a3b0-138111255a23", + "panelRefName": "panel_0", + "title": "filters", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes In" + }, + "gridData": { + "h": 12, + "i": "14555108-559d-4c07-b240-6e6b14254f16", + "w": 24, + "x": 0, + "y": 5 + }, + "panelIndex": "14555108-559d-4c07-b240-6e6b14254f16", + "panelRefName": "panel_1", + "title": "Bytes In", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets In" + }, + "gridData": { + "h": 12, + "i": "9c605367-60e3-4e9c-8036-a6191dbafe4a", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "9c605367-60e3-4e9c-8036-a6191dbafe4a", + "panelRefName": "panel_2", + "title": "Packets In", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes Out" + }, + "gridData": { + "h": 12, + "i": "271558e6-b208-4e2c-abfb-0a6b2dbb0c66", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "271558e6-b208-4e2c-abfb-0a6b2dbb0c66", + "panelRefName": "panel_3", + "title": "Bytes Out", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Out" + }, + "gridData": { + "h": 12, + "i": "41002ab1-845b-469e-9283-8a46a90e4662", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "41002ab1-845b-469e-9283-8a46a90e4662", + "panelRefName": "panel_4", + "title": "Packets Out", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes Dropped - no route" + }, + "gridData": { + "h": 12, + "i": "b141f90b-739e-46f3-83c9-9c4661183837", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "b141f90b-739e-46f3-83c9-9c4661183837", + "panelRefName": "panel_5", + "title": "Bytes Dropped - no route", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Dropped - no route" + }, + "gridData": { + "h": 12, + "i": "c6a76f92-248b-4cae-a03f-7d34d58098ae", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "c6a76f92-248b-4cae-a03f-7d34d58098ae", + "panelRefName": "panel_6", + "title": "Packets Dropped - no route", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes Dropped - black hole" + }, + "gridData": { + "h": 12, + "i": "1d08d3b8-3bd7-4f90-854d-be08cb119273", + "w": 24, + "x": 0, + "y": 41 + }, + "panelIndex": "1d08d3b8-3bd7-4f90-854d-be08cb119273", + "panelRefName": "panel_7", + "title": "Bytes Dropped - black hole", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Dropped - black hole" + }, + "gridData": { + "h": 12, + "i": "40e82e50-b30c-40eb-bbee-9bbfc3d3311f", + "w": 24, + "x": 24, + "y": 41 + }, + "panelIndex": "40e82e50-b30c-40eb-bbee-9bbfc3d3311f", + "panelRefName": "panel_8", + "title": "Packets Dropped - black hole", + "version": "7.6.1" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] TransitGateway Overview", + "version": 1 + }, + "id": "0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "415fed40-694f-11ea-b0ac-95d4ecb1fecd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cd6419c0-6949-11ea-b0ac-95d4ecb1fecd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "0a36b590-694c-11ea-b0ac-95d4ecb1fecd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "10e0f270-694c-11ea-b0ac-95d4ecb1fecd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "01ed5990-694a-11ea-b0ac-95d4ecb1fecd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "007ceec0-694c-11ea-b0ac-95d4ecb1fecd", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "f7c17000-6949-11ea-b0ac-95d4ecb1fecd", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "c1db9b80-694b-11ea-b0ac-95d4ecb1fecd", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..1ec48b982ab --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,140 @@ +{ + "attributes": { + "description": "Logs AWS VPC Flow Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "S3 Bucket Filter" + }, + "gridData": { + "h": 5, + "i": "c802177f-038c-4a35-a82d-0fa42c857d02", + "w": 18, + "x": 0, + "y": 0 + }, + "panelIndex": "c802177f-038c-4a35-a82d-0fa42c857d02", + "panelRefName": "panel_0", + "title": "S3 Bucket Filter", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "isLayerTOCOpen": true, + "mapCenter": { + "lat": 12.09237, + "lon": 60.11722, + "zoom": 0.47 + }, + "openTOCDetails": [], + "title": "VPC Flow Action Geo Location" + }, + "gridData": { + "h": 17, + "i": "380eed85-225b-4d5d-88bc-1c70a3643ddb", + "w": 30, + "x": 18, + "y": 0 + }, + "panelIndex": "380eed85-225b-4d5d-88bc-1c70a3643ddb", + "panelRefName": "panel_1", + "title": "VPC Flow Action Geo Location", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Top IP Addresses" + }, + "gridData": { + "h": 12, + "i": "3dde08df-2d7e-464e-825d-03179e43e175", + "w": 18, + "x": 0, + "y": 5 + }, + "panelIndex": "3dde08df-2d7e-464e-825d-03179e43e175", + "panelRefName": "panel_2", + "title": "VPC Flow Top IP Addresses", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Total Requests" + }, + "gridData": { + "h": 12, + "i": "f7c6de04-c771-47ff-a32d-00a7940e414a", + "w": 48, + "x": 0, + "y": 17 + }, + "panelIndex": "f7c6de04-c771-47ff-a32d-00a7940e414a", + "panelRefName": "panel_3", + "title": "VPC Flow Total Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VPC Flow Reject Logs" + }, + "gridData": { + "h": 15, + "i": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c", + "panelRefName": "panel_4", + "title": "VPC Flow Reject Logs", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs AWS] VPC Flow Log Overview", + "version": 1 + }, + "id": "15503340-4488-11ea-ad63-791a5dc86f10", + "references": [ + { + "id": "247e2990-4699-11ea-ad63-791a5dc86f10", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "513a3d70-4482-11ea-ad63-791a5dc86f10", + "name": "panel_1", + "type": "map" + }, + { + "id": "75853f20-4484-11ea-ad63-791a5dc86f10", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "bad8c910-4485-11ea-ad63-791a5dc86f10", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c1aee600-4487-11ea-ad63-791a5dc86f10", + "name": "panel_4", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json new file mode 100644 index 00000000000..d0e4b10491a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json @@ -0,0 +1,196 @@ +{ + "attributes": { + "description": "Overview of AWS SQS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "SQS Messages Visible" + }, + "gridData": { + "h": 8, + "i": "1", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "SQS Messages Visible", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Oldest Message Age in Seconds" + }, + "gridData": { + "h": 8, + "i": "2", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "SQS Oldest Message Age in Seconds", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Messages Received" + }, + "gridData": { + "h": 8, + "i": "3", + "w": 24, + "x": 0, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "SQS Messages Received", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Messages Deleted" + }, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "SQS Messages Deleted", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Messages Delayed" + }, + "gridData": { + "h": 8, + "i": "7", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "title": "SQS Messages Delayed", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Messages Sent" + }, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "title": "SQS Messages Sent", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Filters" + }, + "gridData": { + "h": 8, + "i": "9", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "9", + "panelRefName": "panel_6", + "title": "SQS Filters", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "SQS Empty Receives" + }, + "gridData": { + "h": 8, + "i": "10", + "w": 12, + "x": 24, + "y": 0 + }, + "panelIndex": "10", + "panelRefName": "panel_7", + "title": "SQS Empty Receives", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] SQS Overview", + "version": 1 + }, + "id": "234aeda0-43b7-11e9-8697-530f39afc6eb", + "references": [ + { + "id": "f74eb760-41e8-11e9-b7a0-c99d9d127b61", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "53730d20-437e-11e9-8697-530f39afc6eb", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1235fe50-41e7-11e9-b7a0-c99d9d127b61", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "be6c4180-41e6-11e9-b7a0-c99d9d127b61", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "dcd31cd0-41e5-11e9-b7a0-c99d9d127b61", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "dd2f2a10-41e6-11e9-b7a0-c99d9d127b61", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "b0afd3e0-43b7-11e9-8697-530f39afc6eb", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..740c5276dfb --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json @@ -0,0 +1,193 @@ +{ + "attributes": { + "description": "Overview of AWS RDS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Database Connections" + }, + "gridData": { + "h": 6, + "i": "1", + "w": 19, + "x": 10, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Database Connections", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Insert Latency in Milliseconds" + }, + "gridData": { + "h": 10, + "i": "3", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "title": "Insert Latency in Milliseconds", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Select Latency in Milliseconds" + }, + "gridData": { + "h": 10, + "i": "4", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "title": "Select Latency in Milliseconds", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Transaction Blocked" + }, + "gridData": { + "h": 6, + "i": "5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "title": "Transaction Blocked", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "6", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Insert Throughput in Count/Second" + }, + "gridData": { + "h": 11, + "i": "7", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "title": "Insert Throughput in Count/Second", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Select Throughput in Count/Second" + }, + "gridData": { + "h": 11, + "i": "8", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "title": "Select Throughput in Count/Second", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Disk Queue Depth" + }, + "gridData": { + "h": 12, + "i": "132653bc-2669-4e8c-b536-06c680e9acf0", + "w": 48, + "x": 0, + "y": 27 + }, + "panelIndex": "132653bc-2669-4e8c-b536-06c680e9acf0", + "panelRefName": "panel_7", + "title": "Disk Queue Depth", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] RDS Overview", + "version": 1 + }, + "id": "3367c170-921f-11e9-aa19-159bf182e06f", + "references": [ + { + "id": "17fcda50-921b-11e9-aa19-159bf182e06f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8b8a7f80-921c-11e9-aa19-159bf182e06f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cc3a1950-921c-11e9-aa19-159bf182e06f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "00b29040-921d-11e9-aa19-159bf182e06f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "c1afd130-921e-11e9-aa19-159bf182e06f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "e06e4cf0-921e-11e9-aa19-159bf182e06f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "966ae990-d979-11e9-9458-bbef63ad717b", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..271f612fe67 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,224 @@ +{ + "attributes": { + "description": "Logs AWS ELB Access Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 51.63808, + "lon": 17.07232, + "zoom": 3.47 + }, + "openTOCDetails": [], + "title": "ELB Requests Geolocation" + }, + "gridData": { + "h": 14, + "i": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac", + "panelRefName": "panel_0", + "title": "ELB Requests Geolocation", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Inbound Traffic" + }, + "gridData": { + "h": 14, + "i": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9", + "panelRefName": "panel_1", + "title": "ELB Inbound Traffic", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Top User Agents" + }, + "gridData": { + "h": 14, + "i": "48ecb39f-57a5-4805-a8a9-77385a996d75", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "48ecb39f-57a5-4805-a8a9-77385a996d75", + "panelRefName": "panel_2", + "title": "ELB Top User Agents", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Total Requests" + }, + "gridData": { + "h": 14, + "i": "9812996e-ba10-41bd-b134-c9705a0973b4", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "9812996e-ba10-41bd-b134-c9705a0973b4", + "panelRefName": "panel_3", + "title": "ELB Total Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Top IP Addresses" + }, + "gridData": { + "h": 14, + "i": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36", + "panelRefName": "panel_4", + "title": "ELB Top IP Addresses", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB Outbound Traffic" + }, + "gridData": { + "h": 14, + "i": "bf43580d-cc26-415b-ae36-d678a232b544", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "bf43580d-cc26-415b-ae36-d678a232b544", + "panelRefName": "panel_5", + "title": "ELB Outbound Traffic", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 2xx" + }, + "gridData": { + "h": 14, + "i": "466e825b-6ee2-43c3-b221-21abe27612dd", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "466e825b-6ee2-43c3-b221-21abe27612dd", + "panelRefName": "panel_6", + "title": "ELB HTTP 2xx", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 4xx" + }, + "gridData": { + "h": 14, + "i": "d42994a6-922c-4f86-bf99-a46f87ff106d", + "w": 16, + "x": 16, + "y": 28 + }, + "panelIndex": "d42994a6-922c-4f86-bf99-a46f87ff106d", + "panelRefName": "panel_7", + "title": "ELB HTTP 4xx", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "ELB HTTP 5xx" + }, + "gridData": { + "h": 14, + "i": "f45aaa2c-c244-4d1a-8ad4-4794130b9827", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "f45aaa2c-c244-4d1a-8ad4-4794130b9827", + "panelRefName": "panel_8", + "title": "ELB HTTP 5xx", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs AWS] ELB Access Log Overview", + "version": 1 + }, + "id": "3af47420-3e7b-11ea-bb0a-69c3ca1d410f", + "references": [ + { + "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f", + "name": "panel_0", + "type": "map" + }, + { + "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..7a61863e8b1 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,217 @@ +{ + "attributes": { + "description": "[Metrics AWS] Overview of EBS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 24, + "x": 24, + "y": 10 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Volume Write Ops", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "2", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Volume Read Ops", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "3", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Volume Write Bytes", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "4", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Volume Read Bytes", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5", + "w": 19, + "x": 8, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Volume Queue Length", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Volume Total Write Time", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "7", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Volume Total Read Time", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "8", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Volume Idle Time", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "9", + "w": 8, + "x": 0, + "y": 5 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "EBS Volume ID Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "10", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "10", + "panelRefName": "panel_9", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] EBS Overview", + "version": 1 + }, + "id": "44ce4680-b7ba-11e9-8349-f15f850c5cd0", + "references": [ + { + "id": "f6831f30-b7b6-11e9-8349-f15f850c5cd0", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "c0e32d50-b7b8-11e9-8349-f15f850c5cd0", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b00c4390-b7b8-11e9-8349-f15f850c5cd0", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fe0581b0-b7b8-11e9-8349-f15f850c5cd0", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "25384bf0-b7b9-11e9-8349-f15f850c5cd0", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "12eff7e0-b7b9-11e9-8349-f15f850c5cd0", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "67f43080-b7b9-11e9-8349-f15f850c5cd0", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d045d120-b7b9-11e9-8349-f15f850c5cd0", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_9", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json new file mode 100644 index 00000000000..e4cc457041b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "Logs AWS S3 Server Access Log Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Top URLs" + }, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Top URLs", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Http Status over time" + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Http Status over time", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Error Logs" + }, + "gridData": { + "h": 15, + "i": "3", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Error Logs", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs AWS] S3 Server Access Log Overview", + "version": 1 + }, + "id": "4746e000-bacd-11e9-9f70-1f7bda85a5eb", + "references": [ + { + "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..8c0df51ab3f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "Overview of AWS VPN Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 14, + "i": "8ef52400-6eac-417b-936e-dce159dd5e89", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "8ef52400-6eac-417b-936e-dce159dd5e89", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel State Per VPN ID" + }, + "gridData": { + "h": 14, + "i": "eb78041b-afc4-458e-af92-0951b1d0cadd", + "w": 20, + "x": 8, + "y": 0 + }, + "panelIndex": "eb78041b-afc4-458e-af92-0951b1d0cadd", + "panelRefName": "panel_1", + "title": "Tunnel State Per VPN ID", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel State Per Tunnel IP" + }, + "gridData": { + "h": 14, + "i": "39a9be08-98c6-470c-b76b-312a57e11e2d", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "39a9be08-98c6-470c-b76b-312a57e11e2d", + "panelRefName": "panel_2", + "title": "Tunnel State Per Tunnel IP", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel Data In Per VPN ID" + }, + "gridData": { + "h": 15, + "i": "5c8122a2-fbf0-4404-918e-249bf6fd7f07", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "5c8122a2-fbf0-4404-918e-249bf6fd7f07", + "panelRefName": "panel_3", + "title": "Tunnel Data In Per VPN ID", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel Data In Per Tunnel IP" + }, + "gridData": { + "h": 15, + "i": "8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c", + "panelRefName": "panel_4", + "title": "Tunnel Data In Per Tunnel IP", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel Data Out Per VPN ID" + }, + "gridData": { + "h": 15, + "i": "eb10ea7d-ffc9-4c51-9386-6f63be6322aa", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "eb10ea7d-ffc9-4c51-9386-6f63be6322aa", + "panelRefName": "panel_5", + "title": "Tunnel Data Out Per VPN ID", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Tunnel Data Out Per Tunnel IP" + }, + "gridData": { + "h": 15, + "i": "3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7", + "panelRefName": "panel_6", + "title": "Tunnel Data Out Per Tunnel IP", + "version": "7.6.1" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] VPN Overview", + "version": 1 + }, + "id": "67c9f900-693e-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "142ad600-693b-11ea-b0ac-95d4ecb1fecd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "2ee7f420-6943-11ea-b0ac-95d4ecb1fecd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "26b73e50-6943-11ea-b0ac-95d4ecb1fecd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "f58f99b0-693a-11ea-b0ac-95d4ecb1fecd", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json new file mode 100644 index 00000000000..a781ef74f7e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json @@ -0,0 +1,238 @@ +{ + "attributes": { + "description": "Overview of DynamoDB AWS Cloudwatch metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Region/Account Filters" + }, + "gridData": { + "h": 9, + "i": "9642fcd0-464b-46ea-815c-cd2d9efc056d", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "9642fcd0-464b-46ea-815c-cd2d9efc056d", + "panelRefName": "panel_0", + "title": "Region/Account Filters", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Consumed Read Capacity Units" + }, + "gridData": { + "h": 9, + "i": "bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0", + "w": 14, + "x": 10, + "y": 0 + }, + "panelIndex": "bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0", + "panelRefName": "panel_1", + "title": "Consumed Read Capacity Units", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Consumed Write Capacity Units" + }, + "gridData": { + "h": 9, + "i": "09bdf20b-43b4-47a3-a113-d34ef3b2596c", + "w": 14, + "x": 24, + "y": 0 + }, + "panelIndex": "09bdf20b-43b4-47a3-a113-d34ef3b2596c", + "panelRefName": "panel_2", + "title": "Consumed Write Capacity Units", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Max Read/Write Account Limits" + }, + "gridData": { + "h": 9, + "i": "1bd7141d-b410-4ca0-8550-f8f645d97983", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "1bd7141d-b410-4ca0-8550-f8f645d97983", + "panelRefName": "panel_3", + "title": "Max Read/Write Account Limits", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Successful Request Latency" + }, + "gridData": { + "h": 10, + "i": "073302ad-0e44-4cd1-b16d-58f017a71816", + "w": 17, + "x": 0, + "y": 9 + }, + "panelIndex": "073302ad-0e44-4cd1-b16d-58f017a71816", + "panelRefName": "panel_4", + "title": "Successful Request Latency", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Read Throttle Events" + }, + "gridData": { + "h": 10, + "i": "ddcbc858-d2a0-42c3-8074-74f7d08ecb60", + "w": 16, + "x": 17, + "y": 9 + }, + "panelIndex": "ddcbc858-d2a0-42c3-8074-74f7d08ecb60", + "panelRefName": "panel_5", + "title": "Read Throttle Events", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Throttle Requests" + }, + "gridData": { + "h": 10, + "i": "95ffd42d-b28d-4f40-b3cb-6a6ac52943e1", + "w": 15, + "x": 33, + "y": 9 + }, + "panelIndex": "95ffd42d-b28d-4f40-b3cb-6a6ac52943e1", + "panelRefName": "panel_6", + "title": "Throttle Requests", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Max Request Latency Per Operation" + }, + "gridData": { + "h": 11, + "i": "0a588a08-997a-422f-a5db-e56728bc6702", + "w": 17, + "x": 0, + "y": 19 + }, + "panelIndex": "0a588a08-997a-422f-a5db-e56728bc6702", + "panelRefName": "panel_7", + "title": "Max Request Latency Per Operation", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Write Throttle Events" + }, + "gridData": { + "h": 11, + "i": "897ae224-d367-4fe0-aa23-5bb13165cc67", + "w": 16, + "x": 17, + "y": 19 + }, + "panelIndex": "897ae224-d367-4fe0-aa23-5bb13165cc67", + "panelRefName": "panel_8", + "title": "Write Throttle Events", + "version": "7.6.2" + }, + { + "embeddableConfig": { + "title": "Account Provisioned Write Capacity Utilization" + }, + "gridData": { + "h": 11, + "i": "e81e9817-c971-454b-881a-09cec10da0e9", + "w": 15, + "x": 33, + "y": 19 + }, + "panelIndex": "e81e9817-c971-454b-881a-09cec10da0e9", + "panelRefName": "panel_9", + "title": "Account Provisioned Write Capacity Utilization", + "version": "7.6.2" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] DynamoDB Overview", + "version": 1 + }, + "id": "68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c", + "references": [ + { + "id": "bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "9d284bc0-7b08-11ea-9bb4-e958b64b5685", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "49379b70-7b07-11ea-9bb4-e958b64b5685", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "7d1e0870-7a3f-11ea-bfa4-dfea8c457654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "8cf5fbe0-7b07-11ea-9bb4-e958b64b5685", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7b93bab0-7b0a-11ea-9bb4-e958b64b5685", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "9f0425c0-7b0a-11ea-9bb4-e958b64b5685", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "3dee68c0-7b0c-11ea-9bb4-e958b64b5685", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "b403f7b0-7b15-11ea-9bb4-e958b64b5685", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "31ad4090-2003-11ea-8f72-2f8d21e50b0c", + "name": "panel_9", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json new file mode 100644 index 00000000000..855a4cfbb85 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json @@ -0,0 +1,154 @@ +{ + "attributes": { + "description": "Overview of AWS Lambda Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "AWS Account Filter" + }, + "gridData": { + "h": 5, + "i": "8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a", + "panelRefName": "panel_0", + "title": "AWS Account Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Top Errors" + }, + "gridData": { + "h": 10, + "i": "443a9699-3451-44f7-8415-99a16c3f45b3", + "w": 34, + "x": 14, + "y": 0 + }, + "panelIndex": "443a9699-3451-44f7-8415-99a16c3f45b3", + "panelRefName": "panel_1", + "title": "Top Errors", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "AWS Region Filter" + }, + "gridData": { + "h": 5, + "i": "60a16bf0-2979-467a-b30e-05ea29547b41", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "60a16bf0-2979-467a-b30e-05ea29547b41", + "panelRefName": "panel_2", + "title": "AWS Region Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Lambda Function Duration in Milliseconds" + }, + "gridData": { + "h": 14, + "i": "349ef0d1-fea1-4b91-b95d-7a668914e10b", + "w": 48, + "x": 0, + "y": 10 + }, + "panelIndex": "349ef0d1-fea1-4b91-b95d-7a668914e10b", + "panelRefName": "panel_3", + "title": "Lambda Function Duration in Milliseconds", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Top Invoked Lambda Functions" + }, + "gridData": { + "h": 9, + "i": "048b1577-5aed-48e5-8f90-147aa3d56c1a", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "048b1577-5aed-48e5-8f90-147aa3d56c1a", + "panelRefName": "panel_4", + "title": "Top Invoked Lambda Functions", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Top Throttled Lambda Functions" + }, + "gridData": { + "h": 9, + "i": "4c8e471c-45da-47be-a866-c5bfc6d28a05", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "4c8e471c-45da-47be-a866-c5bfc6d28a05", + "panelRefName": "panel_5", + "title": "Top Throttled Lambda Functions", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] Lambda Overview", + "version": 1 + }, + "id": "7ac8e1d0-28d2-11ea-ba6c-49a884eb104f", + "references": [ + { + "id": "deab0260-2981-11e9-86eb-a3a07a77f530", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "4bf0a740-28d1-11ea-ba6c-49a884eb104f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "39dfc8d0-28cf-11ea-ba6c-49a884eb104f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1f3f00c0-28d1-11ea-ba6c-49a884eb104f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "915bcd50-28d1-11ea-ba6c-49a884eb104f", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..5be9490c01e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "Overview of AWS Usage Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "AWS Region Filter" + }, + "gridData": { + "h": 5, + "i": "2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36", + "panelRefName": "panel_0", + "title": "Region Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Usage Resource Count" + }, + "gridData": { + "h": 15, + "i": "00c2b1f6-3367-4b6f-ac01-7e48b76c262a", + "w": 20, + "x": 9, + "y": 0 + }, + "panelIndex": "00c2b1f6-3367-4b6f-ac01-7e48b76c262a", + "panelRefName": "panel_1", + "title": "Usage Resource Count", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Usage API Call Count" + }, + "gridData": { + "h": 15, + "i": "fecfe5d4-ef1c-4f38-954a-a2506d72bc5b", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "fecfe5d4-ef1c-4f38-954a-a2506d72bc5b", + "panelRefName": "panel_2", + "title": "Usage API Call Count", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "AWS Account Filter" + }, + "gridData": { + "h": 5, + "i": "69ce7461-36ad-4e7c-b541-c6a1601bf089", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "69ce7461-36ad-4e7c-b541-c6a1601bf089", + "panelRefName": "panel_3", + "title": "AWS Account Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "AWS Service Filter" + }, + "gridData": { + "h": 5, + "i": "62e86407-6ae3-47d3-9136-dd61bdf3267a", + "w": 9, + "x": 0, + "y": 10 + }, + "panelIndex": "62e86407-6ae3-47d3-9136-dd61bdf3267a", + "panelRefName": "panel_4", + "title": "AWS Service Filter", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Usage Resource Count Per Service" + }, + "gridData": { + "h": 10, + "i": "196a044c-5c20-4417-8aa0-f60fc502e46c", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "196a044c-5c20-4417-8aa0-f60fc502e46c", + "panelRefName": "panel_5", + "title": "Usage Resource Count Per Service", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "Usage API Call Count Per Service" + }, + "gridData": { + "h": 12, + "i": "022941b7-01a1-4570-86e9-d03451d4e102", + "w": 48, + "x": 0, + "y": 25 + }, + "panelIndex": "022941b7-01a1-4570-86e9-d03451d4e102", + "panelRefName": "panel_6", + "title": "Usage API Call Count Per Service", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] Usage Overview", + "version": 1 + }, + "id": "917a07b0-178e-11ea-8650-fb606deb5be4", + "references": [ + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "9202d1a0-178c-11ea-8650-fb606deb5be4", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "681aab60-178c-11ea-8650-fb606deb5be4", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "deab0260-2981-11e9-86eb-a3a07a77f530", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "2929edb0-178e-11ea-8650-fb606deb5be4", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "59e2e110-178d-11ea-8650-fb606deb5be4", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "75ebfda0-1789-11ea-8650-fb606deb5be4", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..8327e1c36b4 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json @@ -0,0 +1,191 @@ +{ + "attributes": { + "description": "Summary of events from AWS CloudTrail.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 17.90562, + "lon": -12.20429, + "zoom": 0.97 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "85d26d9a-2a71-4b98-a026-5f513094d6e5", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "85d26d9a-2a71-4b98-a026-5f513094d6e5", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "colors": { + "failure": "#E24D42" + }, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + } + } + }, + "gridData": { + "h": 15, + "i": "6b3eff90-3071-451e-a827-ca569e0ac10b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6b3eff90-3071-451e-a827-ca569e0ac10b", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "952e456a-e9ae-4606-b838-e16019375336", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "952e456a-e9ae-4606-b838-e16019375336", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "802ad09d-5883-4e41-99ac-6c356144d24d", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "802ad09d-5883-4e41-99ac-6c356144d24d", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "3e617d87-3acf-4203-b03b-c907c9145fce", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "3e617d87-3acf-4203-b03b-c907c9145fce", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "d6f03440-c717-4f5e-928c-72ae9d450318", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "d6f03440-c717-4f5e-928c-72ae9d450318", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "2b82a2c9-3809-447c-8e95-52125acccb42", + "w": 30, + "x": 0, + "y": 28 + }, + "panelIndex": "2b82a2c9-3809-447c-8e95-52125acccb42", + "panelRefName": "panel_6", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50", + "w": 18, + "x": 30, + "y": 28 + }, + "panelIndex": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50", + "panelRefName": "panel_7", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs AWS] CloudTrail", + "version": 1 + }, + "id": "9c09cd20-7399-11ea-a345-f985c61fe654", + "references": [ + { + "id": "dae24080-739a-11ea-a345-f985c61fe654", + "name": "panel_0", + "type": "map" + }, + { + "id": "4c23e4c0-739a-11ea-a345-f985c61fe654", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "396089c0-7399-11ea-a345-f985c61fe654", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0f056420-739e-11ea-a345-f985c61fe654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "7bca4f50-739c-11ea-a345-f985c61fe654", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f8b63860-739e-11ea-a345-f985c61fe654", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "panel_6", + "type": "search" + }, + { + "id": "8ec43590-739b-11ea-a345-f985c61fe654", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..74c3f40627d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,181 @@ +{ + "attributes": { + "description": "Overview of AWS S3 Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "S3 Daily Storage Bucket Size in Bytes" + }, + "gridData": { + "h": 7, + "i": "1", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "S3 Daily Storage Bucket Size in Bytes", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Daily Storage Number of Objects" + }, + "gridData": { + "h": 7, + "i": "2", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "S3 Daily Storage Number of Objects", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Request Latency Total Request in ms" + }, + "gridData": { + "h": 7, + "i": "3", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "S3 Request Latency Total Request in ms", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Total Error 4xx" + }, + "gridData": { + "h": 6, + "i": "4", + "w": 13, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "S3 Total Error 4xx", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Total Error 5xx" + }, + "gridData": { + "h": 6, + "i": "5", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "S3 Total Error 5xx", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Filters" + }, + "gridData": { + "h": 6, + "i": "6", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "S3 Filters", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "S3 Total Requests" + }, + "gridData": { + "h": 7, + "i": "7", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "S3 Total Requests", + "version": "7.7.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-1d", + "timeRestore": true, + "timeTo": "now", + "title": "[Metrics AWS] S3 Overview", + "version": 1 + }, + "id": "a096b830-4762-11e9-8062-c98a86cb6f94", + "references": [ + { + "id": "2dbb8f90-4760-11e9-8062-c98a86cb6f94", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "3a3914d0-4761-11e9-8062-c98a86cb6f94", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "2b2d58b0-4762-11e9-8062-c98a86cb6f94", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "81d83c70-4762-11e9-8062-c98a86cb6f94", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "8b34a100-4762-11e9-8062-c98a86cb6f94", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6e3285d0-4763-11e9-8062-c98a86cb6f94", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d186fd50-4763-11e9-8062-c98a86cb6f94", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..ea96d228656 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,301 @@ +{ + "attributes": { + "description": "Overview of AWS NAT Gateway Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 11, + "i": "346ce7bf-e1af-4e0d-856b-5aa412903167", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "346ce7bf-e1af-4e0d-856b-5aa412903167", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Error Port Allocation" + }, + "gridData": { + "h": 11, + "i": "19a9f053-a548-4e9d-a257-45932c3b73a5", + "w": 8, + "x": 7, + "y": 0 + }, + "panelIndex": "19a9f053-a548-4e9d-a257-45932c3b73a5", + "panelRefName": "panel_1", + "title": "Error Port Allocation", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Drop" + }, + "gridData": { + "h": 11, + "i": "a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3", + "w": 8, + "x": 15, + "y": 0 + }, + "panelIndex": "a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3", + "panelRefName": "panel_2", + "title": "Packets Drop", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Total Connection Established" + }, + "gridData": { + "h": 11, + "i": "b5fe853e-d5b0-4918-93ec-8be70f2881a8", + "w": 8, + "x": 23, + "y": 0 + }, + "panelIndex": "b5fe853e-d5b0-4918-93ec-8be70f2881a8", + "panelRefName": "panel_3", + "title": "Total Connection Established", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Active Connection Count" + }, + "gridData": { + "h": 11, + "i": "33663eae-1bc3-47d4-a9fc-3cd2b43c66ef", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "33663eae-1bc3-47d4-a9fc-3cd2b43c66ef", + "panelRefName": "panel_4", + "title": "Active Connection Count", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes In From Destination" + }, + "gridData": { + "h": 13, + "i": "4e454740-281a-43b1-92f4-8dd2e37e184f", + "w": 24, + "x": 0, + "y": 11 + }, + "panelIndex": "4e454740-281a-43b1-92f4-8dd2e37e184f", + "panelRefName": "panel_5", + "title": "Bytes In From Destination", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes In From Source" + }, + "gridData": { + "h": 13, + "i": "f40587a4-47f1-494a-b8b9-33365ce34d2f", + "w": 24, + "x": 24, + "y": 11 + }, + "panelIndex": "f40587a4-47f1-494a-b8b9-33365ce34d2f", + "panelRefName": "panel_6", + "title": "Bytes In From Source", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes Out To Destination" + }, + "gridData": { + "h": 13, + "i": "00075068-bf27-49e1-8beb-d5572500205b", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "00075068-bf27-49e1-8beb-d5572500205b", + "panelRefName": "panel_7", + "title": "Bytes Out To Destination", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Bytes Out To Source" + }, + "gridData": { + "h": 13, + "i": "c95ab156-9118-4c3c-94ee-55b4c9f5589c", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "c95ab156-9118-4c3c-94ee-55b4c9f5589c", + "panelRefName": "panel_8", + "title": "Bytes Out To Source", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets In From Destination" + }, + "gridData": { + "h": 13, + "i": "f7c6e3f7-419d-43ff-a2bb-d5931371f347", + "w": 24, + "x": 0, + "y": 37 + }, + "panelIndex": "f7c6e3f7-419d-43ff-a2bb-d5931371f347", + "panelRefName": "panel_9", + "title": "Packets In From Destination", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets In From Source" + }, + "gridData": { + "h": 13, + "i": "dcc56438-240a-45a4-81ec-a54be3d27c43", + "w": 24, + "x": 24, + "y": 37 + }, + "panelIndex": "dcc56438-240a-45a4-81ec-a54be3d27c43", + "panelRefName": "panel_10", + "title": "Packets In From Source", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Out To Destination" + }, + "gridData": { + "h": 13, + "i": "db77d690-f343-4dc2-8695-d45a03361e01", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "db77d690-f343-4dc2-8695-d45a03361e01", + "panelRefName": "panel_11", + "title": "Packets Out To Destination", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Packets Out To Source" + }, + "gridData": { + "h": 13, + "i": "d882a862-87aa-4169-9dc3-0591252fa736", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "d882a862-87aa-4169-9dc3-0591252fa736", + "panelRefName": "panel_12", + "title": "Packets Out To Source", + "version": "7.6.1" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] NATGateway Overview", + "version": 1 + }, + "id": "c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "8345d580-6891-11ea-b0ac-95d4ecb1fecd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ce7445c0-688f-11ea-b0ac-95d4ecb1fecd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "68970b10-6890-11ea-b0ac-95d4ecb1fecd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c186b610-688d-11ea-b0ac-95d4ecb1fecd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b36532e0-688e-11ea-b0ac-95d4ecb1fecd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "e0e65e60-688e-11ea-b0ac-95d4ecb1fecd", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "08645080-6891-11ea-b0ac-95d4ecb1fecd", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "fd915180-6890-11ea-b0ac-95d4ecb1fecd", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..433040fd721 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,173 @@ +{ + "attributes": { + "description": "Overview of AWS EC2 Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "11", + "w": 24, + "x": 0, + "y": 42 + }, + "panelIndex": "11", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "12", + "w": 24, + "x": 24, + "y": 42 + }, + "panelIndex": "12", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "15", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "15", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "17", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "17", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "18", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "18", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "19", + "w": 19, + "x": 17, + "y": 0 + }, + "panelIndex": "19", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] EC2 Overview", + "version": 1 + }, + "id": "c5846400-f7fb-11e8-af03-c999c9dea608-ecs", + "references": [ + { + "id": "fed59380-f7f8-11e8-af03-c999c9dea608-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "15818fd0-f7f9-11e8-af03-c999c9dea608-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "233b3400-f7f9-11e8-af03-c999c9dea608-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "deab0260-2981-11e9-86eb-a3a07a77f530", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "09db13f0-2bdd-11e9-9fe1-cde861544141", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..daed79a7d38 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,284 @@ +{ + "attributes": { + "description": "Overview of AWS SNS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "aws.sns" + }, + "type": "phrase", + "value": "aws.sns" + }, + "query": { + "match": { + "stream.dataset": { + "query": "aws.sns", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "3b9b0cee-b175-4268-8c5b-4ce869a09caf", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "3b9b0cee-b175-4268-8c5b-4ce869a09caf", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Messages and Notifications" + }, + "gridData": { + "h": 10, + "i": "5f0d72c5-0f28-449f-9c93-3b4074f068f7", + "w": 39, + "x": 9, + "y": 0 + }, + "panelIndex": "5f0d72c5-0f28-449f-9c93-3b4074f068f7", + "panelRefName": "panel_1", + "title": "SNS Messages and Notifications", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "5a9d5f2f-b075-4892-8188-c6e808a1163d", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "5a9d5f2f-b075-4892-8188-c6e808a1163d", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Publish Size" + }, + "gridData": { + "h": 10, + "i": "c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f", + "w": 16, + "x": 0, + "y": 10 + }, + "panelIndex": "c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f", + "panelRefName": "panel_3", + "title": "SNS Publish Size", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Notifications Filtered Out" + }, + "gridData": { + "h": 10, + "i": "0684c25d-34e8-425e-9069-dd8364e6325b", + "w": 16, + "x": 16, + "y": 10 + }, + "panelIndex": "0684c25d-34e8-425e-9069-dd8364e6325b", + "panelRefName": "panel_4", + "title": "SNS Notifications Filtered Out", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Notifications Filtered Out Invalid Attributes" + }, + "gridData": { + "h": 10, + "i": "72e987da-9a49-4dd4-99c4-4acbc49a0e0b", + "w": 16, + "x": 32, + "y": 10 + }, + "panelIndex": "72e987da-9a49-4dd4-99c4-4acbc49a0e0b", + "panelRefName": "panel_5", + "title": "SNS Notifications Filtered Out Invalid Attributes", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Notifications Filtered Out No Message Attributes" + }, + "gridData": { + "h": 10, + "i": "923bd4cd-d8fe-47b5-afcf-577bf2c5987c", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "923bd4cd-d8fe-47b5-afcf-577bf2c5987c", + "panelRefName": "panel_6", + "title": "SNS Notifications Filtered Out No Message Attributes", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Notifications Failed to Redrive to DLQ" + }, + "gridData": { + "h": 10, + "i": "f176153f-4588-42f9-a7bb-3015909d5610", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "f176153f-4588-42f9-a7bb-3015909d5610", + "panelRefName": "panel_7", + "title": "SNS Notifications Failed to Redrive to DLQ", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS SMS Success Rate" + }, + "gridData": { + "h": 10, + "i": "f3c5915b-6848-4950-afca-53653d13d6af", + "w": 16, + "x": 0, + "y": 30 + }, + "panelIndex": "f3c5915b-6848-4950-afca-53653d13d6af", + "panelRefName": "panel_8", + "title": "SNS SMS Success Rate", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS Notifications Redriven To DLQ" + }, + "gridData": { + "h": 10, + "i": "3b3cc747-b57c-44e0-a18c-77155072bee4", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3b3cc747-b57c-44e0-a18c-77155072bee4", + "panelRefName": "panel_9", + "title": "SNS Notifications Redriven To DLQ", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "title": "SNS SMS Month To Date Spent USD" + }, + "gridData": { + "h": 10, + "i": "ee130150-c1de-465b-8a8e-013f466528bf", + "w": 16, + "x": 16, + "y": 30 + }, + "panelIndex": "ee130150-c1de-465b-8a8e-013f466528bf", + "panelRefName": "panel_10", + "title": "SNS SMS Month To Date Spent USD", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] SNS Overview", + "version": 1 + }, + "id": "d17b1000-17a4-11ea-8e91-03c7047cbb9d", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "13e624c0-180e-11ea-8e91-03c7047cbb9d", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "59defc90-17a5-11ea-8e91-03c7047cbb9d", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "6f7f7680-180c-11ea-8e91-03c7047cbb9d", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "bf81e030-180e-11ea-8e91-03c7047cbb9d", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d19a71b0-180e-11ea-8e91-03c7047cbb9d", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "dffa19e0-180e-11ea-8e91-03c7047cbb9d", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "09857a20-180f-11ea-8e91-03c7047cbb9d", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "abdc7480-180b-11ea-8e91-03c7047cbb9d", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "fc0869c0-180e-11ea-8e91-03c7047cbb9d", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "b7f8bf90-180f-11ea-8e91-03c7047cbb9d", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json new file mode 100644 index 00000000000..8300aa50130 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json @@ -0,0 +1,112 @@ +{ + "attributes": { + "description": "Overview of AWS Billing Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "AWS Account Filter" + }, + "gridData": { + "h": 5, + "i": "89dccfe8-a25e-44ea-afdb-ff01ab1f05d6", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "89dccfe8-a25e-44ea-afdb-ff01ab1f05d6", + "panelRefName": "panel_0", + "title": "AWS Account Filter", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Estimated Billing Chart" + }, + "gridData": { + "h": 16, + "i": "26670498-b079-4447-bbc8-e4ca8215898c", + "w": 32, + "x": 16, + "y": 0 + }, + "panelIndex": "26670498-b079-4447-bbc8-e4ca8215898c", + "panelRefName": "panel_1", + "title": "Estimated Billing Chart", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Total Estimated Charges" + }, + "gridData": { + "h": 11, + "i": "221aab02-2747-4d84-9dde-028ccd51bdce", + "w": 16, + "x": 0, + "y": 5 + }, + "panelIndex": "221aab02-2747-4d84-9dde-028ccd51bdce", + "panelRefName": "panel_2", + "title": "Total Estimated Charges", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top 10 Estimated Billing Per Service Name" + }, + "gridData": { + "h": 15, + "i": "21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7", + "panelRefName": "panel_3", + "title": "Top 10 Estimated Billing Per Service Name", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] Billing Overview", + "version": 1 + }, + "id": "e6776b10-1534-11ea-841c-01bf20a6c8ba", + "references": [ + { + "id": "deab0260-2981-11e9-86eb-a3a07a77f530", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "749cd470-1530-11ea-841c-01bf20a6c8ba", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "83f08eb0-1532-11ea-841c-01bf20a6c8ba", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "31a4ea90-152b-11ea-841c-01bf20a6c8ba", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..8b2dca12ac0 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json @@ -0,0 +1,198 @@ +{ + "attributes": { + "description": "Overview of AWS ELB Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "2", + "w": 25, + "x": 23, + "y": 32 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "title": "HTTP 5XX Errors", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "3", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "title": "Request Count", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 11, + "x": 0, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "title": "Unhealthy Host Count", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 11, + "x": 0, + "y": 7 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "title": "Healthy Host Count", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 37, + "x": 11, + "y": 11 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "title": "Latency in Seconds", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "7", + "w": 23, + "x": 0, + "y": 32 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "title": "HTTP Backend 4XX Errors", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "8", + "w": 23, + "x": 0, + "y": 23 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "title": "Backend Connection Errors", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "9", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "9", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "10", + "w": 25, + "x": 23, + "y": 23 + }, + "panelIndex": "10", + "panelRefName": "panel_8", + "title": "HTTP Backend 2XX", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] ELB Overview", + "version": 1 + }, + "id": "e74bf320-b3ce-11e9-87a4-078dbbae220d", + "references": [ + { + "id": "b9703dd0-b3c9-11e9-87a4-078dbbae220d", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "d560de70-b3c7-11e9-87a4-078dbbae220d", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "6fc1efd0-b3c9-11e9-87a4-078dbbae220d", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "6392bc30-b3c9-11e9-87a4-078dbbae220d", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b2ea15a0-b3c7-11e9-87a4-078dbbae220d", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "21f30090-b3ca-11e9-87a4-078dbbae220d", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "572d40e0-b3ca-11e9-87a4-078dbbae220d", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "1f528f50-b3ce-11e9-87a4-078dbbae220d", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..29673a6843d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json @@ -0,0 +1,298 @@ +{ + "attributes": { + "description": "Overview of AWS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "2", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "3", + "w": 10, + "x": 9, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "4", + "w": 29, + "x": 19, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "6", + "w": 9, + "x": 0, + "y": 7 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "7", + "w": 9, + "x": 9, + "y": 7 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "9", + "w": 15, + "x": 18, + "y": 7 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "10", + "w": 15, + "x": 33, + "y": 7 + }, + "panelIndex": "10", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "12", + "w": 13, + "x": 0, + "y": 14 + }, + "panelIndex": "12", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "14", + "w": 20, + "x": 13, + "y": 14 + }, + "panelIndex": "14", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "15", + "w": 15, + "x": 33, + "y": 14 + }, + "panelIndex": "15", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "17", + "w": 16, + "x": 15, + "y": 21 + }, + "panelIndex": "17", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "18", + "w": 15, + "x": 0, + "y": 21 + }, + "panelIndex": "18", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "19", + "w": 17, + "x": 31, + "y": 21 + }, + "panelIndex": "19", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "24", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "24", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "25", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "25", + "panelRefName": "panel_14", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics AWS] Overview", + "version": 1 + }, + "id": "fac28650-7349-11e9-816b-07687310a99a", + "references": [ + { + "id": "b5308940-7347-11e9-816b-07687310a99a", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "09db13f0-2bdd-11e9-9fe1-cde861544141", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "81d83c70-4762-11e9-8062-c98a86cb6f94", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "58e17c10-7349-11e9-816b-07687310a99a", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "4658f540-734a-11e9-816b-07687310a99a", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "95b322f0-734a-11e9-816b-07687310a99a", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "b2191dd0-734c-11e9-816b-07687310a99a", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "42016bf0-728f-11e9-9a7b-4d62d5bcf4fc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "9121ac90-734d-11e9-816b-07687310a99a", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "128fd450-734e-11e9-816b-07687310a99a", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "54e88a40-734e-11e9-816b-07687310a99a", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "398d12d0-7352-11e9-816b-07687310a99a", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "4bf62a10-8310-11e9-ac83-47df3568ff90", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "d2f46190-830f-11e9-ac83-47df3568ff90", + "name": "panel_14", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..547c4bdc1f4 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,191 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -14.38966, + 60.11526 + ], + [ + -14.38966, + 39.61205 + ], + [ + 41.72167, + 39.61205 + ], + [ + 41.72167, + 60.11526 + ], + [ + -14.38966, + 60.11526 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "19047c4c-18d7-4aec-b0ce-98de2828244d", + "label": "Hits", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "1d457cd4-01be-4f96-95fd-af4ac535ebea", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "geoField": "source.geo.location", + "id": "1e82f50f-424a-4718-905b-ad45db14db62", + "indexPatternRefName": "layer_1_source_index_pattern", + "requestType": "point", + "resolution": "COARSE", + "type": "ES_GEO_GRID" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "Blues", + "field": { + "label": "count", + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": false, + "sigma": 3 + } + }, + "type": "DYNAMIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "field": { + "label": "count", + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": false, + "sigma": 3 + }, + "maxSize": 32, + "minSize": 4 + }, + "type": "DYNAMIC" + }, + "lineColor": { + "options": { + "color": "#167a6d" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 50.97903, + "lon": 13.666 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "elb" + }, + "type": "phrase", + "value": "elb" + }, + "query": { + "match": { + "fileset.name": { + "query": "elb", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "now-15m", + "to": "now" + }, + "zoom": 3.9 + }, + "title": "ELB Requests Geolocation [Logs AWS] ECS", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..c8aee07faa0 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,231 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 85.05113 + ], + [ + -180, + -85.05113 + ], + [ + 180, + -85.05113 + ], + [ + 180, + 85.05113 + ], + [ + -180, + 85.05113 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "842c201e-96d7-413d-8688-de5ee4f8a1e0", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "401944dd-a371-4698-be17-bc4542e9a5d4", + "label": "vpc flow action accept", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "aws.vpcflow.action : \"ACCEPT\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "destination.geo.location", + "id": "97903038-e08d-4451-bbd2-eb92c894bdf5", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "@timestamp", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "#1EA593" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 5 + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#167a6d" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + }, + { + "alpha": 0.75, + "id": "b1d44a5c-3a04-4c80-8080-57585b02fd48", + "label": "vpc flow action reject", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "aws.vpcflow.action : \"REJECT\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb", + "indexPatternRefName": "layer_2_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "@timestamp", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "#f00f0b" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 5 + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#7a1a18" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 0, + "lon": -108.92402 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "now-15d", + "to": "now" + }, + "zoom": 0.47 + }, + "title": "VPC Flow Action Geo Location[Logs AWS]", + "uiStateJSON": { + "isLayerTOCOpen": false, + "openTOCDetails": [] + } + }, + "id": "513a3d70-4482-11ea-ad63-791a5dc86f10", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..9e6eb6ed271 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json @@ -0,0 +1,185 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 74.14342 + ], + [ + -180, + -58.35006 + ], + [ + 180, + -58.35006 + ], + [ + 180, + 74.14342 + ], + [ + -180, + 74.14342 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "2c7b49fb-3fb5-4e18-b27f-fabe930971f3", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "a10fa758-30ad-4e2a-bf9d-472e133a7f17", + "joins": [], + "label": "CloudTrail Soure Location", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "stream.dataset:aws.cloudtrail" + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "now-15m", + "to": "now" + }, + "zoom": 1.97 + }, + "title": "CloudTrail Source Location [Logs AWS]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "dae24080-739a-11ea-a345-f985c61fe654", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..606738dd8ad --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "columns": [ + "user.id", + "event.provider", + "aws.cloudtrail.event_type", + "event.action", + "event.outcome", + "source.address", + "source.geo.region_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "aws.cloudtrail" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "aws.cloudtrail" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "CloudTrail Events [Logs AWS]", + "version": 1 + }, + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json b/dev/packages/beats/aws/0.0.1/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json new file mode 100644 index 00000000000..805fbf3fbd5 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "columns": [ + "aws.s3access.http_status", + "aws.s3access.error_code", + "aws.s3access.operation", + "aws.s3access.request_uri" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "aws.s3access.http_status", + "negate": true, + "params": { + "query": "200" + }, + "type": "phrase", + "value": "200" + }, + "query": { + "match": { + "aws.s3access.http_status": { + "query": "200", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "s3access" + }, + "type": "phrase", + "value": "s3access" + }, + "query": { + "match": { + "fileset.name": { + "query": "s3access", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Error Logs [Logs AWS]", + "version": 1 + }, + "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..b51bf0e8e53 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "columns": [ + "source.ip", + "source.port", + "event.original" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "vpcflow" + }, + "type": "phrase", + "value": "vpcflow" + }, + "query": { + "match": { + "fileset.name": { + "query": "vpcflow", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "aws.vpcflow.action", + "negate": false, + "params": { + "query": "REJECT" + }, + "type": "phrase", + "value": "REJECT" + }, + "query": { + "match": { + "aws.vpcflow.action": { + "query": "REJECT", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "VPC Flow Reject Logs [Logs AWS]", + "version": 1 + }, + "id": "c1aee600-4487-11ea-ad63-791a5dc86f10", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..7a24b2eed13 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Packets Drop Count No Route [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.PacketDropCountNoRoute.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Packets Drop Count No Route [Metrics AWS]", + "type": "metrics" + } + }, + "id": "007ceec0-694c-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..23cad93e7d9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Transaction Blocked [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(164,221,0,1)", + "id": "27aaf910-d978-11e9-aff2-99c15d8b7da1", + "operator": "lte", + "value": 0 + }, + { + "color": "rgba(244,78,59,1)", + "id": "3526a9e0-d978-11e9-aff2-99c15d8b7da1", + "operator": "gt", + "value": 0 + } + ], + "bar_color_rules": [ + { + "bar_color": "rgba(211,49,21,1)", + "id": "f8196690-921a-11e9-badf-4b42bd1ef543", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": "", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Transaction Blocked", + "line_width": 1, + "metrics": [ + { + "field": "aws.rds.transactions.blocked", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "RDS Transaction Blocked [Metrics AWS]", + "type": "metrics" + } + }, + "id": "00b29040-921d-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..b0edb98194c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Bytes Drop Count No Route [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.BytesDropCountNoRoute.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Bytes Drop Count No Route [Metrics AWS]", + "type": "metrics" + } + }, + "id": "01ed5990-694a-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..e58bce43bcd --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Packet Out To Destination [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.PacketsOutToDestination.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Packet Out To Destination [Metrics AWS]", + "type": "metrics" + } + }, + "id": "08645080-6891-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..e63994d397f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Notifications Failed To Redrive To DLQ [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Notifications Failed To Redrive To DLQ", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Notifications Failed To Redrive To DLQ [Metrics AWS]", + "type": "metrics" + } + }, + "id": "09857a20-180f-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json new file mode 100644 index 00000000000..758cf1d78e3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 Instance State [Metrics AWS] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "16": "#629E51", + "272": "#DEDAF7", + "80": "#E24D42", + "running": "#7EB26D", + "stopped": "#E24D42" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "EC2 Instance State" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "aws.ec2.instance.state.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "EC2 Instance State [Metrics AWS] ECS", + "type": "pie" + } + }, + "id": "09db13f0-2bdd-11e9-9fe1-cde861544141", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..50798b0bb83 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Packets In [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.PacketsIn.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Packets In [Metrics AWS]", + "type": "metrics" + } + }, + "id": "0a36b590-694c-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..3270b29d408 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Event Type [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "CloudTrail Event Type", + "field": "aws.cloudtrail.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Event Type [Logs AWS]", + "type": "pie" + } + }, + "id": "0f056420-739e-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..48cc9af9dce --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Packets Out [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.PacketsOut.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Packets Out [Metrics AWS]", + "type": "metrics" + } + }, + "id": "10e0f270-694c-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json new file mode 100644 index 00000000000..164d3c8a344 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Received [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "1ccb6710-43b3-11e9-8c70-d17a67455a84" + } + ], + "bar_color_rules": [ + { + "id": "57cc0200-43b5-11e9-84e9-a97a63579915" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.received", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQS Messages Received [Metrics AWS]", + "type": "metrics" + } + }, + "id": "1235fe50-41e7-11e9-b7a0-c99d9d127b61", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..e20e9a79a00 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch Lambda Invocations Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9" + } + ], + "bar_color_rules": [ + { + "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Lambda Invocations", + "line_width": 1, + "metrics": [ + { + "field": "aws.lambda.metrics.Invocations", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS Cloudwatch Lambda Invocations Top5", + "type": "metrics" + } + }, + "id": "128fd450-734e-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..aec59938a8e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Total Read Time [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Total Read Time", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeTotalReadTime.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Total Read Time [Metrics AWS]", + "type": "metrics" + } + }, + "id": "12eff7e0-b7b9-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..cfaff502e9c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,119 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Messages and Notifications [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Messages Published", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfMessagesPublished.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0", + "formatter": "s,s,3", + "id": "204ff2b0-1b77-11ea-9357-231d0e09a8a9", + "label": "Notifications Delivered", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsDelivered.sum", + "id": "204ff2b1-1b77-11ea-9357-231d0e09a8a9", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "204ff2b1-1b77-11ea-9357-231d0e09a8a9", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "s,s,3", + "id": "32e925e0-1b77-11ea-9357-231d0e09a8a9", + "label": "Notifications Failed", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsFailed.sum", + "id": "32e925e1-1b77-11ea-9357-231d0e09a8a9", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "32e925e1-1b77-11ea-9357-231d0e09a8a9", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Messages and Notifications [Metrics AWS]", + "type": "metrics" + } + }, + "id": "13e624c0-180e-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..431d30b4c23 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data State [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "05e19c00-693b-11ea-8bb6-25461aeac3d5" + } + ], + "bar_color_rules": [ + { + "id": "fdd5ac40-693a-11ea-8bb6-25461aeac3d5" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelState.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VpnId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "VPN Tunnel Data State [Metrics AWS]", + "type": "metrics" + } + }, + "id": "142ad600-693b-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..4f5a37dff8c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 Network In Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS EC2 Network In Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.network.in.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS EC2 Network In Bytes", + "type": "metrics" + } + }, + "id": "15818fd0-f7f9-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..4a8c00372c8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Database Connections [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "10bc2760-d978-11e9-aff2-99c15d8b7da1" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Database Connections", + "line_width": 1, + "metrics": [ + { + "field": "aws.rds.database_connections", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "RDS Database Connections [Metrics AWS]", + "type": "metrics" + } + }, + "id": "17fcda50-921b-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json new file mode 100644 index 00000000000..5bb1eafec4f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lambda Top Invoked Functions [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25" + } + ], + "bar_color_rules": [ + { + "id": "f679afa0-28d0-11ea-8789-f72e3366fb25" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081", + "label": "avg(aws.metrics.Duration.avg)", + "line_width": 2, + "metrics": [ + { + "field": "aws.lambda.metrics.Invocations.avg", + "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "max" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Lambda Top Invoked Functions [Metrics AWS]", + "type": "metrics" + } + }, + "id": "1f3f00c0-28d1-11ea-ba6c-49a884eb104f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..af6e31a5b15 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP Backend 2XX [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "HTTP Backend 2XX", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.HTTPCode_Backend_2XX.sum", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB HTTP Backend 2XX [Metrics AWS]", + "type": "metrics" + } + }, + "id": "1f528f50-b3ce-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..3f08b9269c6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 2xx [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 200 and http.response.status_code\t\u003c 300" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 2xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 2xx [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..ced9c6bd98b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP Backend 4XX Errors [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0", + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "HTTP Backend 4XX Errors", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.HTTPCode_Backend_4XX.sum", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB HTTP Backend 4XX Errors [Metrics AWS]", + "type": "metrics" + } + }, + "id": "21f30090-b3ca-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..749cc47d608 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 Network Out Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS EC2 Network Out Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.network.out.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS EC2 Network Out Bytes", + "type": "metrics" + } + }, + "id": "233b3400-f7f9-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..cd5b5f17ed6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Bucket Name Filter [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aws.s3.bucket.name", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "S3 Bucket Names", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "S3 Bucket Name Filter [Logs AWS]", + "type": "input_control_vis" + } + }, + "id": "247e2990-4699-11ea-ad63-791a5dc86f10", + "references": [ + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..913c25cf206 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Total Write Time [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Total Write Time", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeTotalWriteTime.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Total Write Time [Metrics AWS]", + "type": "metrics" + } + }, + "id": "25384bf0-b7b9-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..86442ab5815 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data Out Per VPN ID [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelDataOut.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VpnId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPN Tunnel Data Out Per VPN ID [Metrics AWS]", + "type": "metrics" + } + }, + "id": "26b73e50-6943-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..ae7bade1656 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "AWS Service Filter [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aws.dimensions.Service", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "service name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "AWS Service Filter [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "2929edb0-178e-11ea-8650-fb606deb5be4", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..a2a9a532ae8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Request Latency Total Request in ms [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "c0d11b00-4761-11e9-bf81-69a4e579cab5" + } + ], + "bar_color_rules": [ + { + "id": "67cb0930-4761-11e9-bf81-69a4e579cab5" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "6eafde10-4761-11e9-bf81-69a4e579cab5" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1d", + "isModelInvalid": false, + "pivot_id": "aws.s3.bucket.name", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "ac2ef870-4761-11e9-bf81-69a4e579cab5" + } + ], + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Latency in ms", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_request.latency.total_request.ms", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.s3.bucket.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "S3 Request Latency Total Request in ms [Metrics AWS]", + "type": "metrics" + } + }, + "id": "2b2d58b0-4762-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..5ccc431463f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Daily Storage Bucket Size in Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "f679e680-475f-11e9-a9de-e776805ecfc9" + } + ], + "bar_color_rules": [ + { + "id": "f703aff0-475f-11e9-a9de-e776805ecfc9" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "f8388670-475f-11e9-a9de-e776805ecfc9" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1d", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_daily_storage.bucket.size.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.s3.bucket.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "S3 Daily Storage Bucket Size in Bytes [Metrics AWS]", + "type": "metrics" + } + }, + "id": "2dbb8f90-4760-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..12429ab895d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data In Per VPN ID [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelDataIn.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VpnId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPN Tunnel Data In Per VPN ID [Metrics AWS]", + "type": "metrics" + } + }, + "id": "2ee7f420-6943-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json new file mode 100644 index 00000000000..c059de7040b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top 10 Billing per Service Name [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "729af8b0-152a-11ea-ae8f-79fec1a0d4d3", + "index_pattern": "metrics-*", + "interval": "12h", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "729b1fc0-152a-11ea-ae8f-79fec1a0d4d3", + "label": "avg(aws.billing.metrics.EstimatedCharges.max)", + "line_width": 2, + "metrics": [ + { + "field": "aws.billing.metrics.EstimatedCharges.max", + "id": "729b1fc1-152a-11ea-ae8f-79fec1a0d4d3", + "type": "sum" + } + ], + "override_index_pattern": 0, + "point_size": "4", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.ServiceName", + "terms_include": "", + "terms_order_by": "729b1fc1-152a-11ea-ae8f-79fec1a0d4d3", + "terms_size": "10", + "type": "timeseries", + "value_template": "${{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Top 10 Billing per Service Name [Metrics AWS]", + "type": "metrics" + } + }, + "id": "31a4ea90-152b-11ea-841c-01bf20a6c8ba", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json new file mode 100644 index 00000000000..3452c2704fb --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json @@ -0,0 +1,216 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Write Utilization", + "field": "aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Read Utilization", + "field": "aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm:ss" + } + }, + "label": "@timestamp per 30 seconds", + "params": { + "bounds": { + "max": "2020-04-10T10:29:58.462Z", + "min": "2020-04-10T10:14:58.462Z" + }, + "date": true, + "format": "HH:mm:ss", + "interval": "PT30S", + "intervalESUnit": "s", + "intervalESValue": 30 + } + }, + "y": [ + { + "accessor": 1, + "aggType": "max", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Write Utilization", + "params": {} + }, + { + "accessor": 2, + "aggType": "max", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Read Utilization", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Write Utilization" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Read Utilization" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Write Utilization" + }, + "type": "value" + } + ] + }, + "title": "DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]", + "type": "line" + } + }, + "id": "31ad4090-2003-11ea-8f72-2f8d21e50b0c", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..3c5f8cc2628 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "event.action values separated by event.provider.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Actions [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Actions [Logs AWS]", + "type": "pie" + } + }, + "id": "396089c0-7399-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..d2bda5e4486 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch Lambda Throttles Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9" + } + ], + "bar_color_rules": [ + { + "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Lambda Throttles", + "line_width": 1, + "metrics": [ + { + "field": "aws.lambda.metrics.Throttles", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS Cloudwatch Lambda Throttles Top5", + "type": "metrics" + } + }, + "id": "398d12d0-7352-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json new file mode 100644 index 00000000000..c836b092ce9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lambda Duration in Milliseconds [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081", + "label": "avg(aws.metrics.Duration.avg)", + "line_width": 2, + "metrics": [ + { + "field": "aws.lambda.metrics.Duration.avg", + "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "avg" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Lambda Duration in Milliseconds [Metrics AWS]", + "type": "metrics" + } + }, + "id": "39dfc8d0-28cf-11ea-ba6c-49a884eb104f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..b43ff703f8b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Daily Storage Number of Objects [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "167ea870-4761-11e9-bf81-69a4e579cab5" + } + ], + "bar_color_rules": [ + { + "id": "01dad830-4761-11e9-bf81-69a4e579cab5" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1d", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_daily_storage.number_of_objects", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.s3.bucket.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "S3 Daily Storage Number of Objects [Metrics AWS]", + "type": "metrics" + } + }, + "id": "3a3914d0-4761-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..77caf0de68a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Max Request Latency Per Operation [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Max Request Latency Per Operation", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.SuccessfulRequestLatency.max", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.Operation", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Max Request Latency Per Operation [Metrics AWS]", + "type": "metrics" + } + }, + "id": "3dee68c0-7b0c-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..4aafcee1d31 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "TransitGateway Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.account.name", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "account name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.region", + "id": "1584478324642", + "indexPatternRefName": "control_1_index_pattern", + "label": "region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.dimensions.TransitGateway", + "id": "1584479118709", + "indexPatternRefName": "control_2_index_pattern", + "label": "transit gateway", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "TransitGateway Filters [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "415fed40-694f-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json new file mode 100644 index 00000000000..a123b35d1b5 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch ELB Latency [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "default_index_pattern": "metrics-8*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS Cloudwatch ELB Latency", + "line_width": 1, + "metrics": [ + { + "field": "aws.elb.metrics.Latency", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS Cloudwatch ELB Latency", + "type": "metrics" + } + }, + "id": "42016bf0-728f-11e9-9a7b-4d62d5bcf4fc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..0b33d0f5a0d --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Empty Receives Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "23be77d0-734a-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS SQS Empty Receives", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.empty_receives", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS SQS Empty Receives Top5", + "type": "metrics" + } + }, + "id": "4658f540-734a-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..af6dcf6903e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Consumed Write Capacity Units [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "bar_color_rules": [ + { + "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "gauge_color_rules": [ + { + "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumed Write Capacity Units", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "offset_time": "", + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Consumed Write Capacity Units [Metrics AWS]", + "type": "metrics" + } + }, + "id": "49379b70-7b07-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json new file mode 100644 index 00000000000..75684367d2e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lambda Top Errors [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25" + } + ], + "bar_color_rules": [ + { + "id": "f679afa0-28d0-11ea-8789-f72e3366fb25" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "3eabbde0-28d1-11ea-8789-f72e3366fb25" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081", + "label": "avg(aws.metrics.Duration.avg)", + "line_width": 2, + "metrics": [ + { + "field": "aws.lambda.metrics.Errors.avg", + "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "max" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Lambda Top Errors [Metrics AWS]", + "type": "metrics" + } + }, + "id": "4bf0a740-28d1-11ea-ba6c-49a884eb104f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json new file mode 100644 index 00000000000..d249e09cf17 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch ECS CPU Available [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "bb21d180-830d-11e9-9c4c-391fa0a2e15f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(aws.cloudwatch.namespace:\"AWS/ECS\") AND (_exists_: aws.ecs.metrics.CPUReservation) AND (_exists_: aws.ecs.metrics.CPUUtilization)" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "aws.ecs.metrics.CPUUtilization", + "id": "17f8ddf0-830d-11e9-9f3d-ed346f48a007", + "type": "sum" + }, + { + "field": "aws.ecs.metrics.CPUReservation", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "id": "68a93050-830e-11e9-9c4c-391fa0a2e15f", + "script": "(params.res - params.util) / 100", + "type": "math", + "variables": [ + { + "field": "17f8ddf0-830d-11e9-9f3d-ed346f48a007", + "id": "6f338920-830e-11e9-9c4c-391fa0a2e15f", + "name": "util" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f", + "name": "res" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.ClusterName", + "terms_order_by": "_key", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "AWS Cloudwatch ECS CPU Available", + "type": "metrics" + } + }, + "id": "4bf62a10-8310-11e9-ac83-47df3568ff90", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..b0bef14daf6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json @@ -0,0 +1,151 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Event Outcome over time [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-24h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "CloudTrail Event Outcome over time [Logs AWS]", + "type": "area" + } + }, + "id": "4c23e4c0-739a-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json new file mode 100644 index 00000000000..6803a4afe06 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Oldest Message Age in Seconds [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "3e3d3610-437e-11e9-a35d-972620e4f790" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS SQS Oldest Message Age in Seconds", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.oldest_message_age.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "SQS Oldest Message Age in Seconds [Metrics AWS]", + "type": "metrics" + } + }, + "id": "53730d20-437e-11e9-8697-530f39afc6eb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..9c5040af189 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch Lambda Errors Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9" + } + ], + "bar_color_rules": [ + { + "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Lambda Errors", + "line_width": 1, + "metrics": [ + { + "field": "aws.lambda.metrics.Errors", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS Cloudwatch Lambda Errors Top5", + "type": "metrics" + } + }, + "id": "54e88a40-734e-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..4335f5439fb --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Backend Connection Errors [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "00", + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "Backend Connection Errors", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.BackendConnectionErrors.sum", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB Backend Connection Errors [Metrics AWS]", + "type": "metrics" + } + }, + "id": "572d40e0-b3ca-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..8711f57b6ac --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Total Error 5xx [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "59207fe0-4762-11e9-bf81-69a4e579cab5" + } + ], + "bar_color_rules": [ + { + "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total # of HTTP 5xx Errors", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_request.errors.5xx", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "AWS S3 Total Error 5xx", + "type": "metrics" + } + }, + "id": "58e17c10-7349-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..ee117c36752 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data State Per Tunnel IP [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "05e19c00-693b-11ea-8bb6-25461aeac3d5" + } + ], + "bar_color_rules": [ + { + "id": "fdd5ac40-693a-11ea-8bb6-25461aeac3d5" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelState.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TunnelIpAddress", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "VPN Tunnel Data State Per Tunnel IP [Metrics AWS]", + "type": "metrics" + } + }, + "id": "58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..c548d83261a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Topic Name Filter [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aws.dimensions.TopicName", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "topic name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "SNS Topic Name Filter [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "59defc90-17a5-11ea-8e91-03c7047cbb9d", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..686ccd72843 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Usage Resource Count Per Service [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "aws.dimensions.Type : \"Resource\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.usage.metrics.ResourceCount.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.Service", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Usage Resource Count Per Service [Metrics AWS]", + "type": "metrics" + } + }, + "id": "59e2e110-178d-11ea-8650-fb606deb5be4", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json new file mode 100644 index 00000000000..2550a00fa18 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Http Status over time [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "lucene", + "query": "stream.dataset:aws.s3access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Http Status", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 300 and aws.s3access.http_status \u003e= 200" + }, + "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", + "label": "200s" + }, + { + "color": "rgba(252,196,0,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 400 and aws.s3access.http_status \u003e= 300" + }, + "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", + "label": "300s" + }, + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 500 and aws.s3access.http_status \u003e= 400" + }, + "id": "76089a90-a29d-11e7-a062-a1c3587f4874", + "label": "400s" + }, + { + "color": "rgba(171,20,158,1)", + "filter": { + "language": "kuery", + "query": "aws.s3access.http_status \u003c 600 and aws.s3access.http_status \u003e= 500" + }, + "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", + "label": "500s" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "http.response.status_code", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Http Status over time [Logs AWS]", + "type": "metrics" + } + }, + "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..868a5f2293b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Healthy Host Count [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(104,188,0,1)", + "color": "rgba(255,255,255,1)", + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226", + "operator": "gt", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "Healthy Host Count", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.HealthyHostCount.max", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.dimensions.AvailabilityZone", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "ELB Healthy Host Count [Metrics AWS]", + "type": "metrics" + } + }, + "id": "6392bc30-b3c9-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..2df22016c39 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Idle Time [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_min": "0", + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,1", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Idle Time", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeIdleTime.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Idle Time [Metrics AWS]", + "type": "metrics" + } + }, + "id": "67f43080-b7b9-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..c05c918c382 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json @@ -0,0 +1,151 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Usage CallCount [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "aws.usage.metrics.CallCount.sum" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "aws.dimensions.Type : \"API\" " + }, + "label": "" + } + ], + "row": true + }, + "schema": "split", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "aws.dimensions.Service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "aws.dimensions.Resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 3, + "aggType": "sum", + "format": { + "id": "number" + }, + "params": {} + }, + "splitRow": [ + { + "accessor": 0, + "aggType": "filters", + "format": {}, + "params": {} + } + ] + }, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Usage CallCount [Metrics AWS]", + "type": "pie" + } + }, + "id": "681aab60-178c-11ea-8650-fb606deb5be4", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..2e4692d09a7 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Connection Established [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "Total Connections Established", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.ConnectionEstablishedCount.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "sum" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "metric" + }, + "title": "NATGateway Connection Established [Metrics AWS]", + "type": "metrics" + } + }, + "id": "68970b10-6890-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..a60696ca78f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPattern": "metrics-*", + "label": "region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.s3.bucket.name", + "id": "1549512142947", + "indexPattern": "metrics-*", + "label": "s3 bucket name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "AWS S3 Filters", + "type": "input_control_vis" + } + }, + "id": "6e3285d0-4763-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..fb0f626c061 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Publish Size [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Publish Size", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.PublishSize.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Publish Size [Metrics AWS]", + "type": "metrics" + } + }, + "id": "6f7f7680-180c-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..14c1bc91a79 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Unhealthy Host Count [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(244,78,59,1)", + "color": "rgba(255,255,255,1)", + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226", + "operator": "gt", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "Unhealthy Host Count", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.UnHealthyHostCount.max", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.dimensions.AvailabilityZone", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "ELB Unhealthy Host Count [Metrics AWS]", + "type": "metrics" + } + }, + "id": "6fc1efd0-b3c9-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..113c7375389 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Top User Agents [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "User Agent", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "2010cb20-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "user_agent.original", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "ELB Top User Agents [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json new file mode 100644 index 00000000000..f555f41ba0a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json @@ -0,0 +1,118 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Estimated Billing Pie Chart [Metrics AWS]", + "uiStateJSON": { + "vis": { + "colors": { + "16": "#629E51", + "272": "#DEDAF7", + "80": "#E24D42", + "running": "#7EB26D", + "stopped": "#E24D42" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "", + "field": "aws.billing.metrics.EstimatedCharges.max" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "aws.dimensions.ServiceName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderAgg": { + "enabled": true, + "id": "2-orderAgg", + "params": { + "field": "aws.billing.metrics.EstimatedCharges.max" + }, + "schema": "orderAgg", + "type": "avg" + }, + "orderBy": "custom", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": false, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Estimated Billing Pie Chart [Metrics AWS]", + "type": "pie" + } + }, + "id": "749cd470-1530-11ea-841c-01bf20a6c8ba", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..c69f3c232f4 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VPC Flow Top IP Addresses [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "IP address", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "logs-*", + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "VPC Flow Top IP Addresses [Logs AWS]", + "type": "metrics" + } + }, + "id": "75853f20-4484-11ea-ad63-791a5dc86f10", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..1fa628da253 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Usage Call Count Per Service [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "aws.dimensions.Type : \"API\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.usage.metrics.CallCount.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.Service", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Usage Call Count Per Service [Metrics AWS]", + "type": "metrics" + } + }, + "id": "75ebfda0-1789-11ea-8650-fb606deb5be4", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..a1dc3326945 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Inbound Traffic [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\"" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Inbound Traffic [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..abea8f172ad --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Read Throttle Events [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Read Throttle Events", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.ReadThrottleEvents.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Read Throttle Events [Metrics AWS]", + "type": "metrics" + } + }, + "id": "7b93bab0-7b0a-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..1fbdea54bdf --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail User Agents [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail User Agents [Logs AWS]", + "type": "pie" + } + }, + "id": "7bca4f50-739c-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json new file mode 100644 index 00000000000..80e2afafbb9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json @@ -0,0 +1,237 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + }, + "title": "DynamoDB Max Read/Write Account Limits [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Reads", + "field": "aws.dynamodb.metrics.AccountMaxReads.max" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Table Reads", + "field": "aws.dynamodb.metrics.AccountMaxTableLevelReads.max" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Writes", + "field": "aws.dynamodb.metrics.AccountMaxWrites.max" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Table Writes", + "field": "aws.dynamodb.metrics.AccountMaxTableLevelWrites.max" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "max", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Reads", + "params": {} + }, + { + "accessor": 1, + "aggType": "max", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Table Reads", + "params": {} + }, + { + "accessor": 2, + "aggType": "max", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Writes", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Reads" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Table Reads" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Writes" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "4", + "label": "Table Writes" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Account Max Reads" + }, + "type": "value" + } + ] + }, + "title": "DynamoDB Max Read/Write Account Limits [Metrics AWS]", + "type": "histogram" + } + }, + "id": "7d1e0870-7a3f-11ea-bfa4-dfea8c457654", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..f19c4c64abc --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Total Error 4xx [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "59207fe0-4762-11e9-bf81-69a4e579cab5" + } + ], + "bar_color_rules": [ + { + "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total # of HTTP 4xx Errors", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_request.errors.4xx", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "AWS S3 Total Error 4xx", + "type": "metrics" + } + }, + "id": "81d83c70-4762-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..73526a731e3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "NATGateway Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.account.name", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "account name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.region", + "id": "1584478324642", + "indexPatternRefName": "control_1_index_pattern", + "label": "region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.dimensions.NatGatewayId", + "id": "1584479118709", + "indexPatternRefName": "control_2_index_pattern", + "label": "NATGateway ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "NATGateway Filters [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "8345d580-6891-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json new file mode 100644 index 00000000000..589f568c467 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total Estimated Charges [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "88a80e30-1530-11ea-961e-c1db9cc6166e" + } + ], + "bar_color_rules": [ + { + "id": "ebb52700-1531-11ea-961e-c1db9cc6166e" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "e8a045e0-1531-11ea-961e-c1db9cc6166e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "12h", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "not aws.dimensions.ServiceName : * " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total Estimated Charges", + "line_width": 1, + "metrics": [ + { + "field": "aws.billing.metrics.EstimatedCharges.max", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "override_index_pattern": 0, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_interval": "12h", + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none", + "time_range_mode": "last_value", + "value_template": "${{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Total Estimated Charges [Metrics AWS]", + "type": "metrics" + } + }, + "id": "83f08eb0-1532-11ea-841c-01bf20a6c8ba", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..9dcdeddef2c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Total Error 5xx [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "59207fe0-4762-11e9-bf81-69a4e579cab5" + } + ], + "bar_color_rules": [ + { + "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total # of HTTP 5xx Errors", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_request.errors.5xx", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "AWS S3 Total Error 5xx", + "type": "metrics" + } + }, + "id": "8b34a100-4762-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..2cfef3e61cd --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Insert Latency in Milliseconds [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "ms,ms,", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Insert Latency in Milliseconds", + "line_width": "2", + "metrics": [ + { + "field": "aws.rds.latency.insert", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "RDS Insert Latency in Milliseconds [Metrics AWS]", + "type": "metrics" + } + }, + "id": "8b8a7f80-921c-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..fac7a2ca55f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Successful Request Latency [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "bar_color_rules": [ + { + "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "gauge_color_rules": [ + { + "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Successful Request Latency", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.SuccessfulRequestLatency.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "offset_time": "", + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Successful Request Latency [Metrics AWS]", + "type": "metrics" + } + }, + "id": "8cf5fbe0-7b07-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..c067d20952b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Top User IDs [Logs AWS]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User ID", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "CloudTrail Top User IDs [Logs AWS]", + "type": "table" + } + }, + "id": "8ec43590-739b-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..64a72130a65 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch ELB Unhealthy Host Count [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9" + } + ], + "bar_color_rules": [ + { + "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "ELB Unhealthy Host Count", + "line_width": 1, + "metrics": [ + { + "field": "aws.elb.metrics.UnHealthyHostCount", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS Cloudwatch ELB Unhealthy Host Count", + "type": "metrics" + } + }, + "id": "9121ac90-734d-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json new file mode 100644 index 00000000000..5a95b972554 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lambda Top Throttles [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25" + } + ], + "bar_color_rules": [ + { + "id": "f679afa0-28d0-11ea-8789-f72e3366fb25" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "3eabbde0-28d1-11ea-8789-f72e3366fb25" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081", + "label": "avg(aws.metrics.Duration.avg)", + "line_width": 2, + "metrics": [ + { + "field": "aws.lambda.metrics.Duration.avg", + "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "max" + } + ], + "point_size": "4", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.FunctionName", + "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Lambda Top Throttles [Metrics AWS]", + "type": "metrics" + } + }, + "id": "915bcd50-28d1-11ea-ba6c-49a884eb104f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json new file mode 100644 index 00000000000..1acbf7282e4 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json @@ -0,0 +1,151 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Usage ResourceCount [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "aws.usage.metrics.ResourceCount.sum" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "aws.dimensions.Type : \"Resource\" " + }, + "label": "" + } + ], + "row": true + }, + "schema": "split", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "aws.dimensions.Service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "aws.dimensions.Resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 3, + "aggType": "sum", + "format": { + "id": "number" + }, + "params": {} + }, + "splitRow": [ + { + "accessor": 0, + "aggType": "filters", + "format": {}, + "params": {} + } + ] + }, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Usage ResourceCount [Metrics AWS]", + "type": "pie" + } + }, + "id": "9202d1a0-178c-11ea-8650-fb606deb5be4", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..1720fe0e6fa --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Delayed Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "23be77d0-734a-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS SQS Messages Delayed", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.delayed", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS SQS Messages Delayed Top5", + "type": "metrics" + } + }, + "id": "95b322f0-734a-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json new file mode 100644 index 00000000000..e24cd401a83 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Disk Queue Depth [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "'0.000'", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Select Throughput Count/Second", + "line_width": "2", + "metrics": [ + { + "field": "aws.rds.disk_queue_depth", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "RDS Disk Queue Depth [Metrics AWS]", + "type": "metrics" + } + }, + "id": "966ae990-d979-11e9-9458-bbef63ad717b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json new file mode 100644 index 00000000000..0dc11fb0a1e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top URLs [Logs AWS]", + "uiStateJSON": { + "vis": { + "colors": { + "404": "#EAB839" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Request Uri", + "field": "aws.s3access.request_uri", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status", + "field": "aws.s3access.http_status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "splitColumn": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ] + }, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URLs [Logs AWS]", + "type": "pie" + } + }, + "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..4c1496522f5 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Packet Drop [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "Total Packets Drop", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.PacketsDropCount.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "sum" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "metric" + }, + "title": "NATGateway Packet Drop [Metrics AWS]", + "type": "metrics" + } + }, + "id": "9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..9725b05fa82 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Consumed Read Capacity Units [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "bar_color_rules": [ + { + "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "gauge_color_rules": [ + { + "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumed Read Capacity Units", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "offset_time": "", + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Consumed Read Capacity Units [Metrics AWS]", + "type": "metrics" + } + }, + "id": "9d284bc0-7b08-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..251d74afe4c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 Status Check Failed [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d13f6b50-f7f6-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "ad6d62d0-f7f7-11e8-bff8-21537b07dd44" + } + ], + "gauge_color_rules": [ + { + "id": "b0c5b590-f7f7-11e8-bff8-21537b07dd44" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "EC2 Status Check Failed", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.status.check_failed", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "AWS EC2 Status Check Failed", + "type": "metrics" + } + }, + "id": "9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..7e5f9ad6624 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Throttle Requests [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Throttled Requests", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.ThrottledRequests.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Throttle Requests [Metrics AWS]", + "type": "metrics" + } + }, + "id": "9f0425c0-7b0a-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..cf775340fda --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS SMS Success Rate [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "SMS Success Rate", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.SMSSuccessRate.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS SMS Success Rate [Metrics AWS]", + "type": "metrics" + } + }, + "id": "abdc7480-180b-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..c73bae820f9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Read Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Read Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeReadBytes.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Read Bytes [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b00c4390-b7b8-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json new file mode 100644 index 00000000000..fdd8f773935 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.sqs.queue.name", + "id": "1549512142947", + "indexPatternRefName": "control_1_index_pattern", + "label": "queue name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "AWS SQS Filters", + "type": "input_control_vis" + } + }, + "id": "b0afd3e0-43b7-11e9-8697-530f39afc6eb", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..39e3ebaab87 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch ELB Request Count Top5 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "ELB Request Count Top5", + "line_width": 1, + "metrics": [ + { + "field": "aws.elb.metrics.RequestCount", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "AWS Cloudwatch ELB Request Count Top5", + "type": "metrics" + } + }, + "id": "b2191dd0-734c-11e9-816b-07687310a99a", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..80839d59795 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Latency in Seconds [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "s,s,3", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "Latency in seconds", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.Latency.avg", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB Latency in Seconds [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b2ea15a0-b3c7-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..2ce6e45db27 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Bytes In From Destination [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.BytesInFromDestination.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Bytes In From Destination [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b36532e0-688e-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json new file mode 100644 index 00000000000..bad83f297d1 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "DynamoDB Write Throttle Events [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "\u003e=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Write Throttle Events", + "line_width": 1, + "metrics": [ + { + "field": "aws.dynamodb.metrics.WriteThrottleEvents.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TableName", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DynamoDB Write Throttle Events [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b403f7b0-7b15-11ea-9bb4-e958b64b5685", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json new file mode 100644 index 00000000000..f9360547580 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "AWS Region Filter [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "region name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "AWS Region Filter", + "type": "input_control_vis" + } + }, + "id": "b5308940-7347-11e9-816b-07687310a99a", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..dca7c76ccd9 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 4xx [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 400 and http.response.status_code \u003c 500" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 4xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 4xx [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..60ef0983521 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS SMS Month To Date Spent USD [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "SMS Month To Date Spent USD", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.SMSMonthToDateSpentUSD.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS SMS Month To Date Spent USD [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b7f8bf90-180f-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..e800faf1bdd --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 5XX Errors [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "HTTP 5XX Errors", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.HTTPCode_ELB_5XX.sum", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB HTTP 5XX Errors [Metrics AWS]", + "type": "metrics" + } + }, + "id": "b9703dd0-b3c9-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json new file mode 100644 index 00000000000..96db2184387 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json @@ -0,0 +1,173 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VPC Flow Total Requests [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(255,255,255,1)", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"REJECT\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "REJECT", + "line_width": "2", + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"ACCEPT\" " + }, + "formatter": "number", + "id": "7ec99260-4485-11ea-9ee9-2d27e9149ae8", + "label": "ACCEPT", + "line_width": "2", + "metrics": [ + { + "id": "7ec99261-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "7ec99261-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"-\" " + }, + "formatter": "number", + "id": "8d550580-4485-11ea-9ee9-2d27e9149ae8", + "label": "-", + "line_width": "2", + "metrics": [ + { + "id": "8d552c90-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "8d552c90-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0.5", + "filter": { + "language": "kuery", + "query": "fileset.name : \"vpcflow\"" + }, + "formatter": "number", + "id": "c8c27df0-4485-11ea-9ee9-2d27e9149ae8", + "label": "Total Requests", + "line_width": "2", + "metrics": [ + { + "id": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8", + "type": "count" + } + ], + "override_index_pattern": 1, + "point_size": "3", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "rainbow", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.vpcflow.action", + "terms_order_by": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPC Flow Total Requests [Logs AWS]", + "type": "metrics" + } + }, + "id": "bad8c910-4485-11ea-ad63-791a5dc86f10", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..c530be0ca61 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Read Ops [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of Read Operation", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeReadOps.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Read Ops [Metrics AWS]", + "type": "metrics" + } + }, + "id": "bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json new file mode 100644 index 00000000000..3c464f70c02 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Empty Receives [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1" + } + ], + "bar_color_rules": [ + { + "id": "a7e8c370-6c25-11e9-9cd1-3bdb0c7db024" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "a778eaa0-6c25-11e9-9cd1-3bdb0c7db024" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.empty_receives", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "numerator": "", + "percentiles": [ + { + "id": "74323cf0-6c25-11e9-9cd1-3bdb0c7db024", + "mode": "line", + "shade": 0.2, + "value": 50 + } + ], + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "SQS Empty Receives [Metrics AWS]", + "type": "metrics" + } + }, + "id": "bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..07c59ee72a7 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Bytes In From Source [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.BytesInFromSource.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Bytes In From Source [Metrics AWS]", + "type": "metrics" + } + }, + "id": "bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json new file mode 100644 index 00000000000..beb98e23102 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Region/Account Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.account.name", + "id": "1549512126406", + "indexPatternRefName": "control_1_index_pattern", + "label": "account name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Region/Account Filters [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..6e3fd18e92b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Outbound Traffic [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\"" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Outbound Traffic [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..0f3d9185015 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Packet In From Destination [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.PacketsInFromDestination.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Packet In From Destination [Metrics AWS]", + "type": "metrics" + } + }, + "id": "bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json new file mode 100644 index 00000000000..2be698c0c61 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Deleted [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.deleted", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQS Messages Deleted [Metrics AWS]", + "type": "metrics" + } + }, + "id": "be6c4180-41e6-11e9-b7a0-c99d9d127b61", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..9e73a482538 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 CPU Utilization [Metrics AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS EC2 CPU Utilization ECS", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.cpu.total.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS EC2 CPU Utilization ECS", + "type": "metrics" + } + }, + "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..edab4b002c6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Notifications Filtered Out [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Notifications Filtered Out", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Notifications Filtered Out [Metrics AWS]", + "type": "metrics" + } + }, + "id": "bf81e030-180e-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..05562769081 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Write Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Write Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeWriteBytes.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Write Bytes [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c0e32d50-b7b8-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..6274b466a1b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Active Connection Count Top10 [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "3", + "metrics": [ + { + "field": "aws.natgateway.metrics.ActiveConnectionCount.max", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "top_n" + }, + "title": "NATGateway Active Connection Count Top10 [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c186b610-688d-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..2740f23dd46 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Insert Throughput in Count/Second [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "'0.0'", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Insert Throughput Count/Second", + "line_width": "2", + "metrics": [ + { + "field": "aws.rds.throughput.insert", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "RDS Insert Throughput in Count/Second [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c1afd130-921e-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..8495c8059b3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Packets Drop Count Blackhole [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.PacketDropCountBlackhole.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Packets Drop Count Blackhole [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c1db9b80-694b-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..6638a43533f --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Bytes Out To Source [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.BytesOutToSource.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Bytes Out To Source [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..b7a59c43803 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Packet In From Source [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.PacketsInFromSource.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Packet In From Source [Metrics AWS]", + "type": "metrics" + } + }, + "id": "c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..c7286635445 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Select Latency in Milliseconds [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "ms,ms,", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Select Latency in Milliseconds", + "line_width": "2", + "metrics": [ + { + "field": "aws.rds.latency.select", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "RDS Select Latency in Milliseconds [Metrics AWS]", + "type": "metrics" + } + }, + "id": "cc3a1950-921c-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..b1fc0e56799 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Bytes In [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.BytesIn.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Bytes In [Metrics AWS]", + "type": "metrics" + } + }, + "id": "cd6419c0-6949-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..2c300003e83 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Error Port Allocation [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total Error of Port Allocation", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.ErrorPortAllocation.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "_count", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "metric" + }, + "title": "NATGateway Error Port Allocation [Metrics AWS]", + "type": "metrics" + } + }, + "id": "ce7445c0-688f-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..a67774b5568 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Top IP Addresses [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "29527130-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "bar_color_rules": [ + { + "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "pivot_id": "user_agent.original", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "color_rules": [ + { + "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3" + } + ], + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "IP address", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3", + "type": "cumulative_sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "ELB Top IP Addresses [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..3258621b85e --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume ID Filter [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "aws.dimensions.VolumeId", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "volume id", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "EBS Volume ID Filter [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "d045d120-b7b9-11e9-8349-f15f850c5cd0", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json new file mode 100644 index 00000000000..0083f6ce1fb --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "S3 Total Requests [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "c03c4320-4763-11e9-b811-fd5d24a641d7" + } + ], + "bar_color_rules": [ + { + "id": "c7b9fca0-4763-11e9-b811-fd5d24a641d7" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1d", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.s3_request.requests.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "offset_time": "", + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.s3.bucket.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "S3 Total Requests [Metrics AWS]", + "type": "metrics" + } + }, + "id": "d186fd50-4763-11e9-8062-c98a86cb6f94", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..a721cc0d241 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Notifications Filtered Out Invalid Attributes", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]", + "type": "metrics" + } + }, + "id": "d19a71b0-180e-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json new file mode 100644 index 00000000000..5836d48d4f3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cloudwatch ECS Memory Available [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "bb21d180-830d-11e9-9c4c-391fa0a2e15f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(aws.cloudwatch.namespace:\"AWS/ECS\") AND (_exists_: aws.ecs.metrics.MemoryReservation) AND (_exists_: aws.ecs.metrics.MemoryUtilization)" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "aws.ecs.metrics.MemoryUtilization", + "id": "17f8ddf0-830d-11e9-9f3d-ed346f48a007", + "type": "sum" + }, + { + "field": "aws.ecs.metrics.MemoryReservation", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "id": "68a93050-830e-11e9-9c4c-391fa0a2e15f", + "script": "(params.res - params.util) / 100", + "type": "math", + "variables": [ + { + "field": "17f8ddf0-830d-11e9-9f3d-ed346f48a007", + "id": "6f338920-830e-11e9-9c4c-391fa0a2e15f", + "name": "util" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f", + "name": "res" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.ClusterName", + "terms_order_by": "_key", + "terms_size": "5", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "AWS Cloudwatch ECS Memory Available", + "type": "metrics" + } + }, + "id": "d2f46190-830f-11e9-ac83-47df3568ff90", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json new file mode 100644 index 00000000000..6de1c6151f7 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Request Count [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226" + } + ], + "bar_color_rules": [ + { + "id": "7db91990-b3c6-11e9-af6e-ef22c5680226" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971", + "label": "Request Count", + "line_width": 2, + "metrics": [ + { + "field": "aws.elb.metrics.RequestCount.sum", + "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.LoadBalancerName", + "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ELB Request Count [Metrics AWS]", + "type": "metrics" + } + }, + "id": "d560de70-b3c7-11e9-87a4-078dbbae220d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..ea98d841e30 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB HTTP 5xx [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 500 and http.response.status_code \u003c 600" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "HTTP 5xx", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB HTTP 5xx [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..223ce7886b1 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Bytes Out [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.BytesOut.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Bytes Out [Metrics AWS]", + "type": "metrics" + } + }, + "id": "dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json new file mode 100644 index 00000000000..96df3661d29 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Delayed [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.delayed", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQS Messages Delayed [Metrics AWS]", + "type": "metrics" + } + }, + "id": "dcd31cd0-41e5-11e9-b7a0-c99d9d127b61", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json new file mode 100644 index 00000000000..8fe86f7bf9c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Sent [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.sent", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQS Messages Sent [Metrics AWS]", + "type": "metrics" + } + }, + "id": "dd2f2a10-41e6-11e9-b7a0-c99d9d127b61", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json new file mode 100644 index 00000000000..95ed67fe6e8 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "AWS Account Filter [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.account.name", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "account name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "AWS Account Filter [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "deab0260-2981-11e9-86eb-a3a07a77f530", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..21725d1e0a3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Notifications Filtered Out No Message Attributes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Notifications Filtered Out No Message Attributes", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Notifications Filtered Out No Message Attributes [Metrics AWS]", + "type": "metrics" + } + }, + "id": "dffa19e0-180e-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json new file mode 100644 index 00000000000..e6e99961c81 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "RDS Select Throughput in Count/Second [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543" + } + ], + "bar_color_rules": [ + { + "id": "f8196690-921a-11e9-badf-4b42bd1ef543" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "'0.0'", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Select Throughput Count/Second", + "line_width": "2", + "metrics": [ + { + "field": "aws.rds.throughput.select", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.rds.db_instance.identifier", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "RDS Select Throughput in Count/Second [Metrics AWS]", + "type": "metrics" + } + }, + "id": "e06e4cf0-921e-11e9-aa19-159bf182e06f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..74aaa9ff8e0 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Bytes Out To Destination [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.BytesOutToDestination.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Bytes Out To Destination [Metrics AWS]", + "type": "metrics" + } + }, + "id": "e0e65e60-688e-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json new file mode 100644 index 00000000000..88ae101a696 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ELB Total Requests [Logs AWS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "fileset.name : \"elb\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total Requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.elb.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "ELB Total Requests [Logs AWS] ECS", + "type": "metrics" + } + }, + "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..b649f985f18 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data In [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelDataIn.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TunnelIpAddress", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPN Tunnel Data In [Metrics AWS]", + "type": "metrics" + } + }, + "id": "ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..16c29e47e8b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 DiskIO Read Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS EC2 DiskIO Read Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.diskio.read.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS EC2 DiskIO Read Bytes", + "type": "metrics" + } + }, + "id": "f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..4d037086492 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "VPN Tunnel Data Out [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.vpn.metrics.TunnelDataOut.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TunnelIpAddress", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "VPN Tunnel Data Out [Metrics AWS]", + "type": "metrics" + } + }, + "id": "f58f99b0-693a-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..44eb8efc95b --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Write Ops [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of Write Operation", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeWriteOps.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Write Ops [Metrics AWS]", + "type": "metrics" + } + }, + "id": "f6831f30-b7b6-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json new file mode 100644 index 00000000000..33a59f7428c --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQS Messages Visible [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d5b83c70-41e8-11e9-9e94-11d4d21d3f4b" + } + ], + "bar_color_rules": [ + { + "id": "d2d14920-41e8-11e9-9e94-11d4d21d3f4b" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "d2163680-41e8-11e9-9e94-11d4d21d3f4b" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "SQS Message Visible", + "line_width": 1, + "metrics": [ + { + "field": "aws.sqs.messages.visible", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.sqs.queue.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "SQS Messages Visible [Metrics AWS]", + "type": "metrics" + } + }, + "id": "f74eb760-41e8-11e9-b7a0-c99d9d127b61", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..af2f065db71 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.transitgateway.metrics.BytesDropCountBlackhole.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.TransitGateway", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]", + "type": "metrics" + } + }, + "id": "f7c17000-6949-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..d7c7b9f838a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CloudTrail Error Code [Logs AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "aws.cloudtrail.error_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "CloudTrail Error Code [Logs AWS]", + "type": "pie" + } + }, + "id": "f8b63860-739e-11ea-a345-f985c61fe654", + "references": [ + { + "id": "30ccde50-7397-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json new file mode 100644 index 00000000000..e87e62754a6 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SNS Notifications Redriven To DLQ [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "s,s,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Notifications Redriven To DLQ", + "line_width": 1, + "metrics": [ + { + "field": "aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": null, + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "SNS Notifications Redriven To DLQ [Metrics AWS]", + "type": "metrics" + } + }, + "id": "fc0869c0-180e-11ea-8e91-03c7047cbb9d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..29aad97e9db --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VPN Filters [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.account.name", + "id": "1565034367477", + "indexPatternRefName": "control_0_index_pattern", + "label": "account name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.region", + "id": "1584478324642", + "indexPatternRefName": "control_1_index_pattern", + "label": "region", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.dimensions.VpnId", + "id": "1584552913938", + "indexPatternRefName": "control_2_index_pattern", + "label": "VPN ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "aws.dimensions.TunnelIpAddress", + "id": "1584552958445", + "indexPatternRefName": "control_3_index_pattern", + "label": "Tunnel IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "VPN Filters [Metrics AWS]", + "type": "input_control_vis" + } + }, + "id": "fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_3_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..540aca2974a --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "NATGateway Packet Out To Source [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "aws.natgateway.metrics.PacketsOutToSource.sum", + "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.NatGatewayId", + "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "NATGateway Packet Out To Source [Metrics AWS]", + "type": "metrics" + } + }, + "id": "fd915180-6890-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json new file mode 100644 index 00000000000..c68d31e30ea --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EBS Volume Queue Length [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Volume Queue Length", + "line_width": 1, + "metrics": [ + { + "field": "aws.ebs.metrics.VolumeQueueLength.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "5", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "aws.dimensions.VolumeId", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "EBS Volume Queue Length [Metrics AWS]", + "type": "metrics" + } + }, + "id": "fe0581b0-b7b8-11e9-8349-f15f850c5cd0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/beats/aws/0.0.1/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json new file mode 100644 index 00000000000..b6ac6efdc56 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "EC2 DiskIO Write Bytes [Metrics AWS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "23428b30-f7f2-11e8-bff8-21537b07dd44" + } + ], + "bar_color_rules": [ + { + "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "AWS EC2 DiskIO Write Bytes", + "line_width": 1, + "metrics": [ + { + "field": "aws.ec2.diskio.write.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "cloud.instance.id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "AWS EC2 DiskIO Write Bytes", + "type": "metrics" + } + }, + "id": "fed59380-f7f8-11e8-af03-c999c9dea608-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/aws/0.0.1/manifest.yml b/dev/packages/beats/aws/0.0.1/manifest.yml new file mode 100644 index 00000000000..ec5958d83d3 --- /dev/null +++ b/dev/packages/beats/aws/0.0.1/manifest.yml @@ -0,0 +1,141 @@ +format_version: 1.0.0 +name: aws +title: aws +version: 0.0.1 +license: basic +description: aws Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-aws-cloudtrail.png + title: filebeat aws cloudtrail + size: 1702x1063 + type: image/png +- src: /img/filebeat-aws-elb-overview.png + title: filebeat aws elb overview + size: 5120x2704 + type: image/png +- src: /img/filebeat-aws-s3access-overview.png + title: filebeat aws s3access overview + size: 1684x897 + type: image/png +- src: /img/filebeat-aws-vpcflow-overview.png + title: filebeat aws vpcflow overview + size: 5111x2609 + type: image/png +- src: /img/metricbeat-aws-overview.png + title: metricbeat aws overview + size: 3848x2440 + type: image/png +- src: /img/metricbeat-aws-billing-overview.png + title: metricbeat aws billing overview + size: 2176x1826 + type: image/png +- src: /img/metricbeat-aws-dynamodb-overview.png + title: metricbeat aws dynamodb overview + size: 1873x846 + type: image/png +- src: /img/metricbeat-aws-ebs-overview.png + title: metricbeat aws ebs overview + size: 3372x2104 + type: image/png +- src: /img/metricbeat-aws-ec2-overview.png + title: metricbeat aws ec2 overview + size: 2640x2240 + type: image/png +- src: /img/metricbeat-aws-elb-overview.png + title: metricbeat aws elb overview + size: 2676x2384 + type: image/png +- src: /img/metricbeat-aws-lambda-overview.png + title: metricbeat aws lambda overview + size: 2582x2206 + type: image/png +- src: /img/metricbeat-aws-rds-overview.png + title: metricbeat aws rds overview + size: 3468x2290 + type: image/png +- src: /img/metricbeat-aws-s3-overview.png + title: metricbeat aws s3 overview + size: 2048x1504 + type: image/png +- src: /img/metricbeat-aws-sqs-overview.png + title: metricbeat aws sqs overview + size: 2560x1440 + type: image/png +- src: /img/metricbeat-aws-usage-overview.png + title: metricbeat aws usage overview + size: 2238x2438 + type: image/png +- src: /img/metricbeat-aws-billing-overview.png + title: metricbeat aws billing overview + size: 2176x1826 + type: image/png +- src: /img/metricbeat-aws-ebs-overview.png + title: metricbeat aws ebs overview + size: 3372x2104 + type: image/png +- src: /img/metricbeat-aws-ec2-overview.png + title: metricbeat aws ec2 overview + size: 2640x2240 + type: image/png +- src: /img/metricbeat-aws-elb-overview.png + title: metricbeat aws elb overview + size: 2676x2384 + type: image/png +- src: /img/metricbeat-aws-lambda-overview.png + title: metricbeat aws lambda overview + size: 2582x2206 + type: image/png +- src: /img/metricbeat-aws-rds-overview.png + title: metricbeat aws rds overview + size: 3468x2290 + type: image/png +- src: /img/metricbeat-aws-s3-overview.png + title: metricbeat aws s3 overview + size: 2048x1504 + type: image/png +- src: /img/metricbeat-aws-s3-overview.png + title: metricbeat aws s3 overview + size: 2048x1504 + type: image/png +- src: /img/metricbeat-aws-sns-overview.png + title: metricbeat aws sns overview + size: 3840x2676 + type: image/png +- src: /img/metricbeat-aws-sqs-overview.png + title: metricbeat aws sqs overview + size: 2560x1440 + type: image/png +- src: /img/metricbeat-aws-usage-overview.png + title: metricbeat aws usage overview + size: 2238x2438 + type: image/png +icons: +- src: /img/logo_aws.svg + title: logo aws + size: 32x32 + type: image/svg+xml +datasources: +- name: aws + title: aws logs and metrics + description: Collect logs and metrics from aws instances + inputs: + - type: logs + title: Collect logs from aws instances + description: Collecting aws cloudtrail, cloudwatch, ec2, elb, s3access and vpcflow + logs + - type: aws/metrics + title: Collect metrics from aws instances + description: Collecting aws billing, cloudwatch, dynamodb, ebs, ec2, elb, lambda, + natgateway, rds, s3_daily_storage, s3_request, sns, sqs, transitgateway, usage + and vpn metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/azure-eventhub.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/azure-eventhub.yml.hbs new file mode 100644 index 00000000000..47319c41caa --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/azure-eventhub.yml.hbs @@ -0,0 +1,6 @@ +connection_string: {{connection_string}} +eventhub: {{eventhub}} +consumer_group: {{consumer_group}} +storage_account: {{storage_account}} +storage_account_key: {{storage_account_key}} +resource_manager_endpoint: {{resource_manager_endpoint}} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/log.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a5151635ea --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json new file mode 100644 index 00000000000..9bfad9cf1bb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json @@ -0,0 +1,69 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "set": { + "field": "cloud.provider", + "value": "azure" + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : ".+", + "NAMESPACE": ".+", + "RULE": ".+" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : "([A-Z])\\w+.([A-Z])\\w+/([A-Z])\\w+.", + "NAME": "((?!AUTHORIZATIONRULES).)*$" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/providers/%{PROVIDER:azure.resource.provider}"], + "pattern_definitions" : { + "PROVIDER" : ".+" + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.resource_id", + "target_field": "azure.resource.id", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.event.outcome !=null) {ctx.event.outcome = ctx.event.outcome.substring(0,1).toUpperCase() + ctx.event.outcome.substring(1,ctx.event.outcome.length()).toLowerCase();}", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..1193627de4b --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,249 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "script": { + "source": "ctx.message = ctx.message.replace(params.empty_field_name, '')", + "params": { + "empty_field_name": "\"\":\"\"," + }, + "ignore_failure": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.activitylogs" + } + }, + { + "date": { + "field": "azure.activitylogs.time", + "target_field": "@timestamp", + "ignore_failure": true, + "formats": [ + "ISO8601" + ] + } + }, + { + "remove": { + "field": ["message", "azure.activitylogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.callerIpAddress", + "target_field": "source.ip", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.event.duration!= null) {ctx.event.duration = ctx.event.duration * params.param_nano;}", + "params": { + "param_nano": 1000000 + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.activitylogs.location", + "target_field": "geo.name", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.properties != null && ctx.azure.activitylogs.properties.eventCategory != null) {ctx.eventCategory = ctx.azure.activitylogs.properties.eventCategory} if (ctx.azure.activitylogs.properties != null && ctx.azure.activitylogs.properties.policies != null) { ctx.eventCategory = 'Policy'} if (ctx.eventCategory == null) {ctx.eventCategory='Administrative'}", + "ignore_failure": true + } + }, + { + "rename": { + "field": "eventCategory", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resultType", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.operationName", + "target_field": "azure.activitylogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.resultSignature", + "target_field": "azure.activitylogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleAssignmentScope", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_assignment_scope", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleDefinitionId", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_definition_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.roleAssignmentId", + "target_field": "azure.activitylogs.identity.authorization.evidence.role_assignment_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.principalId", + "target_field": "azure.activitylogs.identity.authorization.evidence.principal_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.authorization.evidence.principalType", + "target_field": "azure.activitylogs.identity.authorization.evidence.principal_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.serviceRequestId", + "target_field": "azure.activitylogs.properties.service_request_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.statusMessage", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.properties.statusCode", + "target_field": "azure.activitylogs.properties.status_code", + "ignore_missing": true + } + }, + { + "geoip" : { + "field" : "source.ip", + "target_field" : "geo", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.activitylogs.identity.claims.name", + "target_field": "azure.activitylogs.identity.claims_initiated_by_user.fullname", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.surname = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];}", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.name = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'];}", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'] != null) { ctx.azure.activitylogs.identity.claims_initiated_by_user.givenname = ctx.azure.activitylogs.identity.claims['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'];}", + "ignore_failure": true + } + }, + { + "set": { + "if" : "ctx.azure.activitylogs.identity!= null && ctx.azure.activitylogs.identity.claims_initiated_by_user != null && ctx.azure.activitylogs.identity.claims_initiated_by_user.name != null", + "field": "azure.activitylogs.identity.claims_initiated_by_user.schema", + "value": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.activitylogs.identity.claims != null) { ctx.temp_claims = new HashMap(); for (String key : ctx.azure.activitylogs.identity.claims.keySet()) { ctx.temp_claims[key.replace('.', '_')] = ctx.azure.activitylogs.identity.claims.get(key) ;}ctx.azure.activitylogs.identity.claims = ctx.temp_claims; ctx.remove('temp_claims');}", + "ignore_failure": true + } + }, + { + "pipeline": { + "name": "{{ IngestPipeline 'azure-shared-pipeline' }}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/fields.yml new file mode 100644 index 00000000000..71d2f808ce9 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/fields.yml @@ -0,0 +1,95 @@ +- name: azure.activitylogs + type: group + release: beta + fields: + - name: identity + type: group + fields: + - name: claims_initiated_by_user + type: group + fields: + - name: name + type: keyword + description: | + Name + - name: givenname + type: keyword + description: | + Givenname + - name: surname + type: keyword + description: | + Surname + - name: fullname + type: keyword + description: | + Fullname + - name: schema + type: keyword + description: | + Schema + - name: claims.* + type: object + description: | + Claims + - name: authorization + type: group + fields: + - name: scope + type: keyword + description: | + Scope + - name: action + type: keyword + description: | + Action + - name: evidence + type: group + fields: + - name: role_assignment_scope + type: keyword + description: | + Role assignment scope + - name: role_definition_id + type: keyword + description: | + Role definition ID + - name: role + type: keyword + description: | + Role + - name: role_assignment_id + type: keyword + description: | + Role assignment ID + - name: principal_id + type: keyword + description: | + Principal ID + - name: principal_type + type: keyword + description: | + Principal type + - name: operation_name + type: keyword + description: | + Operation name + - name: result_signature + type: keyword + description: | + Result signature + - name: category + type: keyword + description: | + Category + - name: properties + type: group + fields: + - name: service_request_id + type: keyword + description: | + Service Request Id + - name: status_code + type: keyword + description: | + Status code diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/package-fields.yml new file mode 100644 index 00000000000..7ae4d6ffb6c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/fields/package-fields.yml @@ -0,0 +1,42 @@ +- name: azure + type: group + fields: + - name: subscription_id + type: keyword + description: | + Azure subscription ID + - name: correlation_id + type: keyword + description: | + Correlation ID + - name: tenant_id + type: keyword + description: | + tenant ID + - name: resource + type: group + fields: + - name: id + type: keyword + description: | + Resource ID + - name: group + type: keyword + description: | + Resource group + - name: provider + type: keyword + description: | + Resource type/namespace + - name: namespace + type: keyword + description: | + Resource type/namespace + - name: name + type: keyword + description: | + Name + - name: authorization_rule + type: keyword + description: | + Authorization rule diff --git a/dev/packages/beats/azure/0.0.1/dataset/activitylogs/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/manifest.yml new file mode 100644 index 00000000000..14f70dc6b5a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/activitylogs/manifest.yml @@ -0,0 +1,20 @@ +title: Azure activitylogs logs +release: experimental +type: logs +streams: +- input: azure-eventhub + vars: + - name: eventhub + type: text + title: Eventhub + multi: false + required: true + show_user: true + default: insights-operational-logs + template_path: azure-eventhub.yml.hbs + title: Azure activitylogs logs (azure-eventhub) + description: Collect Azure activitylogs logs using azure-eventhub input +- input: logs + template_path: log.yml.hbs + title: Azure activitylogs logs (log) + description: Collect Azure activitylogs logs using log input diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/azure-eventhub.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/azure-eventhub.yml.hbs new file mode 100644 index 00000000000..47319c41caa --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/azure-eventhub.yml.hbs @@ -0,0 +1,6 @@ +connection_string: {{connection_string}} +eventhub: {{eventhub}} +consumer_group: {{consumer_group}} +storage_account: {{storage_account}} +storage_account_key: {{storage_account_key}} +resource_manager_endpoint: {{resource_manager_endpoint}} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/log.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a5151635ea --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json new file mode 100644 index 00000000000..9bfad9cf1bb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json @@ -0,0 +1,69 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "set": { + "field": "cloud.provider", + "value": "azure" + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : ".+", + "NAMESPACE": ".+", + "RULE": ".+" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : "([A-Z])\\w+.([A-Z])\\w+/([A-Z])\\w+.", + "NAME": "((?!AUTHORIZATIONRULES).)*$" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/providers/%{PROVIDER:azure.resource.provider}"], + "pattern_definitions" : { + "PROVIDER" : ".+" + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.resource_id", + "target_field": "azure.resource.id", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.event.outcome !=null) {ctx.event.outcome = ctx.event.outcome.substring(0,1).toUpperCase() + ctx.event.outcome.substring(1,ctx.event.outcome.length()).toLowerCase();}", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..5e862d8545b --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,194 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.auditlogs" + } + }, + { + "drop": { + "if" : "ctx.azure.auditlogs.category != 'AuditLogs'" + } + }, + { + "date": { + "field": "azure.auditlogs.time", + "target_field": "@timestamp", + "ignore_failure": true, + "formats": [ + "ISO8601" + ] + } + }, + { + "rename": { + "field": "azure.auditlogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = ctx.event.duration * params.param_nano", + "params": { + "param_nano": 1000000 + } + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.result", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "remove": { + "field": ["message", "azure.auditlogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.category", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.operationName", + "target_field": "azure.auditlogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.resultSignature", + "target_field": "azure.auditlogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.operationVersion", + "target_field": "azure.auditlogs.operation_version", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.tenantId", + "target_field": "azure.tenant_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.activityDisplayName", + "target_field": "azure.auditlogs.properties.activity_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.activityDateTime", + "target_field": "azure.auditlogs.properties.activity_datetime", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.additionalDetails", + "target_field": "azure.auditlogs.properties.additional_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.resultReason", + "target_field": "azure.auditlogs.properties.result_reason", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.correlationId", + "target_field": "azure.auditlogs.properties.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.loggedByService", + "target_field": "azure.auditlogs.properties.logged_by_service", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.operationType", + "target_field": "azure.auditlogs.properties.operation_type", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.azure.auditlogs.properties.targetResources != null) {ctx.azure.auditlogs.properties.target_resources = new HashMap(); for (def i = 0; i < ctx.azure.auditlogs.properties.targetResources.length; i++) { String index = String.valueOf(i); ctx.azure.auditlogs.properties.target_resources[index]= new HashMap(); if(ctx.azure.auditlogs.properties.targetResources[i].displayName!= null) {ctx.azure.auditlogs.properties.target_resources[index].display_name=ctx.azure.auditlogs.properties.targetResources[i].displayName;}ctx.azure.auditlogs.properties.target_resources[index].id=ctx.azure.auditlogs.properties.targetResources[i].id;ctx.azure.auditlogs.properties.target_resources[index].type=ctx.azure.auditlogs.properties.targetResources[i].type; if(ctx.azure.auditlogs.properties.targetResources[i].ipAddress!= null) {ctx.azure.auditlogs.properties.target_resources[index].ip_address=ctx.azure.auditlogs.properties.targetResources[i].ipAddress;} if (ctx.azure.auditlogs.properties.targetResources[i].userPrincipalName!=null) {ctx.azure.auditlogs.properties.target_resources[index].user_principal_name=ctx.azure.auditlogs.properties.targetResources[i].userPrincipalName;}ctx.azure.auditlogs.properties.target_resources[index].modified_properties= new HashMap(); for (def j = 0; j < ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties.length; j++) { String n = String.valueOf(j);ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n]= new HashMap();ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].display_name=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].displayName;ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].new_value=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].newValue;ctx.azure.auditlogs.properties.target_resources[index].modified_properties[n].old_value=ctx.azure.auditlogs.properties.targetResources[i].modifiedProperties[j].oldValue; }} ctx.azure.auditlogs.properties.remove('targetResources');}", + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.auditlogs.properties.initiatedBy", + "target_field": "azure.auditlogs.properties.initiated_by", + "ignore_missing": true + } + }, + { + "pipeline": { + "name": "{{ IngestPipeline 'azure-shared-pipeline' }}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/fields.yml new file mode 100644 index 00000000000..80f95837332 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/fields.yml @@ -0,0 +1,141 @@ +- name: azure.auditlogs + type: group + fields: + - name: operation_name + type: keyword + description: | + The operation name + - name: operation_version + type: keyword + description: | + The operation version + - name: identity + type: keyword + description: | + Identity + - name: tenant_id + type: keyword + description: | + Tenant ID + - name: result_signature + type: keyword + description: | + Result signature + - name: properties + type: group + fields: + - name: result + type: keyword + description: | + Log result + - name: activity_display_name + type: keyword + description: | + Activity display name + - name: result_reason + type: keyword + description: | + Reason for the log result + - name: correlation_id + type: keyword + description: | + Correlation ID + - name: logged_by_service + type: keyword + description: | + Logged by service + - name: operation_type + type: keyword + description: | + Operation type + - name: id + type: keyword + description: | + ID + - name: activity_datetime + type: date + description: | + Activity timestamp + - name: category + type: keyword + description: | + category + - name: target_resources.* + type: group + fields: + - name: display_name + type: keyword + description: | + Display name + - name: id + type: keyword + description: | + ID + - name: type + type: keyword + description: | + Type + - name: ip_address + type: keyword + description: | + ip Address + - name: user_principal_name + type: keyword + description: | + User principal name + - name: modified_properties.* + type: group + fields: + - name: new_value + type: keyword + description: | + New value + - name: display_name + type: keyword + description: | + Display value + - name: old_value + type: keyword + description: | + Old value + - name: initiated_by + type: group + fields: + - name: app + type: group + fields: + - name: servicePrincipalName + type: keyword + description: | + Service principal name + - name: displayName + type: keyword + description: | + Display name + - name: appId + type: keyword + description: | + App ID + - name: servicePrincipalId + type: keyword + description: | + Service principal ID + - name: user + type: group + fields: + - name: userPrincipalName + type: keyword + description: | + User principal name + - name: displayName + type: keyword + description: | + Display name + - name: id + type: keyword + description: | + ID + - name: ipAddress + type: keyword + description: | + ip Address diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/package-fields.yml new file mode 100644 index 00000000000..7ae4d6ffb6c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/fields/package-fields.yml @@ -0,0 +1,42 @@ +- name: azure + type: group + fields: + - name: subscription_id + type: keyword + description: | + Azure subscription ID + - name: correlation_id + type: keyword + description: | + Correlation ID + - name: tenant_id + type: keyword + description: | + tenant ID + - name: resource + type: group + fields: + - name: id + type: keyword + description: | + Resource ID + - name: group + type: keyword + description: | + Resource group + - name: provider + type: keyword + description: | + Resource type/namespace + - name: namespace + type: keyword + description: | + Resource type/namespace + - name: name + type: keyword + description: | + Name + - name: authorization_rule + type: keyword + description: | + Authorization rule diff --git a/dev/packages/beats/azure/0.0.1/dataset/auditlogs/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/manifest.yml new file mode 100644 index 00000000000..aef640eb5ff --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/auditlogs/manifest.yml @@ -0,0 +1,20 @@ +title: Azure auditlogs logs +release: experimental +type: logs +streams: +- input: azure-eventhub + vars: + - name: eventhub + type: text + title: Eventhub + multi: false + required: true + show_user: true + default: insights-logs-auditlogs + template_path: azure-eventhub.yml.hbs + title: Azure auditlogs logs (azure-eventhub) + description: Collect Azure auditlogs logs using azure-eventhub input +- input: logs + template_path: log.yml.hbs + title: Azure auditlogs logs (log) + description: Collect Azure auditlogs logs using log input diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0aad6209513 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["compute_vm"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/fields.yml new file mode 100644 index 00000000000..5c37a97a062 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.compute_vm.*.* + type: object + description: | + compute_vm + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/manifest.yml new file mode 100644 index 00000000000..818b1773e25 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm/manifest.yml @@ -0,0 +1,15 @@ +title: azure compute_vm metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure compute_vm metrics + description: Collect azure compute_vm metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ca0b0c030c0 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["compute_vm_scaleset"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/fields.yml new file mode 100644 index 00000000000..907bf346195 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.compute_vm_scaleset.*.* + type: object + description: | + compute_vm_scaleset + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/manifest.yml new file mode 100644 index 00000000000..c8e76984045 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/compute_vm_scaleset/manifest.yml @@ -0,0 +1,15 @@ +title: azure compute_vm_scaleset metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure compute_vm_scaleset metrics + description: Collect azure compute_vm_scaleset metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_instance/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/container_instance/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e9271883c58 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_instance/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["container_instance"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/fields.yml new file mode 100644 index 00000000000..67aa416c3cb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.container_instance.*.* + type: object + description: | + container instance + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_instance/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_instance/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/container_instance/manifest.yml new file mode 100644 index 00000000000..e3b6f725ea9 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_instance/manifest.yml @@ -0,0 +1,15 @@ +title: azure container_instance metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure container_instance metrics + description: Collect azure container_instance metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_registry/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/container_registry/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d4f7f4b7404 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_registry/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["container_registry"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/fields.yml new file mode 100644 index 00000000000..7dc04f132a7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.container_registry.*.* + type: object + description: | + container registry + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_registry/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_registry/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/container_registry/manifest.yml new file mode 100644 index 00000000000..f5cfda1f323 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_registry/manifest.yml @@ -0,0 +1,15 @@ +title: azure container_registry metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure container_registry metrics + description: Collect azure container_registry metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_service/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/container_service/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f2800c4519f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_service/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["container_service"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/fields.yml new file mode 100644 index 00000000000..58f0cd92702 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.container_service.*.* + type: object + description: | + container service + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_service/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/container_service/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/container_service/manifest.yml new file mode 100644 index 00000000000..f5927ad6d08 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/container_service/manifest.yml @@ -0,0 +1,15 @@ +title: azure container_service metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure container_service metrics + description: Collect azure container_service metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/database_account/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/database_account/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..cf8bd1d815a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/database_account/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["database_account"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/fields.yml new file mode 100644 index 00000000000..ed1ec264be3 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.database_account.*.* + type: object + description: | + database account + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/database_account/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/database_account/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/database_account/manifest.yml new file mode 100644 index 00000000000..39edca0bd82 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/database_account/manifest.yml @@ -0,0 +1,15 @@ +title: azure database_account metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure database_account metrics + description: Collect azure database_account metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/monitor/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/monitor/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9d92640e33c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/monitor/agent/stream/stream.yml.hbs @@ -0,0 +1,20 @@ +metricsets: ["monitor"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if refresh_list_interval}} +refresh_list_interval: {{refresh_list_interval}} +{{/if}} +{{#if resources}} +resources: {{resources}} +{{/if}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/fields.yml new file mode 100644 index 00000000000..3a3a83997c7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/fields.yml @@ -0,0 +1,8 @@ +- name: azure.monitor + type: group + release: ga + fields: + - name: metrics.*.* + type: object + description: | + Metrics returned. diff --git a/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/monitor/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/monitor/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/monitor/manifest.yml new file mode 100644 index 00000000000..777e96b688c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/monitor/manifest.yml @@ -0,0 +1,36 @@ +title: azure monitor metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + - name: refresh_list_interval + type: text + title: Refresh List Interval + multi: false + required: true + show_user: true + default: 600s + - name: resources + type: yaml + title: Resources + multi: false + required: true + show_user: true + default: | + - metrics: + - name: + - DataUsage + - DocumentCount + - DocumentQuota + namespace: Microsoft.DocumentDb/databaseAccounts + resource_query: resourceType eq 'Microsoft.DocumentDb/databaseAccounts' + title: azure monitor metrics + description: Collect azure monitor metrics diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/azure-eventhub.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/azure-eventhub.yml.hbs new file mode 100644 index 00000000000..47319c41caa --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/azure-eventhub.yml.hbs @@ -0,0 +1,6 @@ +connection_string: {{connection_string}} +eventhub: {{eventhub}} +consumer_group: {{consumer_group}} +storage_account: {{storage_account}} +storage_account_key: {{storage_account_key}} +resource_manager_endpoint: {{resource_manager_endpoint}} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/log.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a5151635ea --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json new file mode 100644 index 00000000000..9bfad9cf1bb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/azure-shared-pipeline.json @@ -0,0 +1,69 @@ +{ + "description": "Pipeline for parsing azure activity logs.", + "processors": [ + { + "set": { + "field": "cloud.provider", + "value": "azure" + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : ".+", + "NAMESPACE": ".+", + "RULE": ".+" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"], + "pattern_definitions" : { + "SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}", + "GROUPID" : ".+", + "PROVIDERNAME" : "([A-Z])\\w+.([A-Z])\\w+/([A-Z])\\w+.", + "NAME": "((?!AUTHORIZATIONRULES).)*$" + }, + "ignore_failure": true + } + }, + { + "grok": { + "field": "azure.resource_id", + "patterns": ["/providers/%{PROVIDER:azure.resource.provider}"], + "pattern_definitions" : { + "PROVIDER" : ".+" + }, + "ignore_failure": true + } + }, + { + "rename": { + "field": "azure.resource_id", + "target_field": "azure.resource.id", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.event.outcome !=null) {ctx.event.outcome = ctx.event.outcome.substring(0,1).toUpperCase() + ctx.event.outcome.substring(1,ctx.event.outcome.length()).toLowerCase();}", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..b024582f055 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,431 @@ +{ + "description": "Pipeline for parsing azure signin logs.", + "processors": [ + { + "rename" : { + "field" : "azure", + "target_field" : "azure-eventhub", + "ignore_missing": true + } + }, + { + "json" : { + "field" : "message", + "target_field" : "azure.signinlogs" + } + }, + { + "drop": { + "if" : "ctx.azure.signinlogs.category != 'SignInLogs'" + } + }, + { + "date": { + "field": "azure.signinlogs.time", + "target_field": "@timestamp", + "ignore_failure": false, + "formats": [ + "ISO8601" + ] + } + }, + { + "remove": { + "field": ["message", "azure.signinlogs.time"], + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resourceId", + "target_field": "azure.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.callerIpAddress", + "target_field": "source.ip", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.Level", + "target_field": "log.level", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.durationMs", + "target_field": "event.duration", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = ctx.event.duration * params.param_nano", + "params": { + "param_nano": 1000000 + } + } + }, + { + "rename": { + "field": "azure.signinlogs.location", + "target_field": "geo.country_iso_code", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultType", + "target_field": "event.outcome", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.category", + "target_field": "event.category", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.operationName", + "target_field": "azure.signinlogs.operation_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultSignature", + "target_field": "azure.signinlogs.result_signature", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.resultDescription", + "target_field": "azure.signinlogs.result_description", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.operationVersion", + "target_field": "azure.signinlogs.operation_version", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.tenantId", + "target_field": "azure.tenant_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.correlationId", + "target_field": "azure.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.networkLocationDetails", + "target_field": "azure.signinlogs.properties.network_location_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.resourceId", + "target_field": "azure.signinlogs.properties.resource_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appliedConditionalAccessPolicies", + "target_field": "azure.signinlogs.properties.applied_conditional_access_policies", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationDetails", + "target_field": "azure.signinlogs.properties.authentication_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationRequirementPolicies", + "target_field": "azure.signinlogs.properties.authentication_requirement_policies", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.authenticationProcessingDetails", + "target_field": "azure.signinlogs.properties.authentication_processing_details", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.deviceDetail", + "target_field": "azure.signinlogs.properties.device_detail", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.deviceId", + "target_field": "azure.signinlogs.properties.device_detail.device_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.operatingSystem", + "target_field": "azure.signinlogs.properties.device_detail.operating_system", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.displayName", + "target_field": "azure.signinlogs.properties.device_detail.display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.device_detail.trustType", + "target_field": "azure.signinlogs.properties.device_detail.trust_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.createdDateTime", + "target_field": "azure.signinlogs.properties.created_at", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userDisplayName", + "target_field": "azure.signinlogs.properties.user_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.correlationId", + "target_field": "azure.signinlogs.properties.correlation_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userPrincipalName", + "target_field": "azure.signinlogs.properties.user_principal_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.userId", + "target_field": "azure.signinlogs.properties.user_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appId", + "target_field": "azure.signinlogs.properties.app_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.appDisplayName", + "target_field": "azure.signinlogs.properties.app_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.ipAddress", + "target_field": "azure.signinlogs.properties.ip_address", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.clientAppUsed", + "target_field": "azure.signinlogs.properties.client_app_used", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.conditionalAccessStatus", + "target_field": "azure.signinlogs.properties.conditional_access_status", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.originalRequestId", + "target_field": "azure.signinlogs.properties.original_request_id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.isInteractive", + "target_field": "azure.signinlogs.properties.is_interactive", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.tokenIssuerName", + "target_field": "azure.signinlogs.properties.token_issuer_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.tokenIssuerType", + "target_field": "azure.signinlogs.properties.token_issuer_type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.processingTimeInMilliseconds", + "target_field": "azure.signinlogs.properties.processing_time_ms", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskDetail", + "target_field": "azure.signinlogs.properties.risk_detail", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskLevelAggregated", + "target_field": "azure.signinlogs.properties.risk_level_aggregated", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskLevelDuringSignIn", + "target_field": "azure.signinlogs.properties.risk_level_during_signin", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.riskState", + "target_field": "azure.signinlogs.properties.risk_state", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.resourceDisplayName", + "target_field": "azure.signinlogs.properties.resource_display_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.errorCode", + "target_field": "azure.signinlogs.properties.status.error_code", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.failureReason", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.status.additionalDetails", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.city", + "target_field": "geo.city_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.state", + "target_field": "geo.country_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.geoCoordinates.latitude", + "target_field": "geo.location.lat", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.location.geoCoordinates.longitude", + "target_field": "geo.location.lon", + "ignore_missing": true + } + }, + { + "rename": { + "field": "azure.signinlogs.properties.servicePrincipalId", + "target_field": "azure.signinlogs.properties.service_principal_id", + "ignore_missing": true + } + }, + { + "remove": { + "field": ["azure.signinlogs.properties.location"], + "ignore_missing": true + } + }, + { + "pipeline": { + "name": "{{ IngestPipeline 'azure-shared-pipeline' }}" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/fields.yml new file mode 100644 index 00000000000..08cd732b330 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/fields.yml @@ -0,0 +1,148 @@ +- name: azure.signinlogs + type: group + fields: + - name: operation_name + type: keyword + description: | + The operation name + - name: operation_version + type: keyword + description: | + The operation version + - name: tenant_id + type: keyword + description: | + Tenant ID + - name: result_signature + type: keyword + description: | + Result signature + - name: result_description + type: keyword + description: | + Result description + - name: identity + type: keyword + description: | + Identity + - name: properties + type: group + fields: + - name: id + type: keyword + description: | + ID + - name: created_at + type: date + description: | + Created date time + - name: user_display_name + type: keyword + description: | + User display name + - name: correlation_id + type: keyword + description: | + Correlation ID + - name: user_principal_name + type: keyword + description: | + User principal name + - name: user_id + type: keyword + description: | + User ID + - name: app_id + type: keyword + description: | + App ID + - name: app_display_name + type: keyword + description: | + App display name + - name: ip_address + type: keyword + description: | + Ip address + - name: client_app_used + type: keyword + description: | + Client app used + - name: conditional_access_status + type: keyword + description: | + Conditional access status + - name: original_request_id + type: keyword + description: | + Original request ID + - name: is_interactive + type: keyword + description: | + Is interactive + - name: token_issuer_name + type: keyword + description: | + Token issuer name + - name: token_issuer_type + type: keyword + description: | + Token issuer type + - name: processing_time_ms + type: float + description: | + Processing time in milliseconds + - name: risk_detail + type: keyword + description: | + Risk detail + - name: risk_level_aggregated + type: keyword + description: | + Risk level aggregated + - name: risk_level_during_signin + type: keyword + description: | + Risk level during signIn + - name: risk_state + type: keyword + description: | + Risk state + - name: resource_display_name + type: keyword + description: | + Resource display name + - name: status + type: group + fields: + - name: error_code + type: keyword + description: | + Error code + - name: device_detail + type: group + fields: + - name: device_id + type: keyword + description: | + Device ID + - name: operating_system + type: keyword + description: | + Operating system + - name: browser + type: keyword + description: | + Browser + - name: display_name + type: keyword + description: | + Display name + - name: trust_type + type: keyword + description: | + Trust type + - name: service_principal_id + type: keyword + description: | + Status diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/package-fields.yml new file mode 100644 index 00000000000..7ae4d6ffb6c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/fields/package-fields.yml @@ -0,0 +1,42 @@ +- name: azure + type: group + fields: + - name: subscription_id + type: keyword + description: | + Azure subscription ID + - name: correlation_id + type: keyword + description: | + Correlation ID + - name: tenant_id + type: keyword + description: | + tenant ID + - name: resource + type: group + fields: + - name: id + type: keyword + description: | + Resource ID + - name: group + type: keyword + description: | + Resource group + - name: provider + type: keyword + description: | + Resource type/namespace + - name: namespace + type: keyword + description: | + Resource type/namespace + - name: name + type: keyword + description: | + Name + - name: authorization_rule + type: keyword + description: | + Authorization rule diff --git a/dev/packages/beats/azure/0.0.1/dataset/signinlogs/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/manifest.yml new file mode 100644 index 00000000000..b8bc7ac141c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/signinlogs/manifest.yml @@ -0,0 +1,20 @@ +title: Azure signinlogs logs +release: experimental +type: logs +streams: +- input: azure-eventhub + vars: + - name: eventhub + type: text + title: Eventhub + multi: false + required: true + show_user: true + default: insights-logs-signinlogs + template_path: azure-eventhub.yml.hbs + title: Azure signinlogs logs (azure-eventhub) + description: Collect Azure signinlogs logs using azure-eventhub input +- input: logs + template_path: log.yml.hbs + title: Azure signinlogs logs (log) + description: Collect Azure signinlogs logs using log input diff --git a/dev/packages/beats/azure/0.0.1/dataset/storage/agent/stream/stream.yml.hbs b/dev/packages/beats/azure/0.0.1/dataset/storage/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..153c30b5530 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/storage/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["storage"] +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +period: {{period}} +{{#if subscription_id}} +subscription_id: {{subscription_id}} +{{/if}} +{{#if tenant_id}} +tenant_id: {{tenant_id}} +{{/if}} diff --git a/dev/packages/beats/azure/0.0.1/dataset/storage/fields/fields.yml b/dev/packages/beats/azure/0.0.1/dataset/storage/fields/fields.yml new file mode 100644 index 00000000000..1cb8504dcb5 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/storage/fields/fields.yml @@ -0,0 +1,5 @@ +- name: azure.storage.*.* + type: object + description: | + storage account + release: ga diff --git a/dev/packages/beats/azure/0.0.1/dataset/storage/fields/package-fields.yml b/dev/packages/beats/azure/0.0.1/dataset/storage/fields/package-fields.yml new file mode 100644 index 00000000000..ae097948cd6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/storage/fields/package-fields.yml @@ -0,0 +1,34 @@ +- name: azure + type: group + fields: + - name: timegrain + type: keyword + description: | + The Azure metric timegrain + - name: resource + type: group + fields: + - name: type + type: keyword + description: | + The type of the resource + - name: group + type: keyword + description: | + The resource group + - name: tags.* + type: object + description: | + Azure resource tags. + - name: namespace + type: keyword + description: | + The namespace selected + - name: subscription_id + type: keyword + description: | + The subscription ID + - name: dimensions.* + type: object + description: | + Azure metric dimensions. diff --git a/dev/packages/beats/azure/0.0.1/dataset/storage/manifest.yml b/dev/packages/beats/azure/0.0.1/dataset/storage/manifest.yml new file mode 100644 index 00000000000..85909f134f8 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/dataset/storage/manifest.yml @@ -0,0 +1,15 @@ +title: azure storage metrics +release: experimental +type: metrics +streams: +- input: azure/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + title: azure storage metrics + description: Collect azure storage metrics diff --git a/dev/packages/beats/azure/0.0.1/docs/README.md b/dev/packages/beats/azure/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/img/filebeat-azure-overview.png b/dev/packages/beats/azure/0.0.1/img/filebeat-azure-overview.png new file mode 100644 index 00000000000..32c5a7202d8 Binary files /dev/null and b/dev/packages/beats/azure/0.0.1/img/filebeat-azure-overview.png differ diff --git a/dev/packages/beats/azure/0.0.1/img/logo_azure.svg b/dev/packages/beats/azure/0.0.1/img/logo_azure.svg new file mode 100644 index 00000000000..7595554fffa --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/img/logo_azure.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-storage-overview.png b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-storage-overview.png new file mode 100644 index 00000000000..97d8ddcfa01 Binary files /dev/null and b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-storage-overview.png differ diff --git a/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-guestmetrics-overview.png b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-guestmetrics-overview.png new file mode 100644 index 00000000000..0f219790f42 Binary files /dev/null and b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-guestmetrics-overview.png differ diff --git a/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-overview.png b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-overview.png new file mode 100644 index 00000000000..22136049b49 Binary files /dev/null and b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vm-overview.png differ diff --git a/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vmss-overview.png b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vmss-overview.png new file mode 100644 index 00000000000..c14569604ba Binary files /dev/null and b/dev/packages/beats/azure/0.0.1/img/metricbeat-azure-vmss-overview.png differ diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..a3a3d6612cc --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "description": "This dashboard provides expanded alerts overview for Azure cloud", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "676fd632-a9c1-46ed-829b-ca5b55817379", + "w": 14, + "x": 7, + "y": 0 + }, + "panelIndex": "676fd632-a9c1-46ed-829b-ca5b55817379", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "096b4eaa-072e-455f-befa-3076f71be12d", + "w": 27, + "x": 21, + "y": 0 + }, + "panelIndex": "096b4eaa-072e-455f-befa-3076f71be12d", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "162fb43e-fff3-4f50-aa9b-a713418bd651", + "w": 27, + "x": 21, + "y": 15 + }, + "panelIndex": "162fb43e-fff3-4f50-aa9b-a713418bd651", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "36fb5c08-80d9-4a1c-8fde-9c063381fdd8", + "w": 21, + "x": 0, + "y": 4 + }, + "panelIndex": "36fb5c08-80d9-4a1c-8fde-9c063381fdd8", + "panelRefName": "panel_4", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Alerts Overview", + "version": 1 + }, + "id": "0f559cc0-f0d5-11e9-90ec-112a988266d5", + "references": [ + { + "id": "46544960-f0d5-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c704b050-f0de-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..2c31104ad8c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,281 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for queue storage type in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "queue", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "azure.namespace", + "negate": false, + "params": { + "query": "Microsoft.Storage/storageAccounts/queueServices" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.namespace": "Microsoft.Storage/storageAccounts/queueServices" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "933a427d-a8b7-48ff-ac53-337f32b340ea", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "933a427d-a8b7-48ff-ac53-337f32b340ea", + "panelRefName": "panel_0", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Availability" + }, + "gridData": { + "h": 9, + "i": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "w": 5, + "x": 9, + "y": 0 + }, + "panelIndex": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "panelRefName": "panel_1", + "title": "Availability", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "0b4107a7-6a3d-4092-9813-00edb56bc838", + "w": 5, + "x": 14, + "y": 0 + }, + "panelIndex": "0b4107a7-6a3d-4092-9813-00edb56bc838", + "panelRefName": "panel_2", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "cf022a47-2314-4ab6-b397-b1d860944179", + "w": 5, + "x": 19, + "y": 0 + }, + "panelIndex": "cf022a47-2314-4ab6-b397-b1d860944179", + "panelRefName": "panel_3", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "9d84188c-5a30-41ac-81cc-fe4fed360dd3", + "w": 5, + "x": 24, + "y": 0 + }, + "panelIndex": "9d84188c-5a30-41ac-81cc-fe4fed360dd3", + "panelRefName": "panel_4", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Transactions" + }, + "gridData": { + "h": 9, + "i": "1d623c03-4d02-4a81-b91e-49e82e112016", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "1d623c03-4d02-4a81-b91e-49e82e112016", + "panelRefName": "panel_5", + "title": "Transactions", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 15, + "i": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "panelRefName": "panel_6", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success Server Latency" + }, + "gridData": { + "h": 15, + "i": "87066244-7840-4555-9d12-026d64977f1a", + "w": 20, + "x": 9, + "y": 9 + }, + "panelIndex": "87066244-7840-4555-9d12-026d64977f1a", + "panelRefName": "panel_7", + "title": "Success Server Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success E2E Latency" + }, + "gridData": { + "h": 15, + "i": "756da375-e6a2-4668-af43-0cd294878254", + "w": 19, + "x": 29, + "y": 9 + }, + "panelIndex": "756da375-e6a2-4668-af43-0cd294878254", + "panelRefName": "panel_8", + "title": "Success E2E Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Egress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "a715fafc-ca38-410c-9253-12ba506eabc0", + "w": 20, + "x": 9, + "y": 24 + }, + "panelIndex": "a715fafc-ca38-410c-9253-12ba506eabc0", + "panelRefName": "panel_9", + "title": "Egress Traffic by APIName", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Ingress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "75f72920-be71-47a9-a967-f1c862ab2961", + "w": 19, + "x": 29, + "y": 24 + }, + "panelIndex": "75f72920-be71-47a9-a967-f1c862ab2961", + "panelRefName": "panel_10", + "title": "Ingress Traffic by APIName", + "version": "7.7.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Queue Storage Overview", + "version": 1 + }, + "id": "10efa340-32f8-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "09f05e00-32f7-11ea-a83e-25b8612d00cc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e159b990-339c-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "2bedaca0-339d-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0241cc10-339d-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..efad2c2bc8c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,275 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for different storage types in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "3e05fed8-0edd-4973-a640-3499c62b141d", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "3e05fed8-0edd-4973-a640-3499c62b141d", + "panelRefName": "panel_0", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Availability" + }, + "gridData": { + "h": 9, + "i": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "w": 5, + "x": 9, + "y": 0 + }, + "panelIndex": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "panelRefName": "panel_1", + "title": "Availability", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "ed66fab5-f4e7-45d9-b27f-2315e0a10850", + "w": 5, + "x": 14, + "y": 0 + }, + "panelIndex": "ed66fab5-f4e7-45d9-b27f-2315e0a10850", + "panelRefName": "panel_2", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "71f11ae2-b13c-49b5-ae16-3d6d5e1dacec", + "w": 5, + "x": 19, + "y": 0 + }, + "panelIndex": "71f11ae2-b13c-49b5-ae16-3d6d5e1dacec", + "panelRefName": "panel_3", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "dae9895e-c53a-4989-bab1-1b7b7c233c56", + "w": 5, + "x": 24, + "y": 0 + }, + "panelIndex": "dae9895e-c53a-4989-bab1-1b7b7c233c56", + "panelRefName": "panel_4", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Transactions" + }, + "gridData": { + "h": 9, + "i": "1d623c03-4d02-4a81-b91e-49e82e112016", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "1d623c03-4d02-4a81-b91e-49e82e112016", + "panelRefName": "panel_5", + "title": "Transactions", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 15, + "i": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "panelRefName": "panel_6", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Success Server Latency" + }, + "gridData": { + "h": 15, + "i": "87066244-7840-4555-9d12-026d64977f1a", + "w": 20, + "x": 9, + "y": 9 + }, + "panelIndex": "87066244-7840-4555-9d12-026d64977f1a", + "panelRefName": "panel_7", + "title": "Success Server Latency", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Success E2E Latency" + }, + "gridData": { + "h": 15, + "i": "756da375-e6a2-4668-af43-0cd294878254", + "w": 19, + "x": 29, + "y": 9 + }, + "panelIndex": "756da375-e6a2-4668-af43-0cd294878254", + "panelRefName": "panel_8", + "title": "Success E2E Latency", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Used Capacity by Resource" + }, + "gridData": { + "h": 18, + "i": "bf57aed2-3b69-4c8c-b602-e9054d08deb9", + "w": 9, + "x": 0, + "y": 20 + }, + "panelIndex": "bf57aed2-3b69-4c8c-b602-e9054d08deb9", + "panelRefName": "panel_9", + "title": "Used Capacity by Resource", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Egress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "a715fafc-ca38-410c-9253-12ba506eabc0", + "w": 20, + "x": 9, + "y": 24 + }, + "panelIndex": "a715fafc-ca38-410c-9253-12ba506eabc0", + "panelRefName": "panel_10", + "title": "Egress Traffic by APIName", + "version": "7.5.0" + }, + { + "embeddableConfig": { + "title": "Ingress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "75f72920-be71-47a9-a967-f1c862ab2961", + "w": 19, + "x": 29, + "y": 24 + }, + "panelIndex": "75f72920-be71-47a9-a967-f1c862ab2961", + "panelRefName": "panel_11", + "title": "Ingress Traffic by APIName", + "version": "7.5.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Storage Overview", + "version": 1 + }, + "id": "1a151f80-32db-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "fcc24d70-32f5-11ea-a83e-25b8612d00cc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "634b83c0-32ee-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "33d645e0-32ed-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "2219de20-32ed-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "109ec950-32e6-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/41e84340-ec20-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/41e84340-ec20-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..6456e1cdff4 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/41e84340-ec20-11e9-90ec-112a988266d5.json @@ -0,0 +1,303 @@ +{ + "attributes": { + "description": "This dashboard provides an overview of user activity, alerts and resource in Azure cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "6b6e7452-979c-4f78-afc2-cc58fcf105ff", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "6b6e7452-979c-4f78-afc2-cc58fcf105ff", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "042f777a-5e41-41e8-9d6e-d842473a8aed", + "w": 15, + "x": 9, + "y": 0 + }, + "panelIndex": "042f777a-5e41-41e8-9d6e-d842473a8aed", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Activity Level" + }, + "gridData": { + "h": 8, + "i": "1e73bca7-8569-41b5-830e-2f762602219a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1e73bca7-8569-41b5-830e-2f762602219a", + "panelRefName": "panel_2", + "title": "Activity Level", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "d9465e9f-49f1-4173-b1a4-fea9ee3120ab", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "d9465e9f-49f1-4173-b1a4-fea9ee3120ab", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Access Requests" + }, + "gridData": { + "h": 7, + "i": "18ec1e20-202b-4a40-8d0d-22060ac3e23c", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "18ec1e20-202b-4a40-8d0d-22060ac3e23c", + "panelRefName": "panel_4", + "title": "Access Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Active Users" + }, + "gridData": { + "h": 11, + "i": "d2bdec0f-dde1-4925-bf7e-afbc430c0eca", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "d2bdec0f-dde1-4925-bf7e-afbc430c0eca", + "panelRefName": "panel_5", + "title": "Top Active Users", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Alerts Overview" + }, + "gridData": { + "h": 7, + "i": "3bcc964d-6862-4fdd-9d82-f7510cc02162", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "3bcc964d-6862-4fdd-9d82-f7510cc02162", + "panelRefName": "panel_6", + "title": "Alerts Overview", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Service Health" + }, + "gridData": { + "h": 7, + "i": "74436614-9dfc-4c38-bc58-8cb76c348f37", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "74436614-9dfc-4c38-bc58-8cb76c348f37", + "panelRefName": "panel_7", + "title": "Service Health", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Resource Groups", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 19, + "i": "a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8", + "w": 24, + "x": 0, + "y": 21 + }, + "panelIndex": "a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8", + "panelRefName": "panel_8", + "title": "Top Resource Groups", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "644c6151-fd05-4b2e-b18e-30843697e932", + "w": 12, + "x": 24, + "y": 22 + }, + "panelIndex": "644c6151-fd05-4b2e-b18e-30843697e932", + "panelRefName": "panel_9", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 6, + "i": "3d5ccff8-6576-4a1c-b3ee-363ae665906e", + "w": 12, + "x": 36, + "y": 22 + }, + "panelIndex": "3d5ccff8-6576-4a1c-b3ee-363ae665906e", + "panelRefName": "panel_10", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "legendOpen": false, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "1a6dce1d-d039-4d18-87c7-1b700da676c2", + "w": 12, + "x": 24, + "y": 28 + }, + "panelIndex": "1a6dce1d-d039-4d18-87c7-1b700da676c2", + "panelRefName": "panel_11", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "legendOpen": false, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "w": 12, + "x": 36, + "y": 28 + }, + "panelIndex": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "panelRefName": "panel_12", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Cloud Overview", + "version": 1 + }, + "id": "41e84340-ec20-11e9-90ec-112a988266d5", + "references": [ + { + "id": "fe24ac90-f05a-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "da67d650-ec14-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e4c7f4b0-f045-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "709995e0-ec16-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ffe22180-ec1c-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "bc65e840-ec1e-11e9-90ec-112a988266d5", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "71b62ca0-ec1a-11e9-90ec-112a988266d5", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "e37cd3d0-ec23-11e9-90ec-112a988266d5", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "6db84660-53e9-11ea-b1b7-7de801e1c297", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..7f5968cd04a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for the container registry in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "51fee31f-97e1-4f8e-aeb2-daeca1ccf9be", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "51fee31f-97e1-4f8e-aeb2-daeca1ccf9be", + "panelRefName": "panel_0", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Registry Successful Pull Count" + }, + "gridData": { + "h": 16, + "i": "dde974c7-6d81-4580-9b7f-c7a999ecc19e", + "w": 18, + "x": 9, + "y": 0 + }, + "panelIndex": "dde974c7-6d81-4580-9b7f-c7a999ecc19e", + "panelRefName": "panel_1", + "title": "Container Registry Successful Pull Count", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Registry Successful Push Count" + }, + "gridData": { + "h": 16, + "i": "25a02616-f735-494a-97f7-4a56531e9e5e", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "25a02616-f735-494a-97f7-4a56531e9e5e", + "panelRefName": "panel_2", + "title": "Container Registry Successful Push Count", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Containers Filters" + }, + "gridData": { + "h": 11, + "i": "ec183a66-545b-4a67-bfb4-568def660612", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ec183a66-545b-4a67-bfb4-568def660612", + "panelRefName": "panel_3", + "title": "Containers Filters", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Registry Total Pull Count" + }, + "gridData": { + "h": 15, + "i": "7f508c43-afd7-4874-86ef-c6976700759b", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "7f508c43-afd7-4874-86ef-c6976700759b", + "panelRefName": "panel_4", + "title": "Container Registry Total Pull Count", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Registry Total Push Count" + }, + "gridData": { + "h": 15, + "i": "97a048da-9b56-420b-af8c-1f0d568f0f94", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "97a048da-9b56-420b-af8c-1f0d568f0f94", + "panelRefName": "panel_5", + "title": "Container Registry Total Push Count", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Container Registry Overview", + "version": 1 + }, + "id": "6f2393f0-6d08-11ea-8fe8-71add5fd7c38", + "references": [ + { + "id": "1e70dc50-6d22-11ea-8fe8-71add5fd7c38", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "7972b260-6d07-11ea-8fe8-71add5fd7c38", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "b88b7f90-6d07-11ea-8fe8-71add5fd7c38", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0fa31060-6aae-11ea-af5c-73e8f396b3e9", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "ff303710-6d07-11ea-8fe8-71add5fd7c38", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ddea7430-6d07-11ea-8fe8-71add5fd7c38", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/87095750-f05a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/87095750-f05a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..744c0728931 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/87095750-f05a-11e9-90ec-112a988266d5.json @@ -0,0 +1,260 @@ +{ + "attributes": { + "description": "This dashboard shows expanded user activity in Azure cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "azure.activitylogs.identity.claims_initiated_by_user.fullname" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "azure.activitylogs.identity.claims_initiated_by_user.fullname", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "675f172f-dbec-44fe-b45c-fe854a967695", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "675f172f-dbec-44fe-b45c-fe854a967695", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "705596b5-db2e-4c45-875d-95d98bfb7ee8", + "w": 16, + "x": 8, + "y": 0 + }, + "panelIndex": "705596b5-db2e-4c45-875d-95d98bfb7ee8", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "ace19840-2084-45bd-bf86-9ab31b04a17b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "ace19840-2084-45bd-bf86-9ab31b04a17b", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Users List" + }, + "gridData": { + "h": 15, + "i": "d4d708e1-d179-4688-8005-54e2162a82d2", + "w": 11, + "x": 0, + "y": 4 + }, + "panelIndex": "d4d708e1-d179-4688-8005-54e2162a82d2", + "panelRefName": "panel_3", + "title": "Users List", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Caller IPs" + }, + "gridData": { + "h": 15, + "i": "5774219c-fb45-4480-bdfb-75a69bdc2cfe", + "w": 13, + "x": 11, + "y": 4 + }, + "panelIndex": "5774219c-fb45-4480-bdfb-75a69bdc2cfe", + "panelRefName": "panel_4", + "title": "Top Caller IPs", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5deee186-fe00-4edc-9e5b-86d8d09f6550", + "w": 24, + "x": 24, + "y": 9 + }, + "panelIndex": "5deee186-fe00-4edc-9e5b-86d8d09f6550", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Resource Groups", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "2fa13b32-c544-45f7-9132-620d09d121eb", + "w": 16, + "x": 0, + "y": 19 + }, + "panelIndex": "2fa13b32-c544-45f7-9132-620d09d121eb", + "panelRefName": "panel_6", + "title": "Top Resource Groups", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "legendOpen": false, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 7, + "i": "1a6dce1d-d039-4d18-87c7-1b700da676c2", + "w": 17, + "x": 16, + "y": 19 + }, + "panelIndex": "1a6dce1d-d039-4d18-87c7-1b700da676c2", + "panelRefName": "panel_7", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "legendOpen": false, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 8, + "i": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "w": 17, + "x": 16, + "y": 26 + }, + "panelIndex": "8fddd3bb-c1e6-4533-b075-1ab7361b3af0", + "panelRefName": "panel_8", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Resource Types" + }, + "gridData": { + "h": 15, + "i": "84583e62-1aad-4f03-a25a-c4f9eaace8c0", + "w": 15, + "x": 33, + "y": 19 + }, + "panelIndex": "84583e62-1aad-4f03-a25a-c4f9eaace8c0", + "panelRefName": "panel_9", + "title": "Top Resource Types", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Logs Azure] User Activity", + "version": 1 + }, + "id": "87095750-f05a-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "c43855e0-f05a-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b0471750-f05b-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e0203fc0-f05f-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "52da1700-f05d-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "6ece76d0-f0cc-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "0dd135c0-f0cc-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "71b62ca0-ec1a-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "6db84660-53e9-11ea-b1b7-7de801e1c297", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "9ed46680-f0ce-11e9-90ec-112a988266d5", + "name": "panel_9", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/91afcc50-eaad-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/91afcc50-eaad-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..12cf2f227ee --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/91afcc50-eaad-11e9-90ec-112a988266d5.json @@ -0,0 +1,217 @@ +{ + "attributes": { + "description": "This dashboard visualized relevant metrics for VMs running on Azure cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 12, + "i": "d84767cd-3fc9-438c-a969-f15c4d5fc9c5", + "w": 6, + "x": 0, + "y": 0 + }, + "panelIndex": "d84767cd-3fc9-438c-a969-f15c4d5fc9c5", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Percentage CPU" + }, + "gridData": { + "h": 12, + "i": "127eff01-d34c-4bda-8f19-4cf06982989f", + "w": 20, + "x": 6, + "y": 0 + }, + "panelIndex": "127eff01-d34c-4bda-8f19-4cf06982989f", + "panelRefName": "panel_1", + "title": "Percentage CPU", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Available Memory" + }, + "gridData": { + "h": 12, + "i": "2f85c4f1-a575-49a1-99d3-fbed8a2806ec", + "w": 22, + "x": 26, + "y": 0 + }, + "panelIndex": "2f85c4f1-a575-49a1-99d3-fbed8a2806ec", + "panelRefName": "panel_2", + "title": "Available Memory", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Disk Reads" + }, + "gridData": { + "h": 11, + "i": "6cbc30b4-658e-4f7a-a888-221775fd0af3", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "6cbc30b4-658e-4f7a-a888-221775fd0af3", + "panelRefName": "panel_3", + "title": "Disk Reads", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Network In Total" + }, + "gridData": { + "h": 11, + "i": "e195e7ba-c736-4bf7-9f23-c96f4acd9b6b", + "w": 12, + "x": 0, + "y": 12 + }, + "panelIndex": "e195e7ba-c736-4bf7-9f23-c96f4acd9b6b", + "panelRefName": "panel_4", + "title": "Network In Total", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Network Out Total" + }, + "gridData": { + "h": 11, + "i": "64fc0214-97f7-4d52-a9bd-a91449293f1c", + "w": 12, + "x": 12, + "y": 12 + }, + "panelIndex": "64fc0214-97f7-4d52-a9bd-a91449293f1c", + "panelRefName": "panel_5", + "title": "Network Out Total", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Disk Writes" + }, + "gridData": { + "h": 11, + "i": "12c9c185-81ed-4313-b274-b3384de2d396", + "w": 12, + "x": 24, + "y": 12 + }, + "panelIndex": "12c9c185-81ed-4313-b274-b3384de2d396", + "panelRefName": "panel_6", + "title": "Disk Writes", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Disk Read Operations/s" + }, + "gridData": { + "h": 15, + "i": "200ae92b-4184-4aed-9868-6ce5e16e7a8d", + "w": 24, + "x": 0, + "y": 23 + }, + "panelIndex": "200ae92b-4184-4aed-9868-6ce5e16e7a8d", + "panelRefName": "panel_7", + "title": "Disk Read Operations/s", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Disk Write Operations/s" + }, + "gridData": { + "h": 15, + "i": "36c46a84-3e6b-4a7e-9246-357ae9d10d1e", + "w": 24, + "x": 24, + "y": 23 + }, + "panelIndex": "36c46a84-3e6b-4a7e-9246-357ae9d10d1e", + "panelRefName": "panel_8", + "title": "Disk Write Operations/s", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] VM Scale Sets Overview ", + "version": 1 + }, + "id": "91afcc50-eaad-11e9-90ec-112a988266d5", + "references": [ + { + "id": "686bc990-ea92-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "33500790-eaaf-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cecd6680-eb41-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "42cc28d0-ea9a-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "64266ec0-eb42-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b45fd8e0-eb42-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "0d03a670-eb43-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "9c1a1910-ea9a-11e9-90ec-112a988266d5", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cfaedaf0-eb43-11e9-90ec-112a988266d5", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..e0f9a7b0360 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for the container instances in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "c3f93abd-4a7c-43fa-bde7-d26925082d2f", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "c3f93abd-4a7c-43fa-bde7-d26925082d2f", + "panelRefName": "panel_0", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Instance CPU Utilization" + }, + "gridData": { + "h": 16, + "i": "ea4c505b-43fb-4869-a94a-bba028071ecc", + "w": 17, + "x": 11, + "y": 0 + }, + "panelIndex": "ea4c505b-43fb-4869-a94a-bba028071ecc", + "panelRefName": "panel_1", + "title": "Container Instance CPU Utilization", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Instance Memory Utilization" + }, + "gridData": { + "h": 16, + "i": "0899027b-629e-4889-821f-45ee0161bd91", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "0899027b-629e-4889-821f-45ee0161bd91", + "panelRefName": "panel_2", + "title": "Container Instance Memory Utilization", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Containers Filters" + }, + "gridData": { + "h": 11, + "i": "f72bd066-3696-4e0a-9660-78fb47c92152", + "w": 11, + "x": 0, + "y": 5 + }, + "panelIndex": "f72bd066-3696-4e0a-9660-78fb47c92152", + "panelRefName": "panel_3", + "title": "Containers Filters", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Instance Netowrk Bytes Received/s" + }, + "gridData": { + "h": 15, + "i": "7c9016b9-a76e-41f6-9945-ac6880fd9ab0", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "7c9016b9-a76e-41f6-9945-ac6880fd9ab0", + "panelRefName": "panel_4", + "title": "Container Instance Netowrk Bytes Received/s", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Instance Network Bytes Transmitted/s" + }, + "gridData": { + "h": 15, + "i": "0abdf4ee-b569-430b-972a-a60160ef2221", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "0abdf4ee-b569-430b-972a-a60160ef2221", + "panelRefName": "panel_5", + "title": "Container Instance Network Bytes Transmitted/s", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Container Instance Overview", + "version": 1 + }, + "id": "9c11ac60-6cf6-11ea-8fe8-71add5fd7c38", + "references": [ + { + "id": "5720b830-6aad-11ea-af5c-73e8f396b3e9", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "04f8eec0-6ab1-11ea-af5c-73e8f396b3e9", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "942844b0-6ac5-11ea-af5c-73e8f396b3e9", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0fa31060-6aae-11ea-af5c-73e8f396b3e9", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "bd1c93b0-6cf7-11ea-8fe8-71add5fd7c38", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "74a8e130-6cfa-11ea-8fe8-71add5fd7c38", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/a6f5d430-eaa6-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/a6f5d430-eaa6-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..f3ad0fd53cf --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/a6f5d430-eaa6-11e9-90ec-112a988266d5.json @@ -0,0 +1,196 @@ +{ + "attributes": { + "description": "This dashboards shows ASP.NET and SQL Server specific metrics extracted from the azure.vm.windows.guestmetrics namespace", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 12, + "i": "b7b8bcc1-f776-45cf-a149-36665f2de746", + "w": 6, + "x": 0, + "y": 0 + }, + "panelIndex": "b7b8bcc1-f776-45cf-a149-36665f2de746", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Applications Running" + }, + "gridData": { + "h": 12, + "i": "bc65dd87-08f6-49f7-b8bf-0d371431ad4d", + "w": 18, + "x": 6, + "y": 0 + }, + "panelIndex": "bc65dd87-08f6-49f7-b8bf-0d371431ad4d", + "panelRefName": "panel_1", + "title": "Applications Running", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "SQL Server User Connections" + }, + "gridData": { + "h": 12, + "i": "6a5abca9-1cfd-45ef-aa88-9b4a72ce2dca", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6a5abca9-1cfd-45ef-aa88-9b4a72ce2dca", + "panelRefName": "panel_2", + "title": "SQL Server User Connections", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Application Requests" + }, + "gridData": { + "h": 12, + "i": "5c0158cc-c884-4665-8bbf-7fc34d885d55", + "w": 12, + "x": 0, + "y": 12 + }, + "panelIndex": "5c0158cc-c884-4665-8bbf-7fc34d885d55", + "panelRefName": "panel_3", + "title": "Application Requests", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Application Error Rates" + }, + "gridData": { + "h": 12, + "i": "03c9cff0-b2ec-4dd1-9a2f-db7f441e5e71", + "w": 12, + "x": 12, + "y": 12 + }, + "panelIndex": "03c9cff0-b2ec-4dd1-9a2f-db7f441e5e71", + "panelRefName": "panel_4", + "title": "Application Error Rates", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "SQL Server Total Server Memory" + }, + "gridData": { + "h": 12, + "i": "aaa96404-80de-44dc-990c-76bf40d3827b", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "aaa96404-80de-44dc-990c-76bf40d3827b", + "panelRefName": "panel_5", + "title": "SQL Server Total Server Memory", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Application Sessions" + }, + "gridData": { + "h": 12, + "i": "b89c7551-e0e1-4642-ac18-01322ea72db8", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "b89c7551-e0e1-4642-ac18-01322ea72db8", + "panelRefName": "panel_6", + "title": "Application Sessions", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "SQL Server Page Reads/Writes" + }, + "gridData": { + "h": 12, + "i": "43effd82-fc6a-4d11-bd1e-d3b12a34cbce", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "43effd82-fc6a-4d11-bd1e-d3b12a34cbce", + "panelRefName": "panel_7", + "title": "SQL Server Page Reads/Writes", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] VM Guest Metrics Overview", + "version": 1 + }, + "id": "a6f5d430-eaa6-11e9-90ec-112a988266d5", + "references": [ + { + "id": "5031b220-eb61-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1f5c1cd0-eaa3-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "0aacc190-eaa8-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "097bc300-eaa5-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "6d52a660-eaa4-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d7ea4290-eaa8-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "b9aa9b20-eaa5-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "787a0a20-eaa8-11e9-90ec-112a988266d5", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..eaf236aab8a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,281 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for the blob storage type in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "blob", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "azure.namespace", + "negate": false, + "params": { + "query": "Microsoft.Storage/storageAccounts/blobServices" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.namespace": "Microsoft.Storage/storageAccounts/blobServices" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "ed5f5642-c94a-481b-a8c2-7dfe4c6a4f05", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "ed5f5642-c94a-481b-a8c2-7dfe4c6a4f05", + "panelRefName": "panel_0", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Availability" + }, + "gridData": { + "h": 9, + "i": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "w": 5, + "x": 9, + "y": 0 + }, + "panelIndex": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "panelRefName": "panel_1", + "title": "Availability", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "0c873134-b025-487d-be81-f727dbff0174", + "w": 5, + "x": 14, + "y": 0 + }, + "panelIndex": "0c873134-b025-487d-be81-f727dbff0174", + "panelRefName": "panel_2", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "41faed50-ba96-4484-b6dc-71ed3e2d3427", + "w": 5, + "x": 19, + "y": 0 + }, + "panelIndex": "41faed50-ba96-4484-b6dc-71ed3e2d3427", + "panelRefName": "panel_3", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Transactions" + }, + "gridData": { + "h": 9, + "i": "1d623c03-4d02-4a81-b91e-49e82e112016", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "1d623c03-4d02-4a81-b91e-49e82e112016", + "panelRefName": "panel_4", + "title": "Transactions", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 15, + "i": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "panelRefName": "panel_5", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success Server Latency" + }, + "gridData": { + "h": 15, + "i": "87066244-7840-4555-9d12-026d64977f1a", + "w": 20, + "x": 9, + "y": 9 + }, + "panelIndex": "87066244-7840-4555-9d12-026d64977f1a", + "panelRefName": "panel_6", + "title": "Success Server Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success E2E Latency" + }, + "gridData": { + "h": 15, + "i": "756da375-e6a2-4668-af43-0cd294878254", + "w": 19, + "x": 29, + "y": 9 + }, + "panelIndex": "756da375-e6a2-4668-af43-0cd294878254", + "panelRefName": "panel_7", + "title": "Success E2E Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "34aa5ce7-4f4b-4712-836f-3765e7c3fb3f", + "w": 5, + "x": 24, + "y": 0 + }, + "panelIndex": "34aa5ce7-4f4b-4712-836f-3765e7c3fb3f", + "panelRefName": "panel_8", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Egress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "a715fafc-ca38-410c-9253-12ba506eabc0", + "w": 20, + "x": 9, + "y": 24 + }, + "panelIndex": "a715fafc-ca38-410c-9253-12ba506eabc0", + "panelRefName": "panel_9", + "title": "Egress Traffic by APIName", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Ingress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "75f72920-be71-47a9-a967-f1c862ab2961", + "w": 19, + "x": 29, + "y": 24 + }, + "panelIndex": "75f72920-be71-47a9-a967-f1c862ab2961", + "panelRefName": "panel_10", + "title": "Ingress Traffic by APIName", + "version": "7.7.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Blob Storage Overview", + "version": 1 + }, + "id": "b165ef60-32f7-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "e4b25ee0-32f6-11ea-a83e-25b8612d00cc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "17ee2920-3391-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "55936920-3391-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "9e991b10-3391-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..d741455fc94 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,174 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for the container service in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "32b4e6e2-bf3f-4c4a-8fdb-925f21f9d22b", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "32b4e6e2-bf3f-4c4a-8fdb-925f21f9d22b", + "panelRefName": "panel_0", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Service Kube Node Status Allocatable Memory" + }, + "gridData": { + "h": 17, + "i": "c35d3d89-2f34-43a0-b346-85ba0e7c9e89", + "w": 18, + "x": 9, + "y": 0 + }, + "panelIndex": "c35d3d89-2f34-43a0-b346-85ba0e7c9e89", + "panelRefName": "panel_1", + "title": "Container Service Kube Node Status Allocatable Memory", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Service Kube Node Status Allocatable CPU Cores" + }, + "gridData": { + "h": 17, + "i": "e1952edf-ed31-49ee-8db1-24370998ab89", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "e1952edf-ed31-49ee-8db1-24370998ab89", + "panelRefName": "panel_2", + "title": "Container Service Kube Node Status Allocatable CPU Cores", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Filters" + }, + "gridData": { + "h": 12, + "i": "ec183a66-545b-4a67-bfb4-568def660612", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ec183a66-545b-4a67-bfb4-568def660612", + "panelRefName": "panel_3", + "title": "Container Filters", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Service Kube Pod Status Phase" + }, + "gridData": { + "h": 15, + "i": "ada37452-619f-470a-b9cd-bafa20e7d7b1", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "ada37452-619f-470a-b9cd-bafa20e7d7b1", + "panelRefName": "panel_4", + "title": "Container Service Kube Pod Status Phase", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Service Kube Pod Status Ready" + }, + "gridData": { + "h": 15, + "i": "c8d3ed1a-6e72-4115-9a69-db1919a36fc4", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "c8d3ed1a-6e72-4115-9a69-db1919a36fc4", + "panelRefName": "panel_5", + "title": "Container Service Kube Pod Status Ready", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Container Service Kube Node Status Condition" + }, + "gridData": { + "h": 15, + "i": "707fb714-99af-4484-a56e-bfecdf592c58", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "707fb714-99af-4484-a56e-bfecdf592c58", + "panelRefName": "panel_6", + "title": "Container Service Kube Node Status Condition", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Container Service Overview", + "version": 1 + }, + "id": "dae20ed0-6d0a-11ea-8fe8-71add5fd7c38", + "references": [ + { + "id": "3630b9a0-6d22-11ea-8fe8-71add5fd7c38", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "eda368d0-6d1d-11ea-8fe8-71add5fd7c38", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "6e2d9930-6d1e-11ea-8fe8-71add5fd7c38", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0fa31060-6aae-11ea-af5c-73e8f396b3e9", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "bda7b580-6d1f-11ea-8fe8-71add5fd7c38", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "c19586f0-6d1e-11ea-8fe8-71add5fd7c38", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "e79211c0-6d37-11ea-8fe8-71add5fd7c38", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..ff3dba73bd0 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,321 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for file storage type in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "file", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "azure.namespace", + "negate": false, + "params": { + "query": "Microsoft.Storage/storageAccounts/fileServices" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.namespace": "Microsoft.Storage/storageAccounts/fileServices" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "ee131d2d-7ab5-4434-9e3b-230759c3e5ff", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "ee131d2d-7ab5-4434-9e3b-230759c3e5ff", + "panelRefName": "panel_0", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Availability" + }, + "gridData": { + "h": 9, + "i": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "w": 5, + "x": 9, + "y": 0 + }, + "panelIndex": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "panelRefName": "panel_1", + "title": "Availability", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "b24e3e0d-a748-4bb9-ad71-e0de392e2696", + "w": 5, + "x": 14, + "y": 0 + }, + "panelIndex": "b24e3e0d-a748-4bb9-ad71-e0de392e2696", + "panelRefName": "panel_2", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "8131dfcd-2c52-4641-8259-2f4f2e7558d0", + "w": 5, + "x": 19, + "y": 0 + }, + "panelIndex": "8131dfcd-2c52-4641-8259-2f4f2e7558d0", + "panelRefName": "panel_3", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "49233089-be1d-4cda-9ccf-2815152e1016", + "w": 5, + "x": 24, + "y": 0 + }, + "panelIndex": "49233089-be1d-4cda-9ccf-2815152e1016", + "panelRefName": "panel_4", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Transactions" + }, + "gridData": { + "h": 9, + "i": "1d623c03-4d02-4a81-b91e-49e82e112016", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "1d623c03-4d02-4a81-b91e-49e82e112016", + "panelRefName": "panel_5", + "title": "Transactions", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 15, + "i": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "panelRefName": "panel_6", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success Server Latency" + }, + "gridData": { + "h": 15, + "i": "87066244-7840-4555-9d12-026d64977f1a", + "w": 20, + "x": 9, + "y": 9 + }, + "panelIndex": "87066244-7840-4555-9d12-026d64977f1a", + "panelRefName": "panel_7", + "title": "Success Server Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success E2E Latency" + }, + "gridData": { + "h": 15, + "i": "756da375-e6a2-4668-af43-0cd294878254", + "w": 19, + "x": 29, + "y": 9 + }, + "panelIndex": "756da375-e6a2-4668-af43-0cd294878254", + "panelRefName": "panel_8", + "title": "Success E2E Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 8, + "i": "2d5c6c0f-f4d2-44fb-b7e5-1a855b75e40f", + "w": 4, + "x": 0, + "y": 20 + }, + "panelIndex": "2d5c6c0f-f4d2-44fb-b7e5-1a855b75e40f", + "panelRefName": "panel_9", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 8, + "i": "c6792441-37b6-4ef4-ad8b-21f137b2f0b4", + "w": 5, + "x": 4, + "y": 20 + }, + "panelIndex": "c6792441-37b6-4ef4-ad8b-21f137b2f0b4", + "panelRefName": "panel_10", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Egress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "a715fafc-ca38-410c-9253-12ba506eabc0", + "w": 20, + "x": 9, + "y": 24 + }, + "panelIndex": "a715fafc-ca38-410c-9253-12ba506eabc0", + "panelRefName": "panel_11", + "title": "Egress Traffic by APIName", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Ingress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "75f72920-be71-47a9-a967-f1c862ab2961", + "w": 19, + "x": 29, + "y": 24 + }, + "panelIndex": "75f72920-be71-47a9-a967-f1c862ab2961", + "panelRefName": "panel_12", + "title": "Ingress Traffic by APIName", + "version": "7.7.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] File Storage Overview", + "version": 1 + }, + "id": "dff7a080-32f7-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "f18a7cb0-32f6-11ea-a83e-25b8612d00cc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "453965a0-3393-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "722ef2f0-3393-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a4bf9710-3393-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "09a6f150-3399-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "241a55e0-3399-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/eb3f05f0-ea9a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/eb3f05f0-ea9a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..f3cd1e1dddf --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/eb3f05f0-ea9a-11e9-90ec-112a988266d5.json @@ -0,0 +1,211 @@ +{ + "attributes": { + "description": "This dashboard visualized relevant metrics for VMs running on Azure cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "aa881f9d-28d3-4722-822e-3e670021cf52", + "w": 6, + "x": 0, + "y": 0 + }, + "panelIndex": "aa881f9d-28d3-4722-822e-3e670021cf52", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM CPU Utilization" + }, + "gridData": { + "h": 12, + "i": "e673f70c-f811-4290-9087-578c7dd13675", + "w": 20, + "x": 6, + "y": 0 + }, + "panelIndex": "e673f70c-f811-4290-9087-578c7dd13675", + "panelRefName": "panel_1", + "title": "VM CPU Utilization", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Available Memory" + }, + "gridData": { + "h": 12, + "i": "2473ef72-c56c-4783-a36a-f4b8efd66ab7", + "w": 22, + "x": 26, + "y": 0 + }, + "panelIndex": "2473ef72-c56c-4783-a36a-f4b8efd66ab7", + "panelRefName": "panel_2", + "title": "VM Available Memory", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14e225ef-6417-4377-b2cb-6b46b6693b78", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "14e225ef-6417-4377-b2cb-6b46b6693b78", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Network In Total" + }, + "gridData": { + "h": 12, + "i": "535d70b3-3f3c-4a84-85ba-ab671b6d144f", + "w": 12, + "x": 0, + "y": 12 + }, + "panelIndex": "535d70b3-3f3c-4a84-85ba-ab671b6d144f", + "panelRefName": "panel_4", + "title": "VM Network In Total", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Network Out Total" + }, + "gridData": { + "h": 12, + "i": "6903a45e-bf11-4db2-9497-fd9692e83448", + "w": 12, + "x": 12, + "y": 12 + }, + "panelIndex": "6903a45e-bf11-4db2-9497-fd9692e83448", + "panelRefName": "panel_5", + "title": "VM Network Out Total", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Disk Writes" + }, + "gridData": { + "h": 12, + "i": "aa57fa8f-f6ea-45e3-9b2c-ba948d625813", + "w": 12, + "x": 24, + "y": 12 + }, + "panelIndex": "aa57fa8f-f6ea-45e3-9b2c-ba948d625813", + "panelRefName": "panel_6", + "title": "VM Disk Writes", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Disk Read Operations/s" + }, + "gridData": { + "h": 13, + "i": "8879143b-ed83-45ec-8c58-b10dc1597c22", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "8879143b-ed83-45ec-8c58-b10dc1597c22", + "panelRefName": "panel_7", + "title": "VM Disk Read Operations/s", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "VM Disk Write Operations/s" + }, + "gridData": { + "h": 13, + "i": "4071f2bf-1794-45ff-b76d-58864226d8b7", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "4071f2bf-1794-45ff-b76d-58864226d8b7", + "panelRefName": "panel_8", + "title": "VM Disk Write Operations/s", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Compute VMs Overview", + "version": 1 + }, + "id": "eb3f05f0-ea9a-11e9-90ec-112a988266d5", + "references": [ + { + "id": "5031b220-eb61-11e9-90ec-112a988266d5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "db9a3490-ea8f-11e9-90ec-112a988266d5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "7205a4f0-ea95-11e9-90ec-112a988266d5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e8ca65c0-eb45-11e9-90ec-112a988266d5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "8b6b9450-ea99-11e9-90ec-112a988266d5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "abd32c30-ea99-11e9-90ec-112a988266d5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "5c016810-ea9a-11e9-90ec-112a988266d5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "3a50e950-eb46-11e9-90ec-112a988266d5", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "0892eaa0-ea9a-11e9-90ec-112a988266d5", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..d979b179145 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,281 @@ +{ + "attributes": { + "description": "This dashboard shows metrics for table storage type in Azure.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "table", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "azure.namespace", + "negate": false, + "params": { + "query": "Microsoft.Storage/storageAccounts/tableServices" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.namespace": "Microsoft.Storage/storageAccounts/tableServices" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "204cbabc-fafd-472c-b106-bd08f5262b1f", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "204cbabc-fafd-472c-b106-bd08f5262b1f", + "panelRefName": "panel_0", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Availability" + }, + "gridData": { + "h": 9, + "i": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "w": 5, + "x": 9, + "y": 0 + }, + "panelIndex": "a9456b9b-efa6-410d-a56c-4b66aa8c499e", + "panelRefName": "panel_1", + "title": "Availability", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "15b7c108-0214-4af6-9719-fab59affafec", + "w": 5, + "x": 14, + "y": 0 + }, + "panelIndex": "15b7c108-0214-4af6-9719-fab59affafec", + "panelRefName": "panel_2", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "4177a6e6-97d7-447e-bcf3-ee9c1d660bd8", + "w": 5, + "x": 19, + "y": 0 + }, + "panelIndex": "4177a6e6-97d7-447e-bcf3-ee9c1d660bd8", + "panelRefName": "panel_3", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 9, + "i": "28d85d90-3881-4d1f-b60c-43b545fc9f0e", + "w": 5, + "x": 24, + "y": 0 + }, + "panelIndex": "28d85d90-3881-4d1f-b60c-43b545fc9f0e", + "panelRefName": "panel_4", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Transactions" + }, + "gridData": { + "h": 9, + "i": "1d623c03-4d02-4a81-b91e-49e82e112016", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "1d623c03-4d02-4a81-b91e-49e82e112016", + "panelRefName": "panel_5", + "title": "Transactions", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 15, + "i": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "w": 9, + "x": 0, + "y": 5 + }, + "panelIndex": "ff6441f8-d66d-4399-bae5-25d3d861b299", + "panelRefName": "panel_6", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success Server Latency" + }, + "gridData": { + "h": 15, + "i": "87066244-7840-4555-9d12-026d64977f1a", + "w": 20, + "x": 9, + "y": 9 + }, + "panelIndex": "87066244-7840-4555-9d12-026d64977f1a", + "panelRefName": "panel_7", + "title": "Success Server Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Success E2E Latency" + }, + "gridData": { + "h": 15, + "i": "756da375-e6a2-4668-af43-0cd294878254", + "w": 19, + "x": 29, + "y": 9 + }, + "panelIndex": "756da375-e6a2-4668-af43-0cd294878254", + "panelRefName": "panel_8", + "title": "Success E2E Latency", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Egress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "a715fafc-ca38-410c-9253-12ba506eabc0", + "w": 20, + "x": 9, + "y": 24 + }, + "panelIndex": "a715fafc-ca38-410c-9253-12ba506eabc0", + "panelRefName": "panel_9", + "title": "Egress Traffic by APIName", + "version": "7.7.0" + }, + { + "embeddableConfig": { + "title": "Ingress Traffic by APIName" + }, + "gridData": { + "h": 14, + "i": "75f72920-be71-47a9-a967-f1c862ab2961", + "w": 19, + "x": 29, + "y": 24 + }, + "panelIndex": "75f72920-be71-47a9-a967-f1c862ab2961", + "panelRefName": "panel_10", + "title": "Ingress Traffic by APIName", + "version": "7.7.0" + } + ], + "timeRestore": false, + "title": "[Metrics Azure] Table Storage Overview", + "version": 1 + }, + "id": "ff2fe020-32f7-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "fdef3f40-32f6-11ea-a83e-25b8612d00cc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f528e6a0-339a-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "43b31a20-339b-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "5cbf5820-339c-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0241cc10-339d-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0241cc10-339d-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..46a8cc57c31 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0241cc10-339d-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Queue Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Queue Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.queue_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Queue Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "0241cc10-339d-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/04f8eec0-6ab1-11ea-af5c-73e8f396b3e9.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/04f8eec0-6ab1-11ea-af5c-73e8f396b3e9.json new file mode 100644 index 00000000000..99044b299a9 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/04f8eec0-6ab1-11ea-af5c-73e8f396b3e9.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Instance CPU Utilization [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerInstance/containerGroups\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Azure Container CPU Utilization", + "line_width": "2", + "metrics": [ + { + "field": "azure.container_instance.cpu_usage.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Instance CPU Utilization [Metrics Azure]", + "type": "metrics" + } + }, + "id": "04f8eec0-6ab1-11ea-af5c-73e8f396b3e9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0892eaa0-ea9a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0892eaa0-ea9a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..c64ad7a1d5b --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0892eaa0-ea9a-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Disk Write Operations/s [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "number", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Write Operations/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.disk_write_operations_per_sec.avg", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Disk Write Operations/s [Metrics Azure]", + "type": "metrics" + } + }, + "id": "0892eaa0-ea9a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/097bc300-eaa5-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/097bc300-eaa5-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..52a9d20bd38 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/097bc300-eaa5-11e9-90ec-112a988266d5.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ASP.NET Application Requests [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "be74e9e0-eaa4-11e9-8923-850d87d8e766", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0, + "formatter": "number", + "id": "be74e9e1-eaa4-11e9-8923-850d87d8e766", + "label": "timed out", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_requests_timed_out.avg", + "id": "be74e9e2-eaa4-11e9-8923-850d87d8e766", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "be74e9e3-eaa4-11e9-8923-850d87d8e766", + "label": "failed", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_requests_failed.avg", + "id": "be74e9e4-eaa4-11e9-8923-850d87d8e766", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": 0, + "formatter": "number", + "id": "be7510f0-eaa4-11e9-8923-850d87d8e766", + "label": "succeeded", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_requests_succeeded.avg", + "id": "be7510f1-eaa4-11e9-8923-850d87d8e766", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#490092", + "fill": 0, + "formatter": "number", + "id": "be7510f2-eaa4-11e9-8923-850d87d8e766", + "label": "total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_requests_total.avg", + "id": "be7510f3-eaa4-11e9-8923-850d87d8e766", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ASP.NET Application Requests [Metrics Azure]", + "type": "metrics" + } + }, + "id": "097bc300-eaa5-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/097d74d0-f044-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/097d74d0-f044-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..233ca18ec66 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/097d74d0-f044-11e9-90ec-112a988266d5.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Subscriptions Filter [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "azure.subscription_id", + "id": "1571250866125", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Subscriptions Filter [Logs Azure]", + "type": "input_control_vis" + } + }, + "id": "097d74d0-f044-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/09a6f150-3399-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/09a6f150-3399-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..d0d342d1030 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/09a6f150-3399-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage File Share Snapshot Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "File Share Snapshot Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.file_share_snapshot_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage File Share Snapshot Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "09a6f150-3399-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/09f05e00-32f7-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/09f05e00-32f7-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..eeba7c61eb1 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/09f05e00-32f7-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Queue Storage Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Storage\n\n[Overview](#/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc) | [Blob](#/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc) | [File](#/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc) | [Table](#/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc) | [**Queue**](#/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc) ", + "openLinksInNewTab": false + }, + "title": "Navigation Queue Storage Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "09f05e00-32f7-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0aacc190-eaa8-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0aacc190-eaa8-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..ce4eb5742d4 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0aacc190-eaa8-11e9-90ec-112a988266d5.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQL Server User Connections [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachines\" " + }, + "id": "da495db0-eaa7-11e9-a88b-4b683ca3087b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "da495db1-eaa7-11e9-a88b-4b683ca3087b", + "label": "connections", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.sqlserver_general_statistics_user_connections.avg", + "id": "da495db2-eaa7-11e9-a88b-4b683ca3087b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQL Server User Connections [Metrics Azure]", + "type": "metrics" + } + }, + "id": "0aacc190-eaa8-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0d03a670-eb43-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0d03a670-eb43-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..1c4d2eb8d05 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0d03a670-eb43-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Disk Writes [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,180,251,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Writes bytes", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.disk_write_bytes.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Disk Writes [Metrics Azure]", + "type": "metrics" + } + }, + "id": "0d03a670-eb43-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0dd135c0-f0cc-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0dd135c0-f0cc-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..d95679c1896 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0dd135c0-f0cc-11e9-90ec-112a988266d5.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Authorization Activity User [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and azure.activitylogs.operation_name : *LISTKEYS* " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome : \"Success\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Success", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none", + "terms_field": "event.outcome" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome : \"Fail\" " + }, + "formatter": "number", + "id": "78e85470-f0cb-11e9-bf79-0db2fc8554f1", + "label": "Failure", + "line_width": 1, + "metrics": [ + { + "id": "78e85471-f0cb-11e9-bf79-0db2fc8554f1", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Authorization Activity User [Logs Azure]", + "type": "metrics" + } + }, + "id": "0dd135c0-f0cc-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/0fa31060-6aae-11ea-af5c-73e8f396b3e9.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/0fa31060-6aae-11ea-af5c-73e8f396b3e9.json new file mode 100644 index 00000000000..845e2921231 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/0fa31060-6aae-11ea-af5c-73e8f396b3e9.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Containers Filters [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "azure.subscription_id", + "id": "1584710440054", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "azure.resource.group", + "id": "1584710497045", + "indexPatternRefName": "control_1_index_pattern", + "label": "Resource Group", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.instance.name", + "id": "1584710535722", + "indexPatternRefName": "control_2_index_pattern", + "label": "Resource", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Containers Filters [Metrics Azure]", + "type": "input_control_vis" + } + }, + "id": "0fa31060-6aae-11ea-af5c-73e8f396b3e9", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/109ec950-32e6-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/109ec950-32e6-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..9ab3e555d92 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/109ec950-32e6-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Used Capacity Resource Table [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Used Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.usedcapacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Storage Used Capacity Resource Table [Metrics Azure]", + "type": "metrics" + } + }, + "id": "109ec950-32e6-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/17ee2920-3391-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/17ee2920-3391-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..3a4210a3aa5 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/17ee2920-3391-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Blob Capacity [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Blob Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.blob_capacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Blob Capacity [Metrics Azure]", + "type": "metrics" + } + }, + "id": "17ee2920-3391-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/1e70dc50-6d22-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/1e70dc50-6d22-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..6ca88f08473 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/1e70dc50-6d22-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation Container Registry Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "### Azure Containers\n\n[Instances](#/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38) |\n[**Registries**](#/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38) |\n[Services](#/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38) ", + "openLinksInNewTab": false + }, + "title": "Navigation Container Registry Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "1e70dc50-6d22-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/1f5c1cd0-eaa3-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/1f5c1cd0-eaa3-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..5768011390a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/1f5c1cd0-eaa3-11e9-90ec-112a988266d5.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ASP.NET Applications Running [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "04bf3740-eaa3-11e9-8742-b533e334ee9a" + } + ], + "bar_color_rules": [ + { + "id": "03eec7e0-eaa3-11e9-8742-b533e334ee9a" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "gauge_color_rules": [ + { + "id": "07485320-eaa3-11e9-8742-b533e334ee9a" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "d1acb8f0-eaa2-11e9-a229-c9171499dcc6", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "d1acb8f1-eaa2-11e9-a229-c9171499dcc6", + "label": "applications running", + "line_width": "1", + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_running.avg", + "id": "d1acb8f2-eaa2-11e9-a229-c9171499dcc6", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ASP.NET Applications Running [Metrics Azure]", + "type": "metrics" + } + }, + "id": "1f5c1cd0-eaa3-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/2219de20-32ed-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/2219de20-32ed-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..247d87d9aeb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/2219de20-32ed-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Egress Gauge [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Egress", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.egress.total", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Egress Gauge [Metrics Azure]", + "type": "metrics" + } + }, + "id": "2219de20-32ed-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/241a55e0-3399-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/241a55e0-3399-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..bc7ad4fa0d4 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/241a55e0-3399-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage File Share Snapshot Size [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "File Share Snapshot Size", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.file_share_snapshot_size.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage File Share Snapshot Size [Metrics Azure]", + "type": "metrics" + } + }, + "id": "241a55e0-3399-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/2bedaca0-339d-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/2bedaca0-339d-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..a607ec16551 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/2bedaca0-339d-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Queue Message Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0a'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Queue Message Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.queue_message_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Queue Message Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "2bedaca0-339d-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/33500790-eaaf-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/33500790-eaaf-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..178528ecde0 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/33500790-eaaf-11e9-90ec-112a988266d5.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS CPU Utilization [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "7666abc0-eaae-11e9-a083-57ad7f0b1ec1", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "7666abc1-eaae-11e9-a083-57ad7f0b1ec1", + "label": "avg(azure.compute_vm_scaleset.percentage_cpu.avg)", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.percentage_cpu.avg", + "id": "7666abc2-eaae-11e9-a083-57ad7f0b1ec1", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS CPU Utilization [Metrics Azure]", + "type": "metrics" + } + }, + "id": "33500790-eaaf-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/33d645e0-32ed-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/33d645e0-32ed-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..dc6c23f1a89 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/33d645e0-32ed-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Ingress Gauge [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Ingress", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.ingress.total", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Ingress Gauge [Metrics Azure]", + "type": "metrics" + } + }, + "id": "33d645e0-32ed-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/3630b9a0-6d22-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/3630b9a0-6d22-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..a3a0fe9b09f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/3630b9a0-6d22-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation Container Service Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "### Azure Containers\n\n[Instances](#/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38) |\n[Registries](#/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38) |\n[**Services**](#/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38) ", + "openLinksInNewTab": false + }, + "title": "Navigation Container Service Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "3630b9a0-6d22-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/3a50e950-eb46-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/3a50e950-eb46-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..3af3928a193 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/3a50e950-eb46-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Disk Read Operations/s [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "number", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Read Operations/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.disk_read_operations_per_sec.avg", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Disk Read Operations/s [Metrics Azure]", + "type": "metrics" + } + }, + "id": "3a50e950-eb46-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/40dbc0d0-32e3-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/40dbc0d0-32e3-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..2a2cf52de94 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/40dbc0d0-32e3-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Availability [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(104,204,202,1)", + "id": "18f616c0-32e2-11ea-867b-37070aefa392", + "operator": "gte", + "value": 100 + }, + { + "background_color": "rgba(244,78,59,1)", + "id": "998b1c90-32e2-11ea-867b-37070aefa392", + "operator": "lt", + "value": 100 + } + ], + "bar_color_rules": [ + { + "id": "28142cf0-32e2-11ea-867b-37070aefa392" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "29808e30-32e2-11ea-867b-37070aefa392" + } + ], + "gauge_inner_width": "7", + "gauge_style": "circle", + "gauge_width": 10, + "id": "0e91b810-32e2-11ea-a93d-dd20c62559b3", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0.6", + "formatter": "number", + "hide_in_legend": 1, + "id": "0e91b811-32e2-11ea-a93d-dd20c62559b3", + "label": "Availability", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.availability.avg", + "id": "0e91b812-32e2-11ea-a93d-dd20c62559b3", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": null, + "type": "timeseries", + "value_template": "{{value}} %" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "last_value", + "type": "timeseries" + }, + "title": "Storage Availability [Metrics Azure]", + "type": "metrics" + } + }, + "id": "40dbc0d0-32e3-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/42cc28d0-ea9a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/42cc28d0-ea9a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..60dbe6901b1 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/42cc28d0-ea9a-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Disk Reads [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Read bytes", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.disk_read_bytes.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Disk Reads [Metrics Azure]", + "type": "metrics" + } + }, + "id": "42cc28d0-ea9a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/43b31a20-339b-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/43b31a20-339b-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..69f9405bb1f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/43b31a20-339b-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Table Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Table Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.table_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Table Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "43b31a20-339b-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/453965a0-3393-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/453965a0-3393-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..3f8bf7a40e6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/453965a0-3393-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage File Capacity [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "File Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.file_capacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage File Capacity [Metrics Azure]", + "type": "metrics" + } + }, + "id": "453965a0-3393-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/46544960-f0d5-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/46544960-f0d5-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..24ff46f02c7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/46544960-f0d5-11e9-90ec-112a988266d5.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Alerts [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Monitoring\n\n[Overview](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [**Alerts**](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab": false + }, + "title": "Navigation Alerts [Logs Azure]", + "type": "markdown" + } + }, + "id": "46544960-f0d5-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/4eaef260-32e1-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/4eaef260-32e1-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..3930219dabc --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/4eaef260-32e1-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Account Ingress Traffic [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "0791c5a0-32d8-11ea-98d2-1194b9f2bfc0" + } + ], + "bar_color_rules": [ + { + "id": "fca016e0-32de-11ea-a435-e7199eba380d" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "fb8be7c0-32de-11ea-a435-e7199eba380d" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "f0edca80-32d5-11ea-b19d-fb5049b980ca", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "hidden": false, + "id": "f0edf190-32d5-11ea-b19d-fb5049b980ca", + "label": "Storage Accounts Ingress Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.ingress.total", + "id": "f0edf191-32d5-11ea-b19d-fb5049b980ca", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,98,177,1)", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "283dc410-32d9-11ea-98d2-1194b9f2bfc0" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.api_name", + "terms_order_by": "f0edf191-32d5-11ea-b19d-fb5049b980ca", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Storage Account Ingress Traffic [Metrics Azure]", + "type": "metrics" + } + }, + "id": "4eaef260-32e1-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/5031b220-eb61-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/5031b220-eb61-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..31bb0159d81 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/5031b220-eb61-11e9-90ec-112a988266d5.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Filters [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "Region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "azure.resource.group", + "id": "1549512142947", + "indexPatternRefName": "control_1_index_pattern", + "label": "Resource Group", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.instance.name", + "id": "1570774891724", + "indexPatternRefName": "control_2_index_pattern", + "label": "VM Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "VM Filters [Metrics Azure]", + "type": "input_control_vis" + } + }, + "id": "5031b220-eb61-11e9-90ec-112a988266d5", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/52c2a4e0-ec1f-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/52c2a4e0-ec1f-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..d726a813b6d --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/52c2a4e0-ec1f-11e9-90ec-112a988266d5.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Alerts Overview [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category : \"Alert\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Activated\"" + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Resolved\" or event.outcome: \"Succeeded\"" + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "5a52f170-ec1e-11e9-b6a7-21d19b63822a", + "line_width": 1, + "metrics": [ + { + "id": "5a52f171-ec1e-11e9-b6a7-21d19b63822a", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Alerts Overview [Logs Azure]", + "type": "metrics" + } + }, + "id": "52c2a4e0-ec1f-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/52da1700-f05d-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/52da1700-f05d-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..c683262071b --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/52da1700-f05d-11e9-90ec-112a988266d5.json @@ -0,0 +1,155 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users List [Logs Azure]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Email", + "field": "azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Name", + "field": "azure.activitylogs.identity.claims_initiated_by_user.fullname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "IPs", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Actions" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 2, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users List [Logs Azure]", + "type": "table" + } + }, + "id": "52da1700-f05d-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/553f9320-32e9-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/553f9320-32e9-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..221f4557f18 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/553f9320-32e9-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Transactions [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "c9fd65d0-32e8-11ea-84f4-e9593f8ba8f6", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#3185FC", + "fill": 0.5, + "formatter": "number", + "id": "c9fd8ce0-32e8-11ea-84f4-e9593f8ba8f6", + "label": "avg(azure.storage.transactions.total)", + "line_width": "1", + "metrics": [ + { + "field": "azure.storage.transactions.total", + "id": "c9fd8ce1-32e8-11ea-84f4-e9593f8ba8f6", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.response_type", + "terms_order_by": "c9fd8ce1-32e8-11ea-84f4-e9593f8ba8f6", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Storage Transactions [Metrics Azure]", + "type": "metrics" + } + }, + "id": "553f9320-32e9-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/55936920-3391-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/55936920-3391-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..0e1ceba9bfc --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/55936920-3391-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Blob Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Blob Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.blob_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Blob Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "55936920-3391-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/5720b830-6aad-11ea-af5c-73e8f396b3e9.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/5720b830-6aad-11ea-af5c-73e8f396b3e9.json new file mode 100644 index 00000000000..ff6a1198b70 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/5720b830-6aad-11ea-af5c-73e8f396b3e9.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation Container Instance Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "### Azure Containers\n\n[**Instances**](#/dashboard/9c11ac60-6cf6-11ea-8fe8-71add5fd7c38) |\n[Registries](#/dashboard/6f2393f0-6d08-11ea-8fe8-71add5fd7c38) |\n[Services](#/dashboard/dae20ed0-6d0a-11ea-8fe8-71add5fd7c38) ", + "openLinksInNewTab": false + }, + "title": "Navigation Container Instance Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "5720b830-6aad-11ea-af5c-73e8f396b3e9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/599c62c0-32d7-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/599c62c0-32d7-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..40805c0d583 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/599c62c0-32d7-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Account Egress Traffic [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "0791c5a0-32d8-11ea-98d2-1194b9f2bfc0" + } + ], + "bar_color_rules": [ + { + "id": "fca016e0-32de-11ea-a435-e7199eba380d" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "fb8be7c0-32de-11ea-a435-e7199eba380d" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "f0edca80-32d5-11ea-b19d-fb5049b980ca", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,149,177,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "hidden": false, + "id": "f0edf190-32d5-11ea-b19d-fb5049b980ca", + "label": "Storage Accounts Egress Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.egress.total", + "id": "f0edf191-32d5-11ea-b19d-fb5049b980ca", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,98,177,1)", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "283dc410-32d9-11ea-98d2-1194b9f2bfc0" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.api_name", + "terms_order_by": "f0edf191-32d5-11ea-b19d-fb5049b980ca", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Storage Account Egress Traffic [Metrics Azure]", + "type": "metrics" + } + }, + "id": "599c62c0-32d7-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/5c016810-ea9a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/5c016810-ea9a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..f640c03e650 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/5c016810-ea9a-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Disk Writes [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Writes bytes", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.disk_write_bytes.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Disk Writes [Metrics Azure]", + "type": "metrics" + } + }, + "id": "5c016810-ea9a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/5cbf5820-339c-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/5cbf5820-339c-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..3cbf56bcc4f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/5cbf5820-339c-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Table Entity Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0a'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Table Entity Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.table_entity_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Table Entity Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "5cbf5820-339c-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/634b83c0-32ee-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/634b83c0-32ee-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..5a9121fd013 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/634b83c0-32ee-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Used Capacity [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Used Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.usedcapacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Used Capacity [Metrics Azure]", + "type": "metrics" + } + }, + "id": "634b83c0-32ee-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/64266ec0-eb42-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/64266ec0-eb42-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..9ee3ec77ba6 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/64266ec0-eb42-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Network In Total [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "Azure VMSS Network In Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.network_in_total.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Network In Total [Metrics Azure]", + "type": "metrics" + } + }, + "id": "64266ec0-eb42-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/685fbeb0-32eb-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/685fbeb0-32eb-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..abf2c86ba67 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/685fbeb0-32eb-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Success E2E Latency [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "da4459b0-32ea-11ea-be35-cb10be813609", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#3185FC", + "fill": 0.5, + "formatter": "number", + "id": "da4459b1-32ea-11ea-be35-cb10be813609", + "label": "Success E2E Latency (ms)", + "line_width": "1", + "metrics": [ + { + "field": "azure.storage.success_e2elatency.avg", + "id": "da4459b2-32ea-11ea-be35-cb10be813609", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.api_name", + "terms_order_by": "da4459b2-32ea-11ea-be35-cb10be813609", + "type": "timeseries", + "value_template": "{{value}} ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Storage Success E2E Latency [Metrics Azure]", + "type": "metrics" + } + }, + "id": "685fbeb0-32eb-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/686bc990-ea92-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/686bc990-ea92-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..ba7784ea70e --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/686bc990-ea92-11e9-90ec-112a988266d5.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Filters [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.region", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "Region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "azure.resource.group", + "id": "1549512142947", + "indexPatternRefName": "control_1_index_pattern", + "label": "Resource Group", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "azure.dimensions.vmname", + "id": "1570711989416", + "indexPatternRefName": "control_2_index_pattern", + "label": "VM Name (dimension)", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "VMSS Filters [Metrics Azure]", + "type": "input_control_vis" + } + }, + "id": "686bc990-ea92-11e9-90ec-112a988266d5", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/6d52a660-eaa4-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/6d52a660-eaa4-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..93ed618b0ab --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/6d52a660-eaa4-11e9-90ec-112a988266d5.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ASP.NET Application Error Rates [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "29576400-eaa4-11e9-a2d3-e7a00bbd3c18", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "29578b10-eaa4-11e9-a2d3-e7a00bbd3c18", + "label": "errors", + "line_width": "1", + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_errors_total.avg", + "id": "29578b11-eaa4-11e9-a2d3-e7a00bbd3c18", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ASP.NET Application Error Rates [Metrics Azure]", + "type": "metrics" + } + }, + "id": "6d52a660-eaa4-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/6db84660-53e9-11ea-b1b7-7de801e1c297.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/6db84660-53e9-11ea-b1b7-7de801e1c297.json new file mode 100644 index 00000000000..78bced6285d --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/6db84660-53e9-11ea-b1b7-7de801e1c297.json @@ -0,0 +1,194 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" " + } + } + }, + "title": "Resource Deletions [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Resource type", + "field": "azure.resource.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Deletions", + "field": "azure.activitylogs.identity.authorization.action", + "include": ".*delete", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "label": "Deletions", + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "label": "azure.resource.provider: Descending", + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Resource Deletions [Logs Azure]", + "type": "horizontal_bar" + } + }, + "id": "6db84660-53e9-11ea-b1b7-7de801e1c297", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/6e2d9930-6d1e-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/6e2d9930-6d1e-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..85a8334f156 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/6e2d9930-6d1e-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Service Kube Node Status Allocatable CPU Cores [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerService/managedClusters\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(196,81,0,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Service Kube Node Status Allocatable CPU Cores", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_service.kube_node_status_allocatable_cpu_cores.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Service Kube Node Status Allocatable CPU Cores [Metrics Azure]", + "type": "metrics" + } + }, + "id": "6e2d9930-6d1e-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/6ece76d0-f0cc-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/6ece76d0-f0cc-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..54d2e045216 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/6ece76d0-f0cc-11e9-90ec-112a988266d5.json @@ -0,0 +1,165 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" " + } + } + }, + "title": "Caller IP [Logs Azure]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Caller IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "5", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Country", + "field": "geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "5", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Email", + "field": "azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "ip", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Caller IP [Logs Azure]", + "type": "table" + } + }, + "id": "6ece76d0-f0cc-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/709995e0-ec16-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/709995e0-ec16-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..8d3aa8745b7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/709995e0-ec16-11e9-90ec-112a988266d5.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Access Requests [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and azure.activitylogs.operation_name : *LISTKEYS*" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "event.outcome : \"success\" or event.outcome : \"Success\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Success", + "line_width": "2", + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "event.outcome : \"Failure\" or event.outcome : \"failure\" " + }, + "formatter": "number", + "id": "1b5f75a0-ec15-11e9-b6a7-21d19b63822a", + "label": "Failure", + "line_width": "2", + "metrics": [ + { + "id": "1b5f75a1-ec15-11e9-b6a7-21d19b63822a", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Access Requests [Logs Azure]", + "type": "metrics" + } + }, + "id": "709995e0-ec16-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/71b62ca0-ec1a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/71b62ca0-ec1a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..d2bd7b28a97 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/71b62ca0-ec1a-11e9-90ec-112a988266d5.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Resource Groups [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Resource Groups", + "field": "azure.resource.group", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Resource Groups [Logs Azure]", + "type": "horizontal_bar" + } + }, + "id": "71b62ca0-ec1a-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/7205a4f0-ea95-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/7205a4f0-ea95-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..4d5b9a2aaac --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/7205a4f0-ea95-11e9-90ec-112a988266d5.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Available Memory [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "c7e12030-ea94-11e9-bf06-bfc27258c9ad", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "c7e12031-ea94-11e9-bf06-bfc27258c9ad", + "label": "VM Available Memory", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.memory_available_bytes.avg", + "id": "c7e12032-ea94-11e9-bf06-bfc27258c9ad", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Available Memory [Metrics Azure]", + "type": "metrics" + } + }, + "id": "7205a4f0-ea95-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/722ef2f0-3393-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/722ef2f0-3393-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..7896f7d5d3c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/722ef2f0-3393-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage File Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "File Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.file_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage File Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "722ef2f0-3393-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/74a8e130-6cfa-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/74a8e130-6cfa-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..bb316095223 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/74a8e130-6cfa-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Instance Network Bytes Transmitted/s [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerInstance/containerGroups\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(128,137,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Instance Network Bytes Transmitted/s", + "line_width": "2", + "metrics": [ + { + "field": "azure.container_instance.network_bytes_transmitted_per_second.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Instance Network Bytes Transmitted/s [Metrics Azure]", + "type": "metrics" + } + }, + "id": "74a8e130-6cfa-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/787a0a20-eaa8-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/787a0a20-eaa8-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..3489895578c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/787a0a20-eaa8-11e9-90ec-112a988266d5.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQL Server Page Reads/Writes [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "35459a30-eaa8-11e9-a379-c33a712c0373", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "number", + "id": "35459a31-eaa8-11e9-a379-c33a712c0373", + "label": "Page Reads/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.sqlserver_buffer_manager_page_reads_per_sec.avg", + "id": "35459a32-eaa8-11e9-a379-c33a712c0373", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": 0, + "formatter": "number", + "id": "35459a33-eaa8-11e9-a379-c33a712c0373", + "label": "Page Writes/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.sqlserver_buffer_manager_page_writes_per_sec.avg", + "id": "35459a34-eaa8-11e9-a379-c33a712c0373", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQL Server Page Reads/Writes [Metrics Azure]", + "type": "metrics" + } + }, + "id": "787a0a20-eaa8-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/7972b260-6d07-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/7972b260-6d07-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..3363473a080 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/7972b260-6d07-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Registry Successful Pull Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerRegistry/registries\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(188,74,0,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Registry Successful Pull Count", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_registry.successful_pull_count.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Registry Successful Pull Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "7972b260-6d07-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/81f16b40-32ea-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/81f16b40-32ea-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..0071599ba4f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/81f16b40-32ea-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Success Server Latency [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "e9a40230-32e9-11ea-bda2-69435df36a5c", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#3185FC", + "fill": 0.5, + "formatter": "number", + "id": "e9a40231-32e9-11ea-bda2-69435df36a5c", + "label": "SuccessServerLatency (ms)", + "line_width": "1", + "metrics": [ + { + "field": "azure.storage.success_server_latency.avg", + "id": "e9a40232-32e9-11ea-bda2-69435df36a5c", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.api_name", + "terms_order_by": "e9a40232-32e9-11ea-bda2-69435df36a5c", + "type": "timeseries", + "value_template": "{{value}} ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Storage Success Server Latency [Metrics Azure]", + "type": "metrics" + } + }, + "id": "81f16b40-32ea-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/8b6b9450-ea99-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/8b6b9450-ea99-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..36a19042ceb --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/8b6b9450-ea99-11e9-90ec-112a988266d5.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Network In Total [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "Azure VM Network In Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.network_in_total.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Network In Total [Metrics Azure]", + "type": "metrics" + } + }, + "id": "8b6b9450-ea99-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/942844b0-6ac5-11ea-af5c-73e8f396b3e9.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/942844b0-6ac5-11ea-af5c-73e8f396b3e9.json new file mode 100644 index 00000000000..1ce39a09d63 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/942844b0-6ac5-11ea-af5c-73e8f396b3e9.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Instance Memory Utilization [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerInstance/containerGroups\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Instance Memory Utilization", + "line_width": "2", + "metrics": [ + { + "field": "azure.container_instance.memory_usage.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Instance Memory Utilization [Metrics Azure]", + "type": "metrics" + } + }, + "id": "942844b0-6ac5-11ea-af5c-73e8f396b3e9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/9c1a1910-ea9a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/9c1a1910-ea9a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..6f8754ad1e1 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/9c1a1910-ea9a-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Disk Read Operations [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "number", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Read Operations/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.disk_read_operations_per_sec.avg", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Disk Read Operations [Metrics Azure]", + "type": "metrics" + } + }, + "id": "9c1a1910-ea9a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/9e991b10-3391-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/9e991b10-3391-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..c19be2d8c67 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/9e991b10-3391-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Container Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Container Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.container_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Container Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "9e991b10-3391-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/9ed46680-f0ce-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/9ed46680-f0ce-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..25a12d5700b --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/9ed46680-f0ce-11e9-90ec-112a988266d5.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" " + } + } + }, + "title": "Resource Type Breakdown [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "azure.resource.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Resource Type Breakdown [Logs Azure]", + "type": "pie" + } + }, + "id": "9ed46680-f0ce-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/a4bf9710-3393-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/a4bf9710-3393-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..50483c4a94c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/a4bf9710-3393-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage File Share Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0'", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "File Share Count", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.file_share_count.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage File Share Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "a4bf9710-3393-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/abd32c30-ea99-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/abd32c30-ea99-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..df1dea8357c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/abd32c30-ea99-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Network Out Total [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "Azure VM Network Out Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.network_out_total.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Network Out Total [Metrics Azure]", + "type": "metrics" + } + }, + "id": "abd32c30-ea99-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/acced050-32d1-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/acced050-32d1-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..4b3bf242f0f --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/acced050-32d1-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Filters [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "azure.subscription_id", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "azure.resource.group", + "id": "1549512142947", + "indexPatternRefName": "control_1_index_pattern", + "label": "Resource Group", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.instance.name", + "id": "1578578146383", + "indexPatternRefName": "control_2_index_pattern", + "label": "Resource Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Storage Filters [Metrics Azure]", + "type": "input_control_vis" + } + }, + "id": "acced050-32d1-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/b0471750-f05b-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/b0471750-f05b-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..f6a6666bcf7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/b0471750-f05b-11e9-90ec-112a988266d5.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Filters [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "azure.subscription_id", + "id": "1517598395667", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 100, + "type": "terms" + }, + "type": "list" + }, + { + "fieldName": "azure.activitylogs.identity.claims_initiated_by_user.name", + "id": "1518843942322", + "indexPatternRefName": "control_1_index_pattern", + "label": "User Email", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 100, + "type": "terms" + }, + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "User Filters [Logs Azure]", + "type": "input_control_vis" + } + }, + "id": "b0471750-f05b-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/b45fd8e0-eb42-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/b45fd8e0-eb42-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..0eb9d772625 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/b45fd8e0-eb42-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Network Out Total [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "Azure VM Network Out Total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.network_out_total.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Network Out Total [Metrics Azure]", + "type": "metrics" + } + }, + "id": "b45fd8e0-eb42-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/b88b7f90-6d07-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/b88b7f90-6d07-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..2e3c4b5393c --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/b88b7f90-6d07-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Registry Successful Push Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerRegistry/registries\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(128,137,0,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Registry Successful Push Count", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_registry.successful_push_count.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Registry Successful Push Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "b88b7f90-6d07-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/b9aa9b20-eaa5-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/b9aa9b20-eaa5-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..c15ed89da1a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/b9aa9b20-eaa5-11e9-90ec-112a988266d5.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "ASP.NET Application Sessions [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "6d6575a0-eaa5-11e9-84ad-5919a47b8f34", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "6d6575a1-eaa5-11e9-84ad-5919a47b8f34", + "label": "active", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_sessions_active.avg", + "id": "6d6575a2-eaa5-11e9-84ad-5919a47b8f34", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "6d6575a3-eaa5-11e9-84ad-5919a47b8f34", + "label": "timed out", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_sessions_timed_out.avg", + "id": "6d6575a4-eaa5-11e9-84ad-5919a47b8f34", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": 0, + "formatter": "number", + "id": "6d6575a5-eaa5-11e9-84ad-5919a47b8f34", + "label": "abandoned", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_sessions_abandoned.avg", + "id": "6d6575a6-eaa5-11e9-84ad-5919a47b8f34", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#490092", + "fill": 0, + "formatter": "number", + "id": "6d6575a7-eaa5-11e9-84ad-5919a47b8f34", + "label": "total", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.asp_net_applications_sessions_total.avg", + "id": "6d6575a8-eaa5-11e9-84ad-5919a47b8f34", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "ASP.NET Application Sessions [Metrics Azure]", + "type": "metrics" + } + }, + "id": "b9aa9b20-eaa5-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/bc65e840-ec1e-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/bc65e840-ec1e-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..f9c4aff7bf1 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/bc65e840-ec1e-11e9-90ec-112a988266d5.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Service Health Overview [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category : \"ServiceHealth\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Active\"" + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.outcome: \"Resolved\" " + }, + "formatter": "number", + "hide_in_legend": 0, + "id": "5a52f170-ec1e-11e9-b6a7-21d19b63822a", + "line_width": 1, + "metrics": [ + { + "id": "5a52f171-ec1e-11e9-b6a7-21d19b63822a", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Service Health Overview [Logs Azure]", + "type": "metrics" + } + }, + "id": "bc65e840-ec1e-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/bd1c93b0-6cf7-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/bd1c93b0-6cf7-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..4a7e2751f8a --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/bd1c93b0-6cf7-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Instance Network Bytes Received/s [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerInstance/containerGroups\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Instance Network Bytes Received/s", + "line_width": "2", + "metrics": [ + { + "field": "azure.container_instance.network_bytes_received_per_second.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Instance Network Bytes Received/s [Metrics Azure]", + "type": "metrics" + } + }, + "id": "bd1c93b0-6cf7-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/bda7b580-6d1f-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/bda7b580-6d1f-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..ff38e34d956 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/bda7b580-6d1f-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Service Kube Pod Status Phase [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "0d772fb0-6d1f-11ea-a156-a582cfb250e8" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerService/managedClusters\" " + }, + "gauge_color_rules": [ + { + "id": "0ba507c0-6d1f-11ea-a156-a582cfb250e8" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(240,213,175,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Service Kube Pod Status Phase", + "line_width": "2", + "metrics": [ + { + "field": "azure.container_service.kube_pod_status_phase.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "00", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.pod" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Service Kube Pod Status Phase [Metrics Azure]", + "type": "metrics" + } + }, + "id": "bda7b580-6d1f-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/c19586f0-6d1e-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/c19586f0-6d1e-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..ca062b400d7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/c19586f0-6d1e-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Service Kube Pod Status Ready [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerService/managedClusters\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(200,205,124,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_service.kube_pod_status_ready.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "azure.dimensions.pod", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Service Kube Pod Status Ready [Metrics Azure]", + "type": "metrics" + } + }, + "id": "c19586f0-6d1e-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/c43855e0-f05a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/c43855e0-f05a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..eff6385fb35 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/c43855e0-f05a-11e9-90ec-112a988266d5.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Users [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Monitoring\n\n[Overview](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [**Users**](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab": false + }, + "title": "Navigation Users [Logs Azure]", + "type": "markdown" + } + }, + "id": "c43855e0-f05a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/c704b050-f0de-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/c704b050-f0de-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..d8bd4321409 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/c704b050-f0de-11e9-90ec-112a988266d5.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category : \"Alert\" " + } + } + }, + "title": "Alerts Heatmap [Logs Azure]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0": "rgb(247,252,245)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Provider", + "field": "azure.resource.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Resource Group", + "field": "azure.resource.group", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Greens", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Alerts Heatmap [Logs Azure]", + "type": "heatmap" + } + }, + "id": "c704b050-f0de-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/cecd6680-eb41-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/cecd6680-eb41-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..a2eecc98567 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/cecd6680-eb41-11e9-90ec-112a988266d5.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Available Memory [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "e25fa710-eb3e-11e9-8bf6-ff656bce9010", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": 0, + "formatter": "bytes", + "id": "e25fa711-eb3e-11e9-8bf6-ff656bce9010", + "label": "avg(azure.compute_vm_scaleset.memory_available_bytes.avg)", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.memory_available_bytes.avg", + "id": "e25fa712-eb3e-11e9-8bf6-ff656bce9010", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Available Memory [Metrics Azure]", + "type": "metrics" + } + }, + "id": "cecd6680-eb41-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/cfaedaf0-eb43-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/cfaedaf0-eb43-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..9f7b902041e --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/cfaedaf0-eb43-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VMSS Disk Write Operations [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachineScaleSets\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0, + "formatter": "number", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Write Operations/s", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm_scaleset.disk_write_operations_per_sec.avg", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VMSS Disk Write Operations [Metrics Azure]", + "type": "metrics" + } + }, + "id": "cfaedaf0-eb43-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/d7ea4290-eaa8-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/d7ea4290-eaa8-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..6e1e72ebae2 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/d7ea4290-eaa8-11e9-90ec-112a988266d5.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQL Server Total Server Memory [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type:\"Microsoft.Compute/virtualMachines\" " + }, + "id": "94af6a00-eaa8-11e9-9269-d92e2d3f77fd", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "bytes", + "id": "94af6a01-eaa8-11e9-9269-d92e2d3f77fd", + "label": "memory", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.sqlserver_memory_manager_total_server_memory.avg", + "id": "94af6a02-eaa8-11e9-9269-d92e2d3f77fd", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQL Server Total Server Memory [Metrics Azure]", + "type": "metrics" + } + }, + "id": "d7ea4290-eaa8-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/d91ce8d0-53e8-11ea-b1b7-7de801e1c297.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/d91ce8d0-53e8-11ea-b1b7-7de801e1c297.json new file mode 100644 index 00000000000..11ca87dc9bc --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/d91ce8d0-53e8-11ea-b1b7-7de801e1c297.json @@ -0,0 +1,195 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" " + } + } + }, + "title": "Resource Creations [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Resource type", + "field": "azure.resource.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Creations", + "field": "azure.activitylogs.identity.authorization.action", + "include": ".*write", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "label": "Creations", + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "label": "Resource type", + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Resource Creations [Logs Azure]", + "type": "horizontal_bar" + } + }, + "id": "d91ce8d0-53e8-11ea-b1b7-7de801e1c297", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/da67d650-ec14-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/da67d650-ec14-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..73f587cce60 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/da67d650-ec14-11e9-90ec-112a988266d5.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Activity Level [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category :\"Administrative\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Activity Level [Logs Azure]", + "type": "metrics" + } + }, + "id": "da67d650-ec14-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/db9a3490-ea8f-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/db9a3490-ea8f-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..2a6b6c5e534 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/db9a3490-ea8f-11e9-90ec-112a988266d5.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM CPU Utilization [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.Compute/virtualMachines\" " + }, + "id": "4f6c1610-ea8e-11e9-8c73-71740bcf3d8b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "4f6c1611-ea8e-11e9-8c73-71740bcf3d8b", + "label": "Azure VM CPU Utilization", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.percentage_cpu.avg", + "id": "4f6c1612-ea8e-11e9-8c73-71740bcf3d8b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "value_template": "{{value}}%" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM CPU Utilization [Metrics Azure]", + "type": "metrics" + } + }, + "id": "db9a3490-ea8f-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/ddea7430-6d07-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/ddea7430-6d07-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..f167fa5c446 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/ddea7430-6d07-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Registry Total Push Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerRegistry/registries\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Registry Total Push Count", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_registry.total_push_count.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Registry Total Push Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "ddea7430-6d07-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e0203fc0-f05f-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e0203fc0-f05f-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..113349885c4 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e0203fc0-f05f-11e9-90ec-112a988266d5.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Activity Overview [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category :\"Administrative\" and azure.activitylogs.identity.claims_initiated_by_user.fullname :*" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(1,155,143,1)", + "fill": "0.4", + "filter": "", + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Actions", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "_exists_:identity.claims.name" + }, + "id": "a5302500-1399-11e8-a699-f390e75f4dd5", + "label": "" + } + ], + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": null, + "type": "timeseries" + }, + "title": "User Activity Overview [Logs Azure]", + "type": "metrics" + } + }, + "id": "e0203fc0-f05f-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e159b990-339c-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e159b990-339c-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..c26ba963021 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e159b990-339c-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Queue Capacity [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Queue Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.queue_capacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Queue Capacity [Metrics Azure]", + "type": "metrics" + } + }, + "id": "e159b990-339c-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e37cd3d0-ec23-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e37cd3d0-ec23-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..b2055495226 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e37cd3d0-ec23-11e9-90ec-112a988266d5.json @@ -0,0 +1,115 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category : \"ServiceHealth\" " + } + } + }, + "title": "Service Health Count [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Incidents" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Active\"" + }, + "label": "Active" + }, + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Resolved\"" + }, + "label": "Resolved" + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "bucket": { + "accessor": 0, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "metrics": [ + { + "accessor": 1, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Service Health Count [Logs Azure]", + "type": "metric" + } + }, + "id": "e37cd3d0-ec23-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e4b25ee0-32f6-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e4b25ee0-32f6-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..55f7bdd1eb8 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e4b25ee0-32f6-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Blob Storage Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Storage\n\n[Overview](#/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc) | [**Blob**](#/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc) | [File](#/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc) | [Table](#/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc) | [Queue](#/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc) ", + "openLinksInNewTab": false + }, + "title": "Navigation Blob Storage Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "e4b25ee0-32f6-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e4c7f4b0-f045-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e4c7f4b0-f045-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..ac285da3683 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e4c7f4b0-f045-11e9-90ec-112a988266d5.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset : \"azure.activitylogs\" " + } + } + }, + "title": "Activity Stats [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Resources", + "field": "azure.resource.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Users", + "field": "azure.activitylogs.identity.claims_initiated_by_user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Resource Groups", + "field": "azure.resource.group" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Subscriptions", + "field": "azure.subscription_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + }, + { + "accessor": 1, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + }, + { + "accessor": 2, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Activity Stats [Logs Azure]", + "type": "metric" + } + }, + "id": "e4c7f4b0-f045-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e79211c0-6d37-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e79211c0-6d37-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..1a509562db3 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e79211c0-6d37-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,228 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + }, + "title": "Container Service Kube Node Status Condition [Metrics Azure]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 0.2": "rgb(165,0,38)", + "0.2 - 0.4": "rgb(244,109,67)", + "0.4 - 0.6": "rgb(254,224,139)", + "0.6 - 0.8": "rgb(217,239,139)", + "0.8 - 1": "rgb(102,189,99)" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "azure.container_service.kube_node_status_condition.avg" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"Ready\" and azure.dimensions.status : \"true\" " + }, + "label": "Ready \"true\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"Ready\" and azure.dimensions.status : \"false\" " + }, + "label": "Ready \"false\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"NetworkUnavailable\" and azure.dimensions.status : \"true\" " + }, + "label": "Network Unavailable \"true\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"NetworkUnavailable\" and azure.dimensions.status : \"false\" " + }, + "label": "NetworkUnavailable \"false\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"OutOfDisk\" and azure.dimensions.status : \"false\" " + }, + "label": "OutOfDisk \"false\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"OutOfDisk\" and azure.dimensions.status : \"true\" " + }, + "label": "OutOfDisk \"true\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"MemoryPressure\" and azure.dimensions.status : \"true\" " + }, + "label": "MemoryPressure \"true\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"MemoryPressure\" and azure.dimensions.status : \"false\" " + }, + "label": "MemoryPressure \"false\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"DiskPressure\" and azure.dimensions.status : \"false\" " + }, + "label": "DiskPressure \"false\"" + }, + { + "input": { + "language": "kuery", + "query": "azure.dimensions.condition : \"DiskPressure\" and azure.dimensions.status : \"true\" " + }, + "label": "DiskPressure \"true\"" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "azure.dimensions.node", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 5, + "colorsRange": [ + { + "from": 0, + "to": 10 + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "azure.dimensions.node: Descending", + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "filters", + "format": {}, + "label": "filters", + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "avg", + "format": { + "id": "number", + "params": { + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "Average azure.container_service.kube_node_status_condition.avg", + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": true, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Container Service Kube Node Status Condition [Metrics Azure]", + "type": "heatmap" + } + }, + "id": "e79211c0-6d37-11ea-8fe8-71add5fd7c38", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/e8ca65c0-eb45-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/e8ca65c0-eb45-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..efb88ba911e --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/e8ca65c0-eb45-11e9-90ec-112a988266d5.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "VM Disk Reads [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type :\"Microsoft.Compute/virtualMachines\" " + }, + "id": "39b6adc0-ea99-11e9-8328-799c817fb96b", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "39b6adc1-ea99-11e9-8328-799c817fb96b", + "label": "VM Disk Read bytes", + "line_width": 2, + "metrics": [ + { + "field": "azure.compute_vm.disk_read_bytes.total", + "id": "39b6adc2-ea99-11e9-8328-799c817fb96b", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "VM Disk Reads [Metrics Azure]", + "type": "metrics" + } + }, + "id": "e8ca65c0-eb45-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/eda368d0-6d1d-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/eda368d0-6d1d-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..3ce644c2064 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/eda368d0-6d1d-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Service Kube Node Status Allocatable Memory Bytes [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerService/managedClusters\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Service Kube Node Status Allocatable Memory Bytes", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_service.kube_node_status_allocatable_memory_bytes.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Service Kube Node Status Allocatable Memory Bytes [Metrics Azure]", + "type": "metrics" + } + }, + "id": "eda368d0-6d1d-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/f18a7cb0-32f6-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/f18a7cb0-32f6-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..ba045269dbc --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/f18a7cb0-32f6-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation File Storage Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Storage\n\n[Overview](#/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc) | [Blob](#/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc) | [**File**](#/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc) | [Table](#/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc) | [Queue](#/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc) ", + "openLinksInNewTab": false + }, + "title": "Navigation File Storage Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "f18a7cb0-32f6-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/f528e6a0-339a-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/f528e6a0-339a-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..43dc880d224 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/f528e6a0-339a-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Storage Table Capacity [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "background_color_rules": [ + { + "id": "71978870-32e4-11ea-af9e-d70582a45bda" + } + ], + "bar_color_rules": [ + { + "id": "f11cfd90-32e5-11ea-af9e-d70582a45bda" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "9c09ed50-32e4-11ea-af9e-d70582a45bda" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": "6", + "gauge_style": "circle", + "gauge_width": "10", + "id": "61fb4190-32e4-11ea-b9f8-4d0b340ad993", + "index_pattern": "metrics-*", + "interval": "60m", + "isModelInvalid": false, + "pivot_id": "cloud.instance.name", + "pivot_label": "Resource Name", + "pivot_rows": "30", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "1.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61fb4191-32e4-11ea-b9f8-4d0b340ad993", + "label": "Table Capacity", + "line_width": 2, + "metrics": [ + { + "field": "azure.storage.table_capacity.avg", + "id": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61fb4192-32e4-11ea-b9f8-4d0b340ad993", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Storage Table Capacity [Metrics Azure]", + "type": "metrics" + } + }, + "id": "f528e6a0-339a-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/f684a750-ec23-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/f684a750-ec23-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..7c8d8162bd7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/f684a750-ec23-11e9-90ec-112a988266d5.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset :\"azure.activitylogs\" and event.category : \"Alert\" " + } + } + }, + "title": "Alerts Count [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Alerts" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Activated\"" + }, + "label": "Activated" + }, + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Resolved\"" + }, + "label": "Resolved" + }, + { + "input": { + "language": "kuery", + "query": "event.outcome : \"Succeeded\"" + }, + "label": "Succeeded" + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "bucket": { + "accessor": 0, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "metrics": [ + { + "accessor": 1, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Alerts Count [Logs Azure]", + "type": "metric" + } + }, + "id": "f684a750-ec23-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/fcc24d70-32f5-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/fcc24d70-32f5-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..dbd03958bcf --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/fcc24d70-32f5-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Storage Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Storage\n\n[**Overview**](#/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc) | [Blob](#/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc) | [File](#/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc) | [Table](#/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc) | [Queue](#/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc) ", + "openLinksInNewTab": false + }, + "title": "Navigation Storage Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "fcc24d70-32f5-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/fdef3f40-32f6-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/fdef3f40-32f6-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..4570f9cc0a1 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/fdef3f40-32f6-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Table Storage Overview [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Storage\n\n[Overview](#/dashboard/1a151f80-32db-11ea-a83e-25b8612d00cc) | [Blob](#/dashboard/b165ef60-32f7-11ea-a83e-25b8612d00cc) | [File](#/dashboard/dff7a080-32f7-11ea-a83e-25b8612d00cc) | [**Table**](#/dashboard/ff2fe020-32f7-11ea-a83e-25b8612d00cc) | [Queue](#/dashboard/10efa340-32f8-11ea-a83e-25b8612d00cc) ", + "openLinksInNewTab": false + }, + "title": "Navigation Table Storage Overview [Metrics Azure]", + "type": "markdown" + } + }, + "id": "fdef3f40-32f6-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/fe24ac90-f05a-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/fe24ac90-f05a-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..8211622caa7 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/fe24ac90-f05a-11e9-90ec-112a988266d5.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation Overview [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "### Azure Monitoring\n\n[**Overview**](#/dashboard/41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/0f559cc0-f0d5-11e9-90ec-112a988266d5) ", + "openLinksInNewTab": false + }, + "title": "Navigation Overview [Logs Azure]", + "type": "markdown" + } + }, + "id": "fe24ac90-f05a-11e9-90ec-112a988266d5", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/ff303710-6d07-11ea-8fe8-71add5fd7c38.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/ff303710-6d07-11ea-8fe8-71add5fd7c38.json new file mode 100644 index 00000000000..f9585753774 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/ff303710-6d07-11ea-8fe8-71add5fd7c38.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Container Registry Total Pull Count [Metrics Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "azure.resource.type : \"Microsoft.ContainerRegistry/registries\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "\u003e=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Container Registry Total Pull Count", + "line_width": "02", + "metrics": [ + { + "field": "azure.container_registry.total_pull_count.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Container Registry Total Pull Count [Metrics Azure]", + "type": "metrics" + } + }, + "id": "ff303710-6d07-11ea-8fe8-71add5fd7c38", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/kibana/visualization/ffe22180-ec1c-11e9-90ec-112a988266d5.json b/dev/packages/beats/azure/0.0.1/kibana/visualization/ffe22180-ec1c-11e9-90ec-112a988266d5.json new file mode 100644 index 00000000000..0eceae33794 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/kibana/visualization/ffe22180-ec1c-11e9-90ec-112a988266d5.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Tag Cloud [Logs Azure]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "azure.activitylogs.identity.claims_initiated_by_user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "bucket": { + "accessor": 0, + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "type": "vis_dimension" + }, + "maxFontSize": 32, + "metric": { + "accessor": 1, + "format": { + "id": "string", + "params": {} + }, + "type": "vis_dimension" + }, + "minFontSize": 12, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "User Tag Cloud [Logs Azure]", + "type": "tagcloud" + } + }, + "id": "ffe22180-ec1c-11e9-90ec-112a988266d5", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/azure/0.0.1/manifest.yml b/dev/packages/beats/azure/0.0.1/manifest.yml new file mode 100644 index 00000000000..ac5a9a0fc83 --- /dev/null +++ b/dev/packages/beats/azure/0.0.1/manifest.yml @@ -0,0 +1,85 @@ +format_version: 1.0.0 +name: azure +title: azure +version: 0.0.1 +license: basic +description: azure Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.7.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-azure-overview.png + title: filebeat azure overview + size: 5002x2666 + type: image/png +- src: /img/metricbeat-azure-vm-overview.png + title: metricbeat azure vm overview + size: 5006x2672 + type: image/png +- src: /img/metricbeat-azure-vm-guestmetrics-overview.png + title: metricbeat azure vm guestmetrics overview + size: 5006x2672 + type: image/png +- src: /img/metricbeat-azure-vmss-overview.png + title: metricbeat azure vmss overview + size: 5000x2668 + type: image/png +- src: /img/metricbeat-azure-storage-overview.png + title: metricbeat azure storage overview + size: 5008x2662 + type: image/png +icons: +- src: /img/logo_azure.svg + title: logo azure + size: 32x32 + type: image/svg+xml +datasources: +- name: azure + title: azure logs and metrics + description: Collect logs and metrics from azure instances + inputs: + - type: logs + title: Collect logs from azure instances + description: Collecting azure activitylogs, auditlogs and signinlogs logs + - type: azure/metrics + vars: + - name: client_id + type: text + title: Client Id + multi: false + required: true + show_user: true + default: ${AZURE_CLIENT_ID:""} + - name: client_secret + type: text + title: Client Secret + multi: false + required: true + show_user: true + default: ${AZURE_CLIENT_SECRET:""} + - name: subscription_id + type: text + title: Subscription Id + multi: false + required: true + show_user: true + default: ${AZURE_SUBSCRIPTION_ID:""} + - name: tenant_id + type: text + title: Tenant Id + multi: false + required: true + show_user: true + default: ${AZURE_TENANT_ID:""} + title: Collect metrics from azure instances + description: Collecting azure compute_vm, compute_vm_scaleset, container_instance, + container_registry, container_service, database_account, monitor and storage + metrics diff --git a/dev/packages/beats/beat/0.0.1/dataset/state/agent/stream/stream.yml.hbs b/dev/packages/beats/beat/0.0.1/dataset/state/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0aae2cfd235 --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/state/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["state"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/beat/0.0.1/dataset/state/fields/fields.yml b/dev/packages/beats/beat/0.0.1/dataset/state/fields/fields.yml new file mode 100644 index 00000000000..37d72565e65 --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/state/fields/fields.yml @@ -0,0 +1,20 @@ +- name: beat.state + type: group + release: ga + fields: + - name: management.enabled + type: boolean + description: | + Is central management enabled? + - name: module.count + type: integer + description: | + Number of modules enabled + - name: output.name + type: keyword + description: | + Name of output used by Beat + - name: queue.name + type: keyword + description: | + Name of queue being used by Beat diff --git a/dev/packages/beats/beat/0.0.1/dataset/state/fields/package-fields.yml b/dev/packages/beats/beat/0.0.1/dataset/state/fields/package-fields.yml new file mode 100644 index 00000000000..263dc43179f --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/state/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: beat + type: group + fields: + - name: id + type: keyword + description: | + Beat ID. + - name: type + type: keyword + description: | + Beat type. diff --git a/dev/packages/beats/beat/0.0.1/dataset/state/manifest.yml b/dev/packages/beats/beat/0.0.1/dataset/state/manifest.yml new file mode 100644 index 00000000000..29007535bce --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/state/manifest.yml @@ -0,0 +1,15 @@ +title: Beat state metrics +release: experimental +type: metrics +streams: +- input: beat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Beat state metrics + description: Collect Beat state metrics diff --git a/dev/packages/beats/beat/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/beat/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/beat/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/beat/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..f26895c70b3 --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,79 @@ +- name: beat.stats + type: group + release: ga + fields: + - name: uptime.ms + type: long + description: | + Beat uptime + - name: runtime.goroutines + type: long + description: | + Number of goroutines running in Beat + - name: libbeat + type: group + fields: + - name: output + type: group + fields: + - name: type + type: keyword + description: | + Type of output + - name: events + type: group + fields: + - name: acked + type: long + description: | + Number of events acknowledged + - name: active + type: long + description: | + Number of active events + - name: batches + type: long + description: | + Number of event batches + - name: dropped + type: long + description: | + Number of events dropped + - name: duplicates + type: long + description: | + Number of events duplicated + - name: failed + type: long + description: | + Number of events failed + - name: toomany + type: long + description: | + Number of too many events + - name: total + type: long + description: | + Total number of events + - name: read + type: group + fields: + - name: bytes + type: long + description: | + Number of bytes read + - name: errors + type: long + description: | + Number of read errors + - name: write + type: group + fields: + - name: bytes + type: long + description: | + Number of bytes written + - name: errors + type: long + description: | + Number of write errors diff --git a/dev/packages/beats/beat/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/beat/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..263dc43179f --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: beat + type: group + fields: + - name: id + type: keyword + description: | + Beat ID. + - name: type + type: keyword + description: | + Beat type. diff --git a/dev/packages/beats/beat/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/beat/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..f137b571827 --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: Beat stats metrics +release: experimental +type: metrics +streams: +- input: beat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Beat stats metrics + description: Collect Beat stats metrics diff --git a/dev/packages/beats/beat/0.0.1/docs/README.md b/dev/packages/beats/beat/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/beat/0.0.1/manifest.yml b/dev/packages/beats/beat/0.0.1/manifest.yml new file mode 100644 index 00000000000..4ba89cdadce --- /dev/null +++ b/dev/packages/beats/beat/0.0.1/manifest.yml @@ -0,0 +1,31 @@ +format_version: 1.0.0 +name: beat +title: Beat +version: 0.0.1 +license: basic +description: Beat Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: beat + title: Beat metrics + description: Collect metrics from Beat instances + inputs: + - type: beat/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://localhost:5066 + title: Collect metrics from Beat instances + description: Collecting Beat state and stats metrics diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..8fc35721903 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,13 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - rename: + fields: + - {from: "message", to: "event.original"} + - decode_cef: + field: event.original + - community_id: \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/syslog.yml.hbs b/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..a5260c0c496 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/agent/stream/syslog.yml.hbs @@ -0,0 +1,10 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +tags: {{tags}} +processors: + - rename: + fields: + - {from: "message", to: "event.original"} + - decode_cef: + field: event.original + - community_id: \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/cp-pipeline.yml b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/cp-pipeline.yml new file mode 100644 index 00000000000..eea2f8fd592 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/cp-pipeline.yml @@ -0,0 +1,339 @@ +--- +description: Pipeline for Check Point CEF + +processors: + # This script is mapping CEF extensions to ECS when possible. Otherwise + # it maps them to fields under the `checkpoint` group using Check Point log + # field names. + # + # [1] Description of Check Point CEF extensions: + # https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-CEF-Field-Mappings/td-p/41060 + # [2] Description of Check Point log field names (sk144192): + # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192 + # + # Note that in some cases the CEF extension name doesn't accurately describe + # its contents. For example sntdom/sourceNtDomain, which is used to store + # Check Point's domain_name, documented as "Domain name sent to DNS request". + # + # This script processes the `params.extensions` list below. This list consists + # of two different kinds of mappings, the simpler has a source ext `name` + # and a `to` field. It copies the given extension field to the target `to`. + # + # When the `labels` dict is defined, the target field depends on the value of + # the accompanying label field. For example, the field deviceCustomIPv6Address2 + # is mapped to `source.ip` only when the extension deviceCustomIPv6Address2Label + # exists and its value is "Source IPv6 Address". + # + # Also it can convert the destination value by simple mapping when the + # convert key exists. Values without an entry in the convert dict are not + # copied and the target field remains unset. + # + # The output of this processor is a single field, `_tmp_copy`, that contains + # a list of actions `{"to": "target_field", "value":"field value"}` that is + # later executed using a foreach processor. This is done to avoid complex + # de-dotting and other gotchas of setting arbitrary fields in Painless. + - script: + lang: painless + params: + extensions: + - name: cp_app_risk + to: checkpoint.app_risk + + - name: cp_app_risk + to: event.risk_score + # This mapping is a mix of [1] and [2] above. + convert: + unknown: 0 + informational: 0 + very-low: 1 + low: 2 + medium: 3 + high: 4 + very-high: 5 + critical: 5 + + - name: cp_severity + to: checkpoint.severity + + - name: cp_severity + to: event.severity + convert: + # This mapping is a mix of [1] and [2] above. + unknown: 0 + informational: 0 + very-low: 1 + low: 1 + medium: 2 + high: 3 + very-high: 4 + critical: 4 + + # Number of events associated with the log + - name: baseEventCount + to: checkpoint.event_count + + # Log type + - name: deviceExternalId + to: observer.type + + # Product Family (override deviceExternalId if present). + - name: deviceFacility + to: observer.type + convert: + '0': Network + '1': Endpoint + '2': Access + '3': Threat + '4': Mobile + + # Gateway interface, where the connection is received from in case of an outbound connection + - name: deviceInboundInterface + to: observer.ingress.interface.name + + # Gateway interface, where the connection is sent from, in case of an inbound connection + - name: deviceOutboundInterface + to: observer.egress.interface.name + + - name: externalId + to: checkpoint.uuid + + - name: fileHash + to: checkpoint.file_hash + + - name: reason + to: checkpoint.termination_reason + + # Possibly an IKE cookie + - name: requestCookies + to: checkpoint.cookie + + # Probably a typo in CP's CEF docs + - name: checkrequestCookies + to: checkpoint.cookie + + # Domain name sent to DNS request + - name: sourceNtDomain + to: dns.question.name + + # CVE registry entry + - name: Signature + to: vulnerability.id + + - name: Recipient + to: destination.user.email + + - name: Sender + to: source.user.email + + - name: deviceCustomFloatingPoint1 + labels: + update version: observer.version + + - name: deviceCustomIPv6Address2 + labels: + source ipv6 address: source.ip + + - name: deviceCustomIPv6Address3 + labels: + destination ipv6 address: destination.ip + + - name: deviceCustomNumber1 + labels: + payload: network.bytes + elapsed time in seconds: event.duration + email recipients number: checkpoint.email_recipients_num + + - name: deviceCustomNumber2 + labels: + duration in seconds: event.duration + icmp type: checkpoint.icmp_type + + - name: deviceCustomNumber3 + labels: + icmp code: checkpoint.icmp_code + + - name: deviceCustomString1 + labels: + application rule name: rule.name + dlp rule name: rule.name + threat prevention rule name: rule.name + connectivity state: checkpoint.connectivity_state + email id: checkpoint.email_id + voip log type: checkpoint.voip_log_type + + - name: deviceCustomString2 + labels: + # Protection malware id + protection id: checkpoint.protection_id + update status: checkpoint.update_status + email subject: checkpoint.email_subject + sensor mode: checkpoint.sensor_mode + scan invoke type: checkpoint.integrity_av_invoke_type + category: checkpoint.category + # Matched categories + categories: rule.category + peer gateway: checkpoint.peer_gateway + + - name: deviceCustomString6 + labels: + application name: network.application + virus name: checkpoint.virus_name + malware name: checkpoint.spyware_name + malware family: checkpoint.malware_family + + - name: deviceCustomString3 + labels: + user group: group.name + # Format of original data. + incident extension: checkpoint.incident_extension + identity type: checkpoint.identity_type + email spool id: checkpoint.email_spool_id + # Type of protection used to detect the attack + protection type: checkpoint.protection_type + + - name: deviceCustomString4 + labels: + malware status: checkpoint.spyware_status + destination os: os.name + scan result: checkpoint.scan_result + frequency: checkpoint.frequency + protection name: checkpoint.protection_name + user response: checkpoint.user_status + email control: checkpoint.email_control + tcp flags: checkpoint.tcp_flags + threat prevention rule id: rule.id + + - name: deviceCustomString5 + labels: + matched category: rule.category + authentication method: checkpoint.auth_method + email session id: checkpoint.email_session_id + vlan id: network.vlan.id + + - name: deviceCustomDate2 + labels: + subscription expiration: checkpoint.subs_exp + + - name: deviceFlexNumber1 + labels: + confidence: checkpoint.confidence_level + + - name: deviceFlexNumber2 + labels: + destination phone number: checkpoint.dst_phone_number + performance impact: checkpoint.performance_impact + + - name: flexString1 + labels: + application signature id: checkpoint.app_sig_id + + - name: flexString2 + labels: + malware action: rule.description + attack information: event.action + + - name: rule_uid + to: rule.uuid + + - name: ifname + to: observer.ingress.interface.name + + - name: inzone + to: observer.ingress.zone + + - name: outzone + to: observer.egress.zone + + - name: product + to: observer.product + + source: | + def actions = new ArrayList(); + def exts = ctx.cef?.extensions; + if (exts == null) return; + for (entry in params.extensions) { + def value = exts[entry.name]; + if (value == null || + (entry.convert != null && + (value=entry.convert[value.toLowerCase()]) == null)) + continue; + if (entry.to != null) { + actions.add([ + "value": value, + "to": entry.to + ]); + continue; + } + def label = exts[entry.name + "Label"]; + if (label == null) continue; + def dest = entry.labels[label.toLowerCase()]; + if (dest == null) continue; + actions.add([ + "value": value, + "to": dest + ]); + } + ctx["_tmp_copy"] = actions; + + - foreach: + field: _tmp_copy + processor: + set: + field: "{{_ingest._value.to}}" + value: "{{_ingest._value.value}}" + + - remove: + field: _tmp_copy + + # event.duration is a string and contains seconds. Convert to long nanos. + - script: + params: + second_to_nanos: 1000000000 + lang: painless + source: | + def duration = ctx.event?.duration; + if (duration == null) return; + ctx.event.duration = Long.parseLong(duration) * params.second_to_nanos; + on_failure: + - remove: + field: event.duration + ignore_missing: true + + # checkpoint.file_hash can be either MD5, SHA1 or SHA256. + - rename: + field: checkpoint.file_hash + target_field: file.hash.md5 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==32' + - rename: + field: checkpoint.file_hash + target_field: file.hash.sha1 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==40' + - rename: + field: checkpoint.file_hash + target_field: file.hash.sha256 + if: 'ctx.checkpoint?.file_hash != null && ctx.checkpoint.file_hash.length()==64' + + # Event kind is 'event' by default. 'alert' when a risk score and rule info + # is present. + - set: + field: event.kind + value: event + - set: + field: event.kind + value: alert + if: 'ctx.cef?.extensions?.cp_app_risk != null && ctx.rule != null' + + # Set event.category to network/malware/intrusion_detection depending on which + # fields have been populated. + - set: + field: event.category + value: network + if: 'ctx.source?.ip != null && ctx.destination?.ip != null' + - set: + field: event.category + value: malware + if: 'ctx.checkpoint?.protection_id != null || ctx.checkpoint?.spyware_name != null || ctx.checkpoint?.malware_family != null || ctx.checkpoint?.spyware_status != null' + - set: + field: event.category + value: intrusion_detection + if: 'ctx.event?.category != "malware" && (ctx.checkpoint?.protection_type != null || ctx.cef.extensions?.flexString2Label == "Attack Information")' diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..d3d07314e1e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,89 @@ +--- +description: Pipeline for Filebeat CEF + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: related.hash + value: "{{cef.extensions.fileHash}}" + if: "ctx?.cef?.extensions?.fileHash != null" + - append: + field: related.hash + value: "{{cef.extensions.oldFileHash}}" + if: "ctx?.cef?.extensions?.oldFileHash != null" + - append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + - append: + field: related.ip + value: "{{destination.nat.ip}}" + if: "ctx?.destination?.nat?.ip != null" + - append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: related.ip + value: "{{source.nat.ip}}" + if: "ctx?.source?.nat?.ip != null" + - append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx?.destination?.user?.name != null" + - append: + field: related.user + value: "{{source.user.name}}" + if: "ctx?.source?.user?.name != null" + - pipeline: + name: '{{ IngestPipeline "fp-pipeline" }}' + if: "ctx.cef?.device?.vendor == 'FORCEPOINT'" + - pipeline: + name: '{{ IngestPipeline "cp-pipeline" }}' + if: "ctx.cef?.device?.vendor == 'Check Point'" +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/fp-pipeline.yml b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/fp-pipeline.yml new file mode 100644 index 00000000000..1459d521cce --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/elasticsearch/ingest-pipeline/fp-pipeline.yml @@ -0,0 +1,27 @@ +--- +description: Pipeline for Forcepoint CEF + +processors: + # cs1 is ruleID + - set: + field: rule.id + value: "{{cef.extensions.deviceCustomString1}}" + if: "ctx.cef?.extensions?.deviceCustomString1 != null" + + # cs2 is natRuleID + - set: + field: rule.id + value: "{{cef.extensions.deviceCustomString2}}" + if: "ctx.cef?.extensions?.deviceCustomString2 != null" + + # cs3 is VulnerabilityReference + - set: + field: vulnerability.reference + value: "{{cef.extensions.deviceCustomString3}}" + if: "ctx.cef?.extensions?.deviceCustomString3 != null" + + # cs4 is virusID + - set: + field: cef.forcepoint.virus_id + value: "{{cef.extensions.deviceCustomString4}}" + if: "ctx.cef?.extensions?.deviceCustomString4 != null" diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/cef/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..503872f181a --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,178 @@ +- name: cef.forcepoint + type: group + fields: + - name: virus_id + type: keyword + description: | + Virus ID +- name: cef.checkpoint + type: group + fields: + - name: app_risk + type: keyword + description: Application risk. + - name: app_severity + type: keyword + description: Application threat severity. + - name: app_sig_id + type: keyword + description: The signature ID which the application was detected by. + - name: auth_method + type: keyword + description: Password authentication protocol used. + - name: category + type: keyword + description: Category. + - name: confidence_level + type: integer + description: Confidence level determined. + - name: connectivity_state + type: keyword + description: Connectivity state. + - name: cookie + type: keyword + description: IKE cookie. + - name: dst_phone_number + type: keyword + description: Destination IP-Phone. + - name: email_control + type: keyword + description: Engine name. + - name: email_id + type: keyword + description: Internal email ID. + - name: email_recipients_num + type: long + description: Number of recipients. + - name: email_session_id + type: keyword + description: Internal email session ID. + - name: email_spool_id + type: keyword + description: Internal email spool ID. + - name: email_subject + type: keyword + description: Email subject. + - name: event_count + type: long + description: Number of events associated with the log. + - name: frequency + type: keyword + description: Scan frequency. + - name: icmp_type + type: long + description: ICMP type. + - name: icmp_code + type: long + description: ICMP code. + - name: identity_type + type: keyword + description: Identity type. + - name: incident_extension + type: keyword + description: Format of original data. + - name: integrity_av_invoke_type + type: keyword + description: Scan invoke type. + - name: malware_family + type: keyword + description: Malware family. + - name: peer_gateway + type: ip + description: Main IP of the peer Security Gateway. + - name: performance_impact + type: integer + description: Protection performance impact. + - name: protection_id + type: keyword + description: Protection malware ID. + - name: protection_name + type: keyword + description: Specific signature name of the attack. + - name: protection_type + type: keyword + description: Type of protection used to detect the attack. + - name: scan_result + type: keyword + description: Scan result. + - name: sensor_mode + type: keyword + description: Sensor mode. + - name: severity + type: keyword + description: Threat severity. + - name: spyware_name + type: keyword + description: Spyware name. + - name: spyware_status + type: keyword + description: Spyware status. + - name: subs_exp + type: date + description: The expiration date of the subscription. + - name: tcp_flags + type: keyword + description: TCP packet flags. + - name: termination_reason + type: keyword + description: Termination reason. + - name: update_status + type: keyword + description: Update status. + - name: user_status + type: keyword + description: User response. + - name: uuid + type: keyword + description: External ID. + - name: virus_name + type: keyword + description: Virus name. + - name: voip_log_type + type: keyword + description: VoIP log types. +- name: cef.cef.extensions + type: group + fields: + - name: cp_app_risk + type: keyword + - name: cp_severity + type: keyword + - name: ifname + type: keyword + - name: inzone + type: keyword + - name: layer_uuid + type: keyword + - name: layer_name + type: keyword + - name: logid + type: keyword + - name: loguid + type: keyword + - name: match_id + type: keyword + - name: nat_addtnl_rulenum + type: keyword + - name: nat_rulenum + type: keyword + - name: origin + type: keyword + - name: originsicname + type: keyword + - name: outzone + type: keyword + - name: parent_rule + type: keyword + - name: product + type: keyword + - name: rule_action + type: keyword + - name: rule_uid + type: keyword + - name: sequencenum + type: keyword + - name: service_id + type: keyword + - name: version + type: keyword diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/cef/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1 @@ +[] diff --git a/dev/packages/beats/cef/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/cef/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..04ba48690c8 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,29 @@ +title: CEF log logs +release: experimental +type: logs +streams: +- input: syslog + template_path: syslog.yml.hbs + title: CEF log logs (syslog) + description: Collect CEF log logs using syslog input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/cef.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cef + template_path: log.yml.hbs + title: CEF log logs (log) + description: Collect CEF log logs using log input diff --git a/dev/packages/beats/cef/0.0.1/docs/README.md b/dev/packages/beats/cef/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41.json b/dev/packages/beats/cef/0.0.1/kibana/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41.json new file mode 100644 index 00000000000..d14d69f260c --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41.json @@ -0,0 +1,322 @@ +{ + "attributes": { + "description": "Overview of Microsoft DNS activity.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 + }, + "panelIndex": "11", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "12", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 + }, + "panelIndex": "13", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "14", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "15", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 12.211180191503997, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "16", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 0, + "y": 72 + }, + "panelIndex": "17", + "panelRefName": "panel_12", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Microsoft DNS Overview", + "version": 1 + }, + "id": "56428e01-0c47-4770-8ba4-9345a029ea41", + "references": [ + { + "id": "7e2b0659-0760-4182-8b29-3ee69f26bc6f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "249e2737-b41f-4115-b303-88bc9d279655", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fcf798a8-db8f-4492-827b-8fa7581108a9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "1b9cc5b7-7747-49de-96b1-a4bc7f675716", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "26a65f68-d7a6-4b47-befc-c5a6819bb91b", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "1b521f56-8089-433f-88f7-56aba867e07d", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "581a296e-e34a-48f1-93e4-fc4bdadfc68d", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9.json b/dev/packages/beats/cef/0.0.1/kibana/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9.json new file mode 100644 index 00000000000..27d03231832 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9.json @@ -0,0 +1,387 @@ +{ + "attributes": { + "description": "Operating system activity from endpoints.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#447EBC", + "/Failure": "#E24D42", + "/Success": "#7EB26D" + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "8", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "10", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "12", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 + }, + "panelIndex": "14", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 + }, + "panelIndex": "15", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 + }, + "panelIndex": "16", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 + }, + "panelIndex": "18", + "panelRefName": "panel_14", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 + }, + "panelIndex": "19", + "panelRefName": "panel_15", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint OS Activity Dashboard", + "version": 1 + }, + "id": "9e352900-89c3-4c1b-863e-249e24d0dac9", + "references": [ + { + "id": "59ad829b-12b8-4256-95a5-e7078eda628b", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "158d809a-89db-4ffa-88a1-eb5c4bf58d50", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "77ee0e91-010b-4897-b483-7e9a907d2afe", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0f4028b2-3dc2-4cb6-80d8-285c847a02a1", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2726382e-638a-4dcc-94fc-0ffdc0f92048", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "92aecea0-a632-4a55-bb56-50e4cdaca036", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "76c088c3-486e-4420-8840-5ede667edffe", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "5f187dc8-aa7e-4f91-a2d8-1186ce254d00", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "316fdc75-7215-4c6b-8e1b-70a097b34e28", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "acc915fe-b971-4795-9040-3fbfdf62abe1", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "8cd00d20-957d-4663-be4d-ea80b1609586", + "name": "panel_15", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json b/dev/packages/beats/cef/0.0.1/kibana/dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json new file mode 100644 index 00000000000..a67a6510207 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json @@ -0,0 +1,374 @@ +{ + "attributes": { + "description": "Summary of endpoint event data.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 76 + }, + "panelIndex": "9", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 56 + }, + "panelIndex": "10", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Operating System": "#BF1B00", + "Security Mangement": "#64B0C8" + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "11", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 56 + }, + "panelIndex": "12", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#629E51", + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Log Consolidator": "#E0F9D7", + "Operating System": "#BF1B00", + "Recon": "#BF1B00", + "Security Mangement": "#64B0C8" + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "14", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "15", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 12.897489183755892, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 24, + "y": 64 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint Overview Dashboard", + "version": 1 + }, + "id": "c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", + "references": [ + { + "id": "9457ee67-895f-4b78-a543-268f9687a745", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "89998099-9a39-44cf-beba-5b97f0524cf9", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "718b074e-3dd1-4d03-ba11-7f869cdcd703", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c5120e27-1f8c-41e3-83ee-78ec4d470c2f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7454c034-c5f3-48fe-8fce-ef4385c80350", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "118af639-1f37-4541-a960-5a3ff0613e0e", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "panel_7", + "type": "search" + }, + { + "id": "74d2c072-6dfd-4249-8e63-dc7b0cf3c960", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "f57734dd-0f32-42b4-94dd-5d597f6735e1", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "295986d4-d2ea-4541-8e82-7dc95c0cd830", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "5bf6e4dc-4273-4e1e-a803-04347eebeb53", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "aaa80503-6d96-4a33-806f-b8a10aefe696", + "name": "panel_13", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619.json b/dev/packages/beats/cef/0.0.1/kibana/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619.json new file mode 100644 index 00000000000..bcb9e6c4ab1 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619.json @@ -0,0 +1,302 @@ +{ + "attributes": { + "description": "Suspicious network activity overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 32, + "x": 0, + "y": 28 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "9", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "12", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 + }, + "panelIndex": "14", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "15", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "16", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "17", + "panelRefName": "panel_11", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Suspicious Activity Dashboard", + "version": 1 + }, + "id": "db1e1aca-279e-4ecc-b84e-fe58644f7619", + "references": [ + { + "id": "fa8b26c1-6973-4381-adb3-bcde0d03a520", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f03d734b-b85c-4e99-9c0e-9c89716a81f3", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fff249b2-18b6-4b48-bcf7-dd4595d111e7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d02dd523-ce91-40e9-9209-83797f80ed45", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "589fec8c-336e-4122-8fef-a450bddf84f6", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "86bd5f13-ca6b-43fa-b209-54e7460344bb", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "1204cf27-05e0-4905-bfa1-688aaaaaa840", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "01c3618c-9962-4fe9-b9c5-f73dfecc6eba", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71.json b/dev/packages/beats/cef/0.0.1/kibana/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71.json new file mode 100644 index 00000000000..ef62c162f52 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71.json @@ -0,0 +1,419 @@ +{ + "attributes": { + "description": "Network data overview.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 68 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "11", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 32, + "x": 0, + "y": 32 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "15", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "Anti-Virus": "#EF843C", + "Content Security": "#7EB26D", + "Firewall": "#E24D42", + "Integrated Security": "#962D82", + "Network-based IDS/IPS": "#1F78C1", + "Operating System": "#1F78C1", + "VPN": "#EAB839" + } + } + }, + "gridData": { + "h": 12, + "i": "16", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "16", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 52 + }, + "panelIndex": "17", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 76 + }, + "panelIndex": "18", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 76 + }, + "panelIndex": "19", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "20", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "21", + "panelRefName": "panel_14", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.3515602939922709, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 24, + "i": "24", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "24", + "panelRefName": "panel_15", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + -0.3515602939922709, + 0 + ], + "mapZoom": 1 + }, + "gridData": { + "h": 24, + "i": "25", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "25", + "panelRefName": "panel_16", + "version": "7.3.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Overview Dashboard", + "version": 1 + }, + "id": "dd0bc9af-2e89-4150-9b42-62517ea56b71", + "references": [ + { + "id": "f5258de9-71f7-410f-b713-201007f77470", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0abfc226-535b-45a2-b534-e9bc87e5584f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a97e3628-022b-46cf-8f29-a73cf9bb4e26", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "499f50ba-2f84-4f7c-9021-73a4efc47921", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d061c7a9-7f92-4bf4-b35c-499b9f4b987a", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b1002b5c-08fc-4bbe-b9a0-6243a8637e60", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "df056709-2deb-4363-ae7a-b0148ea456c6", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "e89a64e8-928c-41fc-8745-3c8157b21cdb", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "a729c249-8d34-4eb1-bbb0-5d25cf224114", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "3c19f138-2ab3-4ecb-bb1b-86fb90158042", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "e513c269-350c-40c3-ac20-16c5782103b8", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "8f6075c5-f525-4173-92a4-3a56e96e362d", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "013ff153-7b80-490b-8fec-6e56cba785ed", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "c394e650-b16c-407c-b305-bd409d69d433", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "8b31af8b-522e-41fe-b9d6-9a3451b54108", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "4fccee0c-7193-4aa8-919f-0b0b0a16d013", + "name": "panel_16", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/search/5cede2d3-20fe-4140-add4-4c4f841b71a2.json b/dev/packages/beats/cef/0.0.1/kibana/search/5cede2d3-20fe-4140-add4-4c4f841b71a2.json new file mode 100644 index 00000000000..3781cd24b33 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/search/5cede2d3-20fe-4140-add4-4c4f841b71a2.json @@ -0,0 +1,46 @@ +{ + "attributes": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Endpoint Event Explorer [Logs CEF]", + "version": 1 + }, + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/search/68202a5c-c8f2-432f-8c08-04fbfacb95c8.json b/dev/packages/beats/cef/0.0.1/kibana/search/68202a5c-c8f2-432f-8c08-04fbfacb95c8.json new file mode 100644 index 00000000000..56a225d50d6 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/search/68202a5c-c8f2-432f-8c08-04fbfacb95c8.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "columns": [ + "priority", + "message", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.application", + "message", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "deviceAddress", + "cef.device.product", + "cef.device.vendor", + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryDeviceType" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"terms\":{\"cef.extensions.categoryDeviceGroup\":[\"/VPN\",\"/IDS/Network\",\"/Firewall\"]}}" + }, + "query": { + "terms": { + "cef.extensions.categoryDeviceGroup": [ + "/VPN", + "/IDS/Network", + "/Firewall" + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Network Events [Logs CEF]", + "version": 1 + }, + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/search/e6cf2383-71f4-4db1-a791-1a7d4f110194.json b/dev/packages/beats/cef/0.0.1/kibana/search/e6cf2383-71f4-4db1-a791-1a7d4f110194.json new file mode 100644 index 00000000000..c95e21bb201 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/search/e6cf2383-71f4-4db1-a791-1a7d4f110194.json @@ -0,0 +1,51 @@ +{ + "attributes": { + "columns": [ + "cef.device.vendor", + "cef.device.product", + "message", + "cef.device.event_class_id", + "cef.extensions.deviceEventCategory", + "source.user.name", + "destination.user.name", + "destination.domain", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "cef.extensions.sourceNtDomain", + "cef.extensions.destinationNtDomain" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Endpoint - OS Events [Logs CEF]", + "version": 1 + }, + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/search/f85a3444-8a43-4e46-b872-4e44bc25d0f3.json b/dev/packages/beats/cef/0.0.1/kibana/search/f85a3444-8a43-4e46-b872-4e44bc25d0f3.json new file mode 100644 index 00000000000..c025dc32cdb --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/search/f85a3444-8a43-4e46-b872-4e44bc25d0f3.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "columns": [ + "cef.device.vendor", + "cef.device.product", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryOutcome", + "destination.ip", + "destination.port", + "destination.domain", + "cef.device.event_class_id", + "cef.extensions.deviceCustomString1Label", + "cef.extensions.deviceCustomString1", + "cef.extensions.deviceCustomString2Label", + "cef.extensions.deviceCustomString2", + "cef.extension.cef.extension.deviceCustomString3Label", + "cef.extension.deviceCustomString3", + "cef.extension.cef.extension.deviceCustomString4Label", + "cef.extension.deviceCustomString4", + "cef.extensions.deviceEventCategory", + "event.severity", + "source.ip", + "source.port", + "network.transport", + "source.bytes", + "url.original" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "cef.device.product:\"DNS Trace Log\"" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Microsoft DNS Events [Logs CEF]", + "version": 1 + }, + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/013ff153-7b80-490b-8fec-6e56cba785ed.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/013ff153-7b80-490b-8fec-6e56cba785ed.json new file mode 100644 index 00000000000..431be7c8051 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/013ff153-7b80-490b-8fec-6e56cba785ed.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 20 Source Countries [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 20 Source Countries [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "013ff153-7b80-490b-8fec-6e56cba785ed", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json new file mode 100644 index 00000000000..162b40bd45c --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json @@ -0,0 +1,129 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Metrics Overview [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Device Metrics Overview [Logs CEF]", + "type": "metric" + } + }, + "id": "01c3618c-9962-4fe9-b9c5-f73dfecc6eba", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/0abfc226-535b-45a2-b534-e9bc87e5584f.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/0abfc226-535b-45a2-b534-e9bc87e5584f.json new file mode 100644 index 00000000000..7c85e27aacf --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/0abfc226-535b-45a2-b534-e9bc87e5584f.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Bandwidth Utilization [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Bandwidth Utilization [Logs CEF]", + "type": "metrics" + } + }, + "id": "0abfc226-535b-45a2-b534-e9bc87e5584f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json new file mode 100644 index 00000000000..2227718721e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Outcomes [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Outcomes [Logs CEF]", + "type": "metrics" + } + }, + "id": "0f4028b2-3dc2-4cb6-80d8-285c847a02a1", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/118af639-1f37-4541-a960-5a3ff0613e0e.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/118af639-1f37-4541-a960-5a3ff0613e0e.json new file mode 100644 index 00000000000..bf7639f1c64 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/118af639-1f37-4541-a960-5a3ff0613e0e.json @@ -0,0 +1,144 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes by Device Type [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "cef.extensions.categoryDeviceType: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcomes by Device Type [Logs CEF]", + "type": "histogram" + } + }, + "id": "118af639-1f37-4541-a960-5a3ff0613e0e", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/1204cf27-05e0-4905-bfa1-688aaaaaa840.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/1204cf27-05e0-4905-bfa1-688aaaaaa840.json new file mode 100644 index 00000000000..dd9facecebe --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/1204cf27-05e0-4905-bfa1-688aaaaaa840.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Ports [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Ports [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "1204cf27-05e0-4905-bfa1-688aaaaaa840", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/158d809a-89db-4ffa-88a1-eb5c4bf58d50.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/158d809a-89db-4ffa-88a1-eb5c4bf58d50.json new file mode 100644 index 00000000000..952a965afba --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/158d809a-89db-4ffa-88a1-eb5c4bf58d50.json @@ -0,0 +1,119 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Endpoint OS Metrics Overview [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "cef.extensions.categoryOutcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Endpoint OS Metrics Overview [Logs CEF]", + "type": "metric" + } + }, + "id": "158d809a-89db-4ffa-88a1-eb5c4bf58d50", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json new file mode 100644 index 00000000000..5a21fc65201 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Direction [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Direction [Logs CEF]", + "type": "metrics" + } + }, + "id": "16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/1b521f56-8089-433f-88f7-56aba867e07d.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/1b521f56-8089-433f-88f7-56aba867e07d.json new file mode 100644 index 00000000000..86eeef8373d --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/1b521f56-8089-433f-88f7-56aba867e07d.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destinations by Events [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destinations by Events [Logs CEF]", + "type": "tile_map" + } + }, + "id": "1b521f56-8089-433f-88f7-56aba867e07d", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/1b9cc5b7-7747-49de-96b1-a4bc7f675716.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/1b9cc5b7-7747-49de-96b1-a4bc7f675716.json new file mode 100644 index 00000000000..6958fcad277 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/1b9cc5b7-7747-49de-96b1-a4bc7f675716.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destinations by Size [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Destinations by Size [Logs CEF]", + "type": "table" + } + }, + "id": "1b9cc5b7-7747-49de-96b1-a4bc7f675716", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/249e2737-b41f-4115-b303-88bc9d279655.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/249e2737-b41f-4115-b303-88bc9d279655.json new file mode 100644 index 00000000000..960653f0c68 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/249e2737-b41f-4115-b303-88bc9d279655.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "DNS Metrics Overview [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "DNS Metrics Overview [Logs CEF]", + "type": "metric" + } + }, + "id": "249e2737-b41f-4115-b303-88bc9d279655", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/26a65f68-d7a6-4b47-befc-c5a6819bb91b.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/26a65f68-d7a6-4b47-befc-c5a6819bb91b.json new file mode 100644 index 00000000000..11a86e21588 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/26a65f68-d7a6-4b47-befc-c5a6819bb91b.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources by Size [Logs CEF]", + "uiStateJSON": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Sources by Size [Logs CEF]", + "type": "table" + } + }, + "id": "26a65f68-d7a6-4b47-befc-c5a6819bb91b", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/2726382e-638a-4dcc-94fc-0ffdc0f92048.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/2726382e-638a-4dcc-94fc-0ffdc0f92048.json new file mode 100644 index 00000000000..7ef5fde1462 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/2726382e-638a-4dcc-94fc-0ffdc0f92048.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 15 Event Types by Events [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 15 Event Types by Events [Logs CEF]", + "type": "table" + } + }, + "id": "2726382e-638a-4dcc-94fc-0ffdc0f92048", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/295986d4-d2ea-4541-8e82-7dc95c0cd830.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/295986d4-d2ea-4541-8e82-7dc95c0cd830.json new file mode 100644 index 00000000000..8168f224089 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/295986d4-d2ea-4541-8e82-7dc95c0cd830.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Countries by Event [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Source Countries by Event [Logs CEF]", + "type": "table" + } + }, + "id": "295986d4-d2ea-4541-8e82-7dc95c0cd830", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/316fdc75-7215-4c6b-8e1b-70a097b34e28.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/316fdc75-7215-4c6b-8e1b-70a097b34e28.json new file mode 100644 index 00000000000..ab5322dbc9b --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/316fdc75-7215-4c6b-8e1b-70a097b34e28.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources by Destinations [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom" + }, + "title": "Top 10 Sources by Destinations [Logs CEF]", + "type": "pie" + } + }, + "id": "316fdc75-7215-4c6b-8e1b-70a097b34e28", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json new file mode 100644 index 00000000000..5cc71299e26 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Network - Event Throughput [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Network - Event Throughput [Logs CEF]", + "type": "metrics" + } + }, + "id": "33747d52-ec4c-4d91-86d8-fbdf9b9c82db", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/3c19f138-2ab3-4ecb-bb1b-86fb90158042.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/3c19f138-2ab3-4ecb-bb1b-86fb90158042.json new file mode 100644 index 00000000000..9a233f511f8 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/3c19f138-2ab3-4ecb-bb1b-86fb90158042.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Type Breakdown [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Device Type Breakdown [Logs CEF]", + "type": "pie" + } + }, + "id": "3c19f138-2ab3-4ecb-bb1b-86fb90158042", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/499f50ba-2f84-4f7c-9021-73a4efc47921.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/499f50ba-2f84-4f7c-9021-73a4efc47921.json new file mode 100644 index 00000000000..85f2bc617a0 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/499f50ba-2f84-4f7c-9021-73a4efc47921.json @@ -0,0 +1,168 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Outcome [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Outcome [Logs CEF]", + "type": "metrics" + } + }, + "id": "499f50ba-2f84-4f7c-9021-73a4efc47921", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json new file mode 100644 index 00000000000..bb01daf2991 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destinations [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destinations [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json new file mode 100644 index 00000000000..4a53fb3d92f --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Sources [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Sources [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/4fccee0c-7193-4aa8-919f-0b0b0a16d013.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/4fccee0c-7193-4aa8-919f-0b0b0a16d013.json new file mode 100644 index 00000000000..31f6af36082 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/4fccee0c-7193-4aa8-919f-0b0b0a16d013.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Source Locations by Events [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Source Location", + "field": "source.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Source Locations by Events [Logs CEF]", + "type": "tile_map" + } + }, + "id": "4fccee0c-7193-4aa8-919f-0b0b0a16d013", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json new file mode 100644 index 00000000000..730c4b924fe --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json @@ -0,0 +1,125 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destinations by Traffic Size [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top Destinations by Traffic Size [Logs CEF]", + "type": "heatmap" + } + }, + "id": "566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/581a296e-e34a-48f1-93e4-fc4bdadfc68d.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/581a296e-e34a-48f1-93e4-fc4bdadfc68d.json new file mode 100644 index 00000000000..2047eb89d4f --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/581a296e-e34a-48f1-93e4-fc4bdadfc68d.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Sources by Events [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Sources by Events [Logs CEF]", + "type": "tile_map" + } + }, + "id": "581a296e-e34a-48f1-93e4-fc4bdadfc68d", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/589fec8c-336e-4122-8fef-a450bddf84f6.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/589fec8c-336e-4122-8fef-a450bddf84f6.json new file mode 100644 index 00000000000..0aab7349a21 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/589fec8c-336e-4122-8fef-a450bddf84f6.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Addresses [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Source Addresses [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "589fec8c-336e-4122-8fef-a450bddf84f6", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/59ad829b-12b8-4256-95a5-e7078eda628b.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/59ad829b-12b8-4256-95a5-e7078eda628b.json new file mode 100644 index 00000000000..aa65cb42641 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/59ad829b-12b8-4256-95a5-e7078eda628b.json @@ -0,0 +1,195 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Source Users by Event Type and Destination Users [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Source Users by Event Type and Destination Users [Logs CEF]", + "type": "histogram" + } + }, + "id": "59ad829b-12b8-4256-95a5-e7078eda628b", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/5bf6e4dc-4273-4e1e-a803-04347eebeb53.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/5bf6e4dc-4273-4e1e-a803-04347eebeb53.json new file mode 100644 index 00000000000..e73e9e5cbb0 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/5bf6e4dc-4273-4e1e-a803-04347eebeb53.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes by User Names [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#64B0C8", + "Anti-Virus": "#B7DBAB", + "Host-based IDS/IPS": "#629E51", + "Log Consolidator": "#E0F9D7", + "Operating System": "#3F6833", + "Recon": "#BF1B00", + "Security Mangement": "#CFFAFF" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Outcomes by User Names [Logs CEF]", + "type": "pie" + } + }, + "id": "5bf6e4dc-4273-4e1e-a803-04347eebeb53", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json new file mode 100644 index 00000000000..69614d2b0e1 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json @@ -0,0 +1,197 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Events by Source and Destination Users [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Events by Source and Destination Users [Logs CEF]", + "type": "histogram" + } + }, + "id": "5f187dc8-aa7e-4f91-a2d8-1186ce254d00", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json new file mode 100644 index 00000000000..50eb0f3097e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Users by Destination Users [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom" + }, + "title": "Top 10 Source Users by Destination Users [Logs CEF]", + "type": "pie" + } + }, + "id": "6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/677891a1-90c4-4273-b126-f0e54689bd76.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/677891a1-90c4-4273-b126-f0e54689bd76.json new file mode 100644 index 00000000000..e181641cbe9 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/677891a1-90c4-4273-b126-f0e54689bd76.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Logs CEF]", + "type": "markdown" + } + }, + "id": "677891a1-90c4-4273-b126-f0e54689bd76", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/718b074e-3dd1-4d03-ba11-7f869cdcd703.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/718b074e-3dd1-4d03-ba11-7f869cdcd703.json new file mode 100644 index 00000000000..9adf4d7fcc4 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/718b074e-3dd1-4d03-ba11-7f869cdcd703.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Device [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Device [Logs CEF]", + "type": "metrics" + } + }, + "id": "718b074e-3dd1-4d03-ba11-7f869cdcd703", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/7454c034-c5f3-48fe-8fce-ef4385c80350.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/7454c034-c5f3-48fe-8fce-ef4385c80350.json new file mode 100644 index 00000000000..bb0ebbf3644 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/7454c034-c5f3-48fe-8fce-ef4385c80350.json @@ -0,0 +1,129 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Endpoint Metrics Overview [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Endpoint Metrics Overview [Logs CEF]", + "type": "metric" + } + }, + "id": "7454c034-c5f3-48fe-8fce-ef4385c80350", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json new file mode 100644 index 00000000000..7cf720708ad --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Source Countries [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 5 Source Countries [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "74d2c072-6dfd-4249-8e63-dc7b0cf3c960", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json new file mode 100644 index 00000000000..592bb98a8d6 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Event Types [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 10 Event Types [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/76c088c3-486e-4420-8840-5ede667edffe.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/76c088c3-486e-4420-8840-5ede667edffe.json new file mode 100644 index 00000000000..3d229177d22 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/76c088c3-486e-4420-8840-5ede667edffe.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Endpoint - OS Average EPS [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Endpoint - OS Average EPS [Logs CEF]", + "type": "metrics" + } + }, + "id": "76c088c3-486e-4420-8840-5ede667edffe", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/77ee0e91-010b-4897-b483-7e9a907d2afe.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/77ee0e91-010b-4897-b483-7e9a907d2afe.json new file mode 100644 index 00000000000..3f1d95008e4 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/77ee0e91-010b-4897-b483-7e9a907d2afe.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Behaviors by Outcome [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top 10 Behaviors by Outcome [Logs CEF]", + "type": "heatmap" + } + }, + "id": "77ee0e91-010b-4897-b483-7e9a907d2afe", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/7e2b0659-0760-4182-8b29-3ee69f26bc6f.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/7e2b0659-0760-4182-8b29-3ee69f26bc6f.json new file mode 100644 index 00000000000..ede431cc8fe --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/7e2b0659-0760-4182-8b29-3ee69f26bc6f.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "DNS - Event Throughput [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "DNS - Event Throughput [Logs CEF]", + "type": "metrics" + } + }, + "id": "7e2b0659-0760-4182-8b29-3ee69f26bc6f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json new file mode 100644 index 00000000000..ad6915728bb --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Sources by Destination Addresses [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Sources by Destination Addresses [Logs CEF]", + "type": "table" + } + }, + "id": "82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/86bd5f13-ca6b-43fa-b209-54e7460344bb.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/86bd5f13-ca6b-43fa-b209-54e7460344bb.json new file mode 100644 index 00000000000..c91b4d57297 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/86bd5f13-ca6b-43fa-b209-54e7460344bb.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Addresses [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Addresses [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "86bd5f13-ca6b-43fa-b209-54e7460344bb", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/89998099-9a39-44cf-beba-5b97f0524cf9.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/89998099-9a39-44cf-beba-5b97f0524cf9.json new file mode 100644 index 00000000000..876e3ca398d --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/89998099-9a39-44cf-beba-5b97f0524cf9.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcomes Breakdown [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Attempt": "#3F2B5B", + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcomes Breakdown [Logs CEF]", + "type": "area" + } + }, + "id": "89998099-9a39-44cf-beba-5b97f0524cf9", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/8b31af8b-522e-41fe-b9d6-9a3451b54108.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/8b31af8b-522e-41fe-b9d6-9a3451b54108.json new file mode 100644 index 00000000000..e9202ab279c --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/8b31af8b-522e-41fe-b9d6-9a3451b54108.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination Locations by Events [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Destination Location", + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destination Locations by Events [Logs CEF]", + "type": "tile_map" + } + }, + "id": "8b31af8b-522e-41fe-b9d6-9a3451b54108", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/8cd00d20-957d-4663-be4d-ea80b1609586.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/8cd00d20-957d-4663-be4d-ea80b1609586.json new file mode 100644 index 00000000000..ee3c19d34fc --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/8cd00d20-957d-4663-be4d-ea80b1609586.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Users [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Source Users [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "8cd00d20-957d-4663-be4d-ea80b1609586", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/8f6075c5-f525-4173-92a4-3a56e96e362d.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/8f6075c5-f525-4173-92a4-3a56e96e362d.json new file mode 100644 index 00000000000..bfa3a35b594 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/8f6075c5-f525-4173-92a4-3a56e96e362d.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Source Countries by Events [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Source Countries by Events [Logs CEF]", + "type": "table" + } + }, + "id": "8f6075c5-f525-4173-92a4-3a56e96e362d", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/92aecea0-a632-4a55-bb56-50e4cdaca036.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/92aecea0-a632-4a55-bb56-50e4cdaca036.json new file mode 100644 index 00000000000..641aa2d2ffb --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/92aecea0-a632-4a55-bb56-50e4cdaca036.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Vendors by Product [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Top 5 Vendors by Product [Logs CEF]", + "type": "pie" + } + }, + "id": "92aecea0-a632-4a55-bb56-50e4cdaca036", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/9457ee67-895f-4b78-a543-268f9687a745.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/9457ee67-895f-4b78-a543-268f9687a745.json new file mode 100644 index 00000000000..e3cd06b6ccd --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/9457ee67-895f-4b78-a543-268f9687a745.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Endpoint Average EPS [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Endpoint Average EPS [Logs CEF]", + "type": "metrics" + } + }, + "id": "9457ee67-895f-4b78-a543-268f9687a745", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json new file mode 100644 index 00000000000..0bbbda7f17e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Severity [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Events by Severity [Logs CEF]", + "type": "metrics" + } + }, + "id": "9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/a729c249-8d34-4eb1-bbb0-5d25cf224114.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/a729c249-8d34-4eb1-bbb0-5d25cf224114.json new file mode 100644 index 00000000000..32033ad7062 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/a729c249-8d34-4eb1-bbb0-5d25cf224114.json @@ -0,0 +1,103 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Devices by Outcome [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Top 10 Devices by Outcome [Logs CEF]", + "type": "heatmap" + } + }, + "id": "a729c249-8d34-4eb1-bbb0-5d25cf224114", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/a97e3628-022b-46cf-8f29-a73cf9bb4e26.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/a97e3628-022b-46cf-8f29-a73cf9bb4e26.json new file mode 100644 index 00000000000..b02979ae869 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/a97e3628-022b-46cf-8f29-a73cf9bb4e26.json @@ -0,0 +1,167 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Source [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Source [Logs CEF]", + "type": "metrics" + } + }, + "id": "a97e3628-022b-46cf-8f29-a73cf9bb4e26", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/aaa80503-6d96-4a33-806f-b8a10aefe696.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/aaa80503-6d96-4a33-806f-b8a10aefe696.json new file mode 100644 index 00000000000..afb831f32c4 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/aaa80503-6d96-4a33-806f-b8a10aefe696.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination Locations by Event [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 0, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Top Destination Locations by Event [Logs CEF]", + "type": "tile_map" + } + }, + "id": "aaa80503-6d96-4a33-806f-b8a10aefe696", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/acc915fe-b971-4795-9040-3fbfdf62abe1.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/acc915fe-b971-4795-9040-3fbfdf62abe1.json new file mode 100644 index 00000000000..10d462a0e16 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/acc915fe-b971-4795-9040-3fbfdf62abe1.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Users [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Users [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "acc915fe-b971-4795-9040-3fbfdf62abe1", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json new file mode 100644 index 00000000000..febf78c0058 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Device Type [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcome by Device Type [Logs CEF]", + "type": "histogram" + } + }, + "id": "b1002b5c-08fc-4bbe-b9a0-6243a8637e60", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/c394e650-b16c-407c-b305-bd409d69d433.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/c394e650-b16c-407c-b305-bd409d69d433.json new file mode 100644 index 00000000000..7613881ef18 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/c394e650-b16c-407c-b305-bd409d69d433.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": " Dashboard Navigation [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "title": " Dashboard Navigation [Logs CEF]", + "type": "markdown" + } + }, + "id": "c394e650-b16c-407c-b305-bd409d69d433", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json new file mode 100644 index 00000000000..14aa586ac7e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Destination Port [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "Top 10 Destination Port [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "c5120e27-1f8c-41e3-83ee-78ec4d470c2f", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/d02dd523-ce91-40e9-9209-83797f80ed45.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/d02dd523-ce91-40e9-9209-83797f80ed45.json new file mode 100644 index 00000000000..3c9b7aef337 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/d02dd523-ce91-40e9-9209-83797f80ed45.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Source Addresses [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Source Addresses [Logs CEF]", + "type": "metrics" + } + }, + "id": "d02dd523-ce91-40e9-9209-83797f80ed45", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json new file mode 100644 index 00000000000..5ea6f1d4eed --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json @@ -0,0 +1,129 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Metrics Overview [Logs CEF]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Device Metrics Overview [Logs CEF]", + "type": "metric" + } + }, + "id": "d061c7a9-7f92-4bf4-b35c-499b9f4b987a", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/df056709-2deb-4363-ae7a-b0148ea456c6.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/df056709-2deb-4363-ae7a-b0148ea456c6.json new file mode 100644 index 00000000000..9901c4e8349 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/df056709-2deb-4363-ae7a-b0148ea456c6.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Ports by Outcome [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Destination Ports by Outcome [Logs CEF]", + "type": "histogram" + } + }, + "id": "df056709-2deb-4363-ae7a-b0148ea456c6", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json new file mode 100644 index 00000000000..96eb6fc339b --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 20 Behaviors by Outcome [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Top 20 Behaviors by Outcome [Logs CEF]", + "type": "pie" + } + }, + "id": "e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", + "references": [ + { + "id": "e6cf2383-71f4-4db1-a791-1a7d4f110194", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/e513c269-350c-40c3-ac20-16c5782103b8.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/e513c269-350c-40c3-ac20-16c5782103b8.json new file mode 100644 index 00000000000..5da0f1cfb93 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/e513c269-350c-40c3-ac20-16c5782103b8.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Device Types [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Device Types [Logs CEF]", + "type": "metrics" + } + }, + "id": "e513c269-350c-40c3-ac20-16c5782103b8", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/e89a64e8-928c-41fc-8745-3c8157b21cdb.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/e89a64e8-928c-41fc-8745-3c8157b21cdb.json new file mode 100644 index 00000000000..ee631745c20 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/e89a64e8-928c-41fc-8745-3c8157b21cdb.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Devices by Bandwidth [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 10 Devices by Bandwidth [Logs CEF]", + "type": "table" + } + }, + "id": "e89a64e8-928c-41fc-8745-3c8157b21cdb", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/f03d734b-b85c-4e99-9c0e-9c89716a81f3.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/f03d734b-b85c-4e99-9c0e-9c89716a81f3.json new file mode 100644 index 00000000000..92ddd33b180 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/f03d734b-b85c-4e99-9c0e-9c89716a81f3.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 5 Sources by Destination Ports [Logs CEF]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Sources by Destination Ports [Logs CEF]", + "type": "table" + } + }, + "id": "f03d734b-b85c-4e99-9c0e-9c89716a81f3", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json new file mode 100644 index 00000000000..24ea134ddd0 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events Types by Severity [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events Types by Severity [Logs CEF]", + "type": "metrics" + } + }, + "id": "f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json new file mode 100644 index 00000000000..0ecb9b6e1a7 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Events by Size [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Events by Size [Logs CEF]", + "type": "metrics" + } + }, + "id": "f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/f5258de9-71f7-410f-b713-201007f77470.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/f5258de9-71f7-410f-b713-201007f77470.json new file mode 100644 index 00000000000..4b86a74a382 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/f5258de9-71f7-410f-b713-201007f77470.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top 10 Application Protocols [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "scale": "square root" + }, + "title": "Top 10 Application Protocols [Logs CEF]", + "type": "tagcloud" + } + }, + "id": "f5258de9-71f7-410f-b713-201007f77470", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/f57734dd-0f32-42b4-94dd-5d597f6735e1.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/f57734dd-0f32-42b4-94dd-5d597f6735e1.json new file mode 100644 index 00000000000..ebe9384af11 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/f57734dd-0f32-42b4-94dd-5d597f6735e1.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Device Types by Vendor [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "exclude": "", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "Device Types by Vendor [Logs CEF]", + "type": "pie" + } + }, + "id": "f57734dd-0f32-42b4-94dd-5d597f6735e1", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/fa8b26c1-6973-4381-adb3-bcde0d03a520.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/fa8b26c1-6973-4381-adb3-bcde0d03a520.json new file mode 100644 index 00000000000..f396a3601b4 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/fa8b26c1-6973-4381-adb3-bcde0d03a520.json @@ -0,0 +1,174 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Unique Destinations and Ports by Source [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "title": "Unique Destinations and Ports by Source [Logs CEF]", + "type": "histogram" + } + }, + "id": "fa8b26c1-6973-4381-adb3-bcde0d03a520", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/fcf798a8-db8f-4492-827b-8fa7581108a9.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/fcf798a8-db8f-4492-827b-8fa7581108a9.json new file mode 100644 index 00000000000..a58ae85d828 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/fcf798a8-db8f-4492-827b-8fa7581108a9.json @@ -0,0 +1,174 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Event Types by Size [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "title": "Event Types by Size [Logs CEF]", + "type": "histogram" + } + }, + "id": "fcf798a8-db8f-4492-827b-8fa7581108a9", + "references": [ + { + "id": "f85a3444-8a43-4e46-b872-4e44bc25d0f3", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json new file mode 100644 index 00000000000..04c877b5d6e --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json @@ -0,0 +1,137 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Ports by Outcomes [Logs CEF]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Destination Ports by Outcomes [Logs CEF]", + "type": "histogram" + } + }, + "id": "fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", + "references": [ + { + "id": "5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/kibana/visualization/fff249b2-18b6-4b48-bcf7-dd4595d111e7.json b/dev/packages/beats/cef/0.0.1/kibana/visualization/fff249b2-18b6-4b48-bcf7-dd4595d111e7.json new file mode 100644 index 00000000000..72f998103d8 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/kibana/visualization/fff249b2-18b6-4b48-bcf7-dd4595d111e7.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Device Type [Logs CEF]", + "uiStateJSON": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "Outcome by Device Type [Logs CEF]", + "type": "histogram" + } + }, + "id": "fff249b2-18b6-4b48-bcf7-dd4595d111e7", + "references": [ + { + "id": "68202a5c-c8f2-432f-8c08-04fbfacb95c8", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cef/0.0.1/manifest.yml b/dev/packages/beats/cef/0.0.1/manifest.yml new file mode 100644 index 00000000000..f8a632b9aa9 --- /dev/null +++ b/dev/packages/beats/cef/0.0.1/manifest.yml @@ -0,0 +1,24 @@ +format_version: 1.0.0 +name: cef +title: CEF +version: 0.0.1 +license: basic +description: CEF Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +datasources: +- name: cef + title: CEF logs + description: Collect logs from CEF instances + inputs: + - type: logs + title: Collect logs from CEF instances + description: Collecting CEF log logs diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..434caec71df --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["cluster_disk"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/fields.yml new file mode 100644 index 00000000000..c94a1470487 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/fields.yml @@ -0,0 +1,19 @@ +- name: ceph.cluster_disk + type: group + release: ga + fields: + - name: available.bytes + type: long + format: bytes + description: | + Available bytes of the cluster + - name: total.bytes + type: long + format: bytes + description: | + Total bytes of the cluster + - name: used.bytes + type: long + format: bytes + description: | + Used bytes of the cluster diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/manifest.yml new file mode 100644 index 00000000000..3d1473818dc --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_disk/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph cluster_disk metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5000 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph cluster_disk metrics + description: Collect Ceph cluster_disk metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1b26e12a76d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["cluster_health"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/fields.yml new file mode 100644 index 00000000000..25b3a5fc17f --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/fields.yml @@ -0,0 +1,20 @@ +- name: ceph.cluster_health + type: group + release: ga + fields: + - name: overall_status + type: keyword + description: | + Overall status of the cluster + - name: timechecks.epoch + type: long + description: | + Map version + - name: timechecks.round.value + type: long + description: | + timecheck round + - name: timechecks.round.status + type: keyword + description: | + Status of the round diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/manifest.yml new file mode 100644 index 00000000000..f779410a3cc --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_health/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph cluster_health metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5000 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph cluster_health metrics + description: Collect Ceph cluster_health metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d6f039e1734 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["cluster_status"] diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/fields.yml new file mode 100644 index 00000000000..2b1f13657be --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/fields.yml @@ -0,0 +1,112 @@ +- name: ceph.cluster_status + type: group + release: ga + fields: + - name: version + type: long + description: | + Ceph Status version + - name: traffic.read_bytes + type: long + format: bytes + description: | + Cluster read throughput per second + - name: traffic.write_bytes + type: long + format: bytes + description: | + Cluster write throughput per second + - name: traffic.read_op_per_sec + type: long + description: | + Cluster read iops per second + - name: traffic.write_op_per_sec + type: long + description: | + Cluster write iops per second + - name: misplace.total + type: long + description: | + Cluster misplace pg number + - name: misplace.objects + type: long + description: | + Cluster misplace objects number + - name: misplace.ratio + type: scaled_float + format: percent + description: | + Cluster misplace ratio + - name: degraded.total + type: long + description: | + Cluster degraded pg number + - name: degraded.objects + type: long + description: | + Cluster degraded objects number + - name: degraded.ratio + type: scaled_float + format: percent + description: | + Cluster degraded ratio + - name: pg.data_bytes + type: long + format: bytes + description: | + Cluster pg data bytes + - name: pg.avail_bytes + type: long + format: bytes + description: | + Cluster available bytes + - name: pg.total_bytes + type: long + format: bytes + description: | + Cluster total bytes + - name: pg.used_bytes + type: long + format: bytes + description: | + Cluster used bytes + - name: pg_state.state_name + type: long + description: | + Pg state description + - name: pg_state.count + type: long + description: | + Shows how many pgs are in state of pg_state.state_name + - name: pg_state.version + type: long + description: | + Cluster status version + - name: osd.full + type: boolean + description: | + Is osd full + - name: osd.nearfull + type: boolean + description: | + Is osd near full + - name: osd.num_osds + type: long + description: | + Shows how many osds in the cluster + - name: osd.num_up_osds + type: long + description: | + Shows how many osds are on the state of UP + - name: osd.num_in_osds + type: long + description: | + Shows how many osds are on the state of IN + - name: osd.num_remapped_pgs + type: long + description: | + Shows how many osds are on the state of REMAPPED + - name: osd.epoch + type: long + description: | + epoch number diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/manifest.yml new file mode 100644 index 00000000000..dfa6d19807f --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/cluster_status/manifest.yml @@ -0,0 +1,7 @@ +title: Ceph cluster_status metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + title: Ceph cluster_status metrics + description: Collect Ceph cluster_status metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d6bfddbf431 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_cluster_disk"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/fields.yml new file mode 100644 index 00000000000..0f236715254 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/fields.yml @@ -0,0 +1,3 @@ +- name: ceph.mgr_cluster_disk + type: group + release: beta diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/manifest.yml new file mode 100644 index 00000000000..439bfdedd2f --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_disk/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_cluster_disk metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Ceph mgr_cluster_disk metrics + description: Collect Ceph mgr_cluster_disk metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..09df4155e7e --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_cluster_health"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/fields.yml new file mode 100644 index 00000000000..29510e3d7c7 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/fields.yml @@ -0,0 +1,3 @@ +- name: ceph.mgr_cluster_health + type: group + release: beta diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/manifest.yml new file mode 100644 index 00000000000..999ba4ce4f3 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_cluster_health/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_cluster_health metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph mgr_cluster_health metrics + description: Collect Ceph mgr_cluster_health metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..147500ce8c3 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_osd_perf"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/fields.yml new file mode 100644 index 00000000000..75495f6f64d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/fields.yml @@ -0,0 +1,19 @@ +- name: ceph.mgr_osd_perf + type: group + release: beta + fields: + - name: id + type: long + description: OSD ID + - name: stats.commit_latency_ms + type: long + description: Commit latency in ms + - name: stats.apply_latency_ms + type: long + description: Apply latency in ms + - name: stats.commit_latency_ns + type: long + description: Commit latency in ns + - name: stats.apply_latency_ns + type: long + description: Apply latency in ns diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/manifest.yml new file mode 100644 index 00000000000..833344d3be0 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_perf/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_osd_perf metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Ceph mgr_osd_perf metrics + description: Collect Ceph mgr_osd_perf metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5bb5da5a2fa --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_osd_pool_stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml new file mode 100644 index 00000000000..6a40bf2eb5c --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml @@ -0,0 +1,22 @@ +- name: ceph.mgr_osd_pool_stats + type: group + release: beta + fields: + - name: pool_name + type: keyword + description: Pool name + - name: pool_id + type: long + description: Pool ID + - name: client_io_rate + type: object + description: Client I/O rates + fields: + - name: read_bytes_sec + type: long + - name: write_bytes_sec + type: long + - name: read_op_per_sec + type: long + - name: write_op_per_sec + type: long diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/manifest.yml new file mode 100644 index 00000000000..ec188d4921a --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_pool_stats/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_osd_pool_stats metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Ceph mgr_osd_pool_stats metrics + description: Collect Ceph mgr_osd_pool_stats metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d49fa593351 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_osd_tree"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/fields.yml new file mode 100644 index 00000000000..0492fbf414d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/fields.yml @@ -0,0 +1,3 @@ +- name: ceph.mgr_osd_tree + type: group + release: beta diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/manifest.yml new file mode 100644 index 00000000000..6558e3e2484 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_osd_tree/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_osd_tree metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Ceph mgr_osd_tree metrics + description: Collect Ceph mgr_osd_tree metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9571ee1eb59 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mgr_pool_disk"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/fields.yml new file mode 100644 index 00000000000..f9ba2fccd39 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/fields.yml @@ -0,0 +1,3 @@ +- name: ceph.mgr_pool_disk + type: group + release: beta diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/manifest.yml new file mode 100644 index 00000000000..32cd367336b --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/mgr_pool_disk/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph mgr_pool_disk metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost:8003 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Ceph mgr_pool_disk metrics + description: Collect Ceph mgr_pool_disk metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c025f9e89b5 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["monitor_health"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/fields.yml new file mode 100644 index 00000000000..cdc7b0c28fd --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/fields.yml @@ -0,0 +1,56 @@ +- name: ceph.monitor_health + type: group + release: ga + fields: + - name: available.pct + type: long + description: | + Available percent of the MON + - name: health + type: keyword + description: | + Health of the MON + - name: available.kb + type: long + description: | + Available KB of the MON + - name: total.kb + type: long + description: | + Total KB of the MON + - name: used.kb + type: long + description: | + Used KB of the MON + - name: last_updated + type: date + description: | + Time when was updated + - name: name + type: keyword + description: | + Name of the MON + - name: store_stats.log.bytes + type: long + format: bytes + description: | + Log bytes of MON + - name: store_stats.misc.bytes + type: long + format: bytes + description: | + Misc bytes of MON + - name: store_stats.sst.bytes + type: long + format: bytes + description: | + SST bytes of MON + - name: store_stats.total.bytes + type: long + format: bytes + description: | + Total bytes of MON + - name: store_stats.last_updated + type: long + description: | + Last updated diff --git a/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/manifest.yml new file mode 100644 index 00000000000..7b0708b83cf --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/monitor_health/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph monitor_health metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5000 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph monitor_health metrics + description: Collect Ceph monitor_health metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_df/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..fb708e0d192 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["osd_df"] diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/fields.yml new file mode 100644 index 00000000000..1c130f242a1 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/fields.yml @@ -0,0 +1,40 @@ +- name: ceph.osd_df + type: group + release: ga + fields: + - name: id + type: long + description: | + osd node id + - name: name + type: keyword + description: | + osd node name + - name: device_class + type: keyword + description: | + osd node type, illegal type include hdd, ssd etc. + - name: total.byte + type: long + format: bytes + description: | + osd disk total volume + - name: used.byte + type: long + format: bytes + description: | + osd disk usage volume + - name: available.bytes + type: long + format: bytes + description: | + osd disk available volume + - name: pg_num + type: long + description: | + shows how many pg located on this osd + - name: used.pct + type: scaled_float + format: percent + description: | + osd disk usage percentage diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_df/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/manifest.yml new file mode 100644 index 00000000000..72f003f93c5 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_df/manifest.yml @@ -0,0 +1,7 @@ +title: Ceph osd_df metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + title: Ceph osd_df metrics + description: Collect Ceph osd_df metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..084000d53d4 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["osd_tree"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/fields.yml new file mode 100644 index 00000000000..566906ae58c --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/fields.yml @@ -0,0 +1,56 @@ +- name: ceph.osd_tree + type: group + release: ga + fields: + - name: id + type: long + description: | + osd or bucket node id + - name: name + type: keyword + description: | + osd or bucket node name + - name: type + type: keyword + description: | + osd or bucket node type, illegal type include osd, host, root etc. + - name: type_id + type: long + description: | + osd or bucket node typeID + - name: children + type: keyword + description: | + bucket children list, separated by comma. + - name: crush_weight + type: float + description: | + osd node crush weight + - name: depth + type: long + description: | + node depth + - name: exists + type: boolean + description: | + is node still exist or not(1-yes, 0-no) + - name: primary_affinity + type: float + description: | + the weight of reading data from primary osd + - name: reweight + type: long + description: | + the reweight of osd + - name: status + type: keyword + description: | + status of osd, it should be up or down + - name: device_class + type: keyword + description: | + the device class of osd, like hdd, ssd etc. + - name: father + type: keyword + description: | + the parent node of this osd or bucket node diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/manifest.yml new file mode 100644 index 00000000000..b7e504e009e --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/osd_tree/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph osd_tree metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5000 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph osd_tree metrics + description: Collect Ceph osd_tree metrics diff --git a/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/agent/stream/stream.yml.hbs b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ea5a31b224e --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["pool_disk"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/fields.yml new file mode 100644 index 00000000000..62b7a449127 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/fields.yml @@ -0,0 +1,30 @@ +- name: ceph.pool_disk + type: group + release: ga + fields: + - name: id + type: long + description: | + Id of the pool + - name: name + type: keyword + description: | + Name of the pool + - name: stats.available.bytes + type: long + format: bytes + description: | + Available bytes of the pool + - name: stats.objects + type: long + description: | + Number of objects of the pool + - name: stats.used.bytes + type: long + format: bytes + description: | + Used bytes of the pool + - name: stats.used.kb + type: long + description: | + Used kb of the pool diff --git a/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/package-fields.yml b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/package-fields.yml new file mode 100644 index 00000000000..369464b4c1d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ceph + type: group diff --git a/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/manifest.yml b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/manifest.yml new file mode 100644 index 00000000000..603922b02e5 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/dataset/pool_disk/manifest.yml @@ -0,0 +1,23 @@ +title: Ceph pool_disk metrics +release: experimental +type: metrics +streams: +- input: ceph/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5000 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Ceph pool_disk metrics + description: Collect Ceph pool_disk metrics diff --git a/dev/packages/beats/ceph/0.0.1/docs/README.md b/dev/packages/beats/ceph/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/img/ceph-overview-dashboard.png b/dev/packages/beats/ceph/0.0.1/img/ceph-overview-dashboard.png new file mode 100644 index 00000000000..bc1abf7ecc9 Binary files /dev/null and b/dev/packages/beats/ceph/0.0.1/img/ceph-overview-dashboard.png differ diff --git a/dev/packages/beats/ceph/0.0.1/img/logo_ceph.svg b/dev/packages/beats/ceph/0.0.1/img/logo_ceph.svg new file mode 100644 index 00000000000..2a5b4111d93 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/img/logo_ceph.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/ceph/0.0.1/kibana/dashboard/c93f2c30-b473-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/dashboard/c93f2c30-b473-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..188438c9c46 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/dashboard/c93f2c30-b473-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,142 @@ +{ + "attributes": { + "description": "This Ceph dashboard that shows the most important cluster metrics.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Cluster Disk Stats", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "2", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Throughput", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "3", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "IOPS", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 6, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "OSD Disk Usage", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 5, + "x": 0, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Pools", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 19, + "x": 5, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Pool Objects", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Ceph] Cluster Overview", + "version": 1 + }, + "id": "c93f2c30-b473-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "054a0900-b467-11e9-a579-f5c0a5d81340", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "88d48440-b46b-11e9-a579-f5c0a5d81340", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "346d00d0-b46b-11e9-a579-f5c0a5d81340", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "13efa190-b46c-11e9-a579-f5c0a5d81340", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "393df790-b470-11e9-a579-f5c0a5d81340", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "aa9c2f10-b470-11e9-a579-f5c0a5d81340", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/054a0900-b467-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/054a0900-b467-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..98340820780 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/054a0900-b467-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,119 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cluster Disk Stats [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "bd70f9c0-b472-11e9-ba7f-f52449624592" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "7b71f300-b466-11e9-841e-0ddf9a697c96", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": "0", + "formatter": "bytes", + "hide_in_legend": 0, + "id": "7b71f301-b466-11e9-841e-0ddf9a697c96", + "label": "total", + "line_width": "1", + "metrics": [ + { + "field": "ceph.cluster_disk.total.bytes", + "id": "7b71f302-b466-11e9-841e-0ddf9a697c96", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0.2", + "formatter": "bytes", + "id": "7b71f303-b466-11e9-841e-0ddf9a697c96", + "label": "available", + "line_width": "1", + "metrics": [ + { + "field": "ceph.cluster_disk.available.bytes", + "id": "7b71f304-b466-11e9-841e-0ddf9a697c96", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "64f99360-b472-11e9-ba7f-f52449624592", + "label": "used", + "line_width": 1, + "metrics": [ + { + "field": "ceph.cluster_disk.used.bytes", + "id": "64f99361-b472-11e9-ba7f-f52449624592", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Cluster Disk Stats [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "054a0900-b467-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/13efa190-b46c-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/13efa190-b46c-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..a355be496ef --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/13efa190-b46c-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "OSD Disk Usage [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "gauge": "rgba(226,115,0,1)", + "id": "e681d700-b46b-11e9-9bdc-15c69a730d82", + "operator": "gte", + "value": 70 + }, + { + "gauge": "rgba(247,58,26,1)", + "id": "61b552b0-b513-11e9-81ce-0379c4621e40", + "value": 90 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "e17a9bc0-b46b-11e9-9a02-5de45d117640", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0, + "formatter": "percent", + "id": "e17a9bc1-b46b-11e9-9a02-5de45d117640", + "label": "OSD disk usage", + "line_width": 2, + "metrics": [ + { + "field": "ceph.osd_df.used.pct", + "id": "e17a9bc2-b46b-11e9-9a02-5de45d117640", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "OSD Disk Usage [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "13efa190-b46c-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/346d00d0-b46b-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/346d00d0-b46b-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..4069c556f42 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/346d00d0-b46b-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "IOPS [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "0fc1f2e0-b46b-11e9-9488-8bde5ab143f4", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "0fc1f2e1-b46b-11e9-9488-8bde5ab143f4", + "label": "read", + "line_width": 2, + "metrics": [ + { + "field": "ceph.cluster_status.traffic.read_op_per_sec", + "id": "0fc1f2e2-b46b-11e9-9488-8bde5ab143f4", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "0fc1f2e3-b46b-11e9-9488-8bde5ab143f4", + "label": "write", + "line_width": 2, + "metrics": [ + { + "field": "ceph.cluster_status.traffic.write_op_per_sec", + "id": "0fc1f2e4-b46b-11e9-9488-8bde5ab143f4", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "IOPS [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "346d00d0-b46b-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/393df790-b470-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/393df790-b470-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..49be7a2043f --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/393df790-b470-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Pools [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e96942b0-b46f-11e9-aefa-c791377b99c3" + } + ], + "bar_color_rules": [ + { + "id": "21aaa880-b470-11e9-aefa-c791377b99c3" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "20eadaf0-b470-11e9-aefa-c791377b99c3" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "b859c050-b46f-11e9-9f8f-97f5e69abdab", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "b859e760-b46f-11e9-9f8f-97f5e69abdab", + "label": "Pools", + "line_width": 2, + "metrics": [ + { + "field": "ceph.pool_disk.id", + "id": "b859e761-b46f-11e9-9f8f-97f5e69abdab", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Pools [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "393df790-b470-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/88d48440-b46b-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/88d48440-b46b-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..627db2cfad4 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/88d48440-b46b-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Throughput [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "57f0f3e0-b46b-11e9-88d3-b1e3cace09ae", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0, + "formatter": "number", + "id": "57f11af0-b46b-11e9-88d3-b1e3cace09ae", + "label": "read", + "line_width": 2, + "metrics": [ + { + "field": "ceph.cluster_status.traffic.read_bytes", + "id": "57f11af1-b46b-11e9-88d3-b1e3cace09ae", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": 0, + "formatter": "number", + "id": "57f11af2-b46b-11e9-88d3-b1e3cace09ae", + "label": "write", + "line_width": 2, + "metrics": [ + { + "field": "ceph.cluster_status.traffic.write_bytes", + "id": "57f11af3-b46b-11e9-88d3-b1e3cace09ae", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Throughput [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "88d48440-b46b-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/kibana/visualization/aa9c2f10-b470-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/ceph/0.0.1/kibana/visualization/aa9c2f10-b470-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..af2d181ab8d --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/kibana/visualization/aa9c2f10-b470-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Pool Objects [Metrics Ceph] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6ac91290-b470-11e9-a4bb-473d6710f872" + } + ], + "bar_color_rules": [ + { + "id": "6b864810-b470-11e9-a4bb-473d6710f872" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "4ce78950-b470-11e9-87e8-53bd102d292b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0, + "formatter": "number", + "id": "4ce78951-b470-11e9-87e8-53bd102d292b", + "label": "Objects", + "line_width": 2, + "metrics": [ + { + "field": "ceph.pool_disk.stats.objects", + "id": "4ce78952-b470-11e9-87e8-53bd102d292b", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "ceph.pool_disk.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Pool Objects [Metrics Ceph] ECS", + "type": "metrics" + } + }, + "id": "aa9c2f10-b470-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ceph/0.0.1/manifest.yml b/dev/packages/beats/ceph/0.0.1/manifest.yml new file mode 100644 index 00000000000..90a7b6a9977 --- /dev/null +++ b/dev/packages/beats/ceph/0.0.1/manifest.yml @@ -0,0 +1,35 @@ +format_version: 1.0.0 +name: ceph +title: Ceph +version: 0.0.1 +license: basic +description: Ceph Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/ceph-overview-dashboard.png + title: ceph overview dashboard + size: 5002x2670 + type: image/png +icons: +- src: /img/logo_ceph.svg + title: logo ceph + size: 32x32 + type: image/svg+xml +datasources: +- name: ceph + title: Ceph metrics + description: Collect metrics from Ceph instances + inputs: + - type: ceph/metrics + title: Collect metrics from Ceph instances + description: Collecting Ceph cluster_disk, cluster_health, cluster_status, mgr_cluster_disk, + mgr_cluster_health, mgr_osd_perf, mgr_osd_pool_stats, mgr_osd_tree, mgr_pool_disk, + monitor_health, osd_df, osd_tree and pool_disk metrics diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/log.yml.hbs b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..07498558fef --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/log.yml.hbs @@ -0,0 +1,8 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/syslog.yml.hbs b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..37eb7d28023 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/agent/stream/syslog.yml.hbs @@ -0,0 +1,5 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..e478d54e73d --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,1115 @@ +{ + "description": "...", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(?::-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +\\[%{GREEDYDATA:syslog5424_sd}\\]$" + ] + } + }, + { + "kv": { + "field": "syslog5424_sd", + "field_split": "; ", + "value_split": ":", + "trim_key": " ", + "trim_value": " ", + "prefix": "checkpoint.", + "strip_brackets": true, + "ignore_failure": true, + "exclude_keys": [ + "flags", + "layer_uuid", + "originsicname", + "__policy_id_tag", + "version", + "rounded_bytes", + "db_tag", + "update_service" + ] + } + }, + { + "remove": { + "field": [ + "syslog5424_sd", + "syslog5424_app", + "syslog5424_host", + "syslog5424_msgid", + "syslog5424_pri", + "syslog5424_proc", + "syslog5424_ver", + "message", + "host" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{syslog5424_ts}}", + "if": "ctx.checkpoint?.time == null" + } + }, + { + "set": { + "field": "event.module", + "value": "checkpoint" + } + }, + { + "append": { + "field": "event.category", + "value": "network", + "if": "ctx.checkpoint?.operation != 'Log In'" + } + }, + { + "set": { + "field": "observer.vendor", + "value": "Checkpoint" + } + }, + { + "set": { + "field": "observer.type", + "value": "firewall", + "if": "ctx.checkpoint?.type == null" + } + }, + { + "set": { + "field": "observer.product", + "value": "{{checkpoint.product}}", + "if": "ctx.checkpoint?.product != null" + } + }, + { + "set": { + "field": "client.ip", + "value": "{{checkpoint.src}}", + "if": "ctx.checkpoint?.src != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{checkpoint.src}}", + "if": "ctx.checkpoint?.src != null" + } + }, + { + "set": { + "field": "client.ip", + "value": "{{checkpoint.client_ip}}", + "if": "ctx.client?.ip == null && ctx.checkpoint?.client_ip != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{checkpoint.client_ip}}", + "if": "ctx.source?.ip == null && ctx.checkpoint?.client_ip != null" + } + }, + { + "set": { + "field": "server.ip", + "value": "{{checkpoint.dst}}", + "if": "ctx.checkpoint?.dst != null" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{checkpoint.dst}}", + "if": "ctx.checkpoint?.dst != null" + } + }, + { + "set" : { + "field": "client.user.id", + "value": "{{checkpoint.uid}}", + "if": "ctx.checkpoint?.uid != null" + } + }, + { + "set" : { + "field": "source.user.id", + "value": "{{checkpoint.uid}}", + "if": "ctx.checkpoint?.uid != null" + } + }, + { + "set" : { + "field": "client.user.name", + "value": "{{checkpoint.administrator}}", + "if": "ctx.checkpoint?.administrator != null" + } + }, + { + "set" : { + "field": "source.user.name", + "value": "{{checkpoint.administrator}}", + "if": "ctx.checkpoint?.administrator != null" + } + }, + { + "set" : { + "field": "source.packets", + "value": "{{ctx.checkpoint.client_outbound_packets}}", + "if": "ctx.checkpoint?.client_outbound_packets != null" + } + }, + { + "set" : { + "field": "client.packets", + "value": "{{ctx.checkpoint.client_outbound_packets}}", + "if": "ctx.checkpoint?.client_outbound_packets != null" + } + }, + { + "set" : { + "field": "destination.packets", + "value": "{{checkpoint.server_outbound_packets}}", + "if": "ctx.checkpoint?.server_outbound_packets != null" + } + }, + { + "set" : { + "field": "server.packets", + "value": "{{checkpoint.server_outbound_packets}}", + "if": "ctx.checkpoint?.server_outbound_packets != null" + } + }, + { + "set" : { + "field": "client.bytes", + "value": "{{checkpoint.client_outbound_bytes}}", + "if": "ctx.checkpoint?.client_outbound_bytes != null" + } + }, + { + "set" : { + "field": "source.bytes", + "value": "{{checkpoint.client_outbound_bytes}}", + "if": "ctx.checkpoint?.client_outbound_bytes != null" + } + }, + { + "set" : { + "field": "destination.bytes", + "value": "{{checkpoint.server_outbound_bytes}}", + "if": "ctx.checkpoint?.server_outbound_bytes != null" + } + }, + { + "set" : { + "field": "server.bytes", + "value": "{{checkpoint.server_outbound_bytes}}", + "if": "ctx.checkpoint?.server_outbound_bytes != null" + } + }, + { + "set" : { + "field": "destination.port", + "value": "{{checkpoint.service}}", + "if": "ctx.checkpoint?.service != null" + } + }, + { + "set" : { + "field": "server.port", + "value": "{{checkpoint.service}}", + "if": "ctx.checkpoint?.service != null" + } + }, + { + "set" : { + "field": "client.port", + "value": "{{checkpoint.s_port}}", + "if": "ctx.checkpoint?.s_port != null" + } + }, + { + "set" : { + "field": "source.port", + "value": "{{checkpoint.s_port}}", + "if": "ctx.checkpoint?.s_port != null" + } + }, + { + "append": { + "field": "event.category", + "value": "authentication", + "if": "ctx.checkpoint?.operation == 'Log In'" + } + }, + { + "set" : { + "field": "event.kind", + "value": "alert", + "if": "['Prevent', 'Detect', 'Quarantine'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "set" : { + "field": "event.kind", + "value": "event", + "if": "ctx.event?.kind == null" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "['Accept', 'Allow'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append" : { + "field": "event.type", + "value": ["allowed", "connection"], + "if": "['Accept', 'Allow'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "ctx.checkpoint?.audit_status == 'Success'" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "failure", + "if": "ctx.checkpoint?.audit_status == 'Failure'" + } + }, + { + "set" : { + "field": "event.outcome", + "value": "success", + "if": "['Drop', 'Reject', 'Block', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append" : { + "field": "event.type", + "value": ["connection", "denied"], + "if": "['Drop', 'Reject', 'Block', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append": { + "field": "event.category", + "value": "malware", + "if": "ctx.checkpoint?.malware_action != null" + } + }, + { + "append": { + "field": "event.category", + "value": "intrusion_detection", + "if": "['Detect', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{source.ip}}", + "if": "ctx.source?.ip != null" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{destination.ip}}", + "if": "ctx.destination?.ip != null" + } + }, + { + "append": { + "field": "related.ip", + "value": "{{destination.ip}}", + "if": "ctx.destination?.ip != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_md5}}", + "if": "ctx.checkpoint?.file_md5 != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_sha1}}", + "if": "ctx.checkpoint?.file_sha1 != null" + } + }, + { + "append": { + "field": "related.hash", + "value": "{{checkpoint.file_sha256}}", + "if": "ctx.checkpoint?.file_sha256 != null" + } + }, + { + "rename": { + "field": "checkpoint.received_bytes", + "target_field": "destination.bytes", + "ignore_missing": true, + "if": "ctx.destination?.bytes == null" + } + }, + { + "rename" : { + "field": "checkpoint.to", + "target_field": "destination.user.email", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.xlatedst", + "target_field": "destination.nat.ip", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatedst != '0.0.0.0'" + } + }, + { + "rename" : { + "field": "checkpoint.xlatedport", + "target_field": "destination.nat.port", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatedport != '0'" + } + }, + { + "rename" : { + "field": "checkpoint.destination_dns_hostname", + "target_field": "destination.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dst_machine_name", + "target_field": "destination.domain", + "ignore_missing": true, + "if": "ctx.event?.destination?.domain == null" + } + }, + { + "rename" : { + "field": "checkpoint.usercheck_incident_uid", + "target_field": "destination.user.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.service_name", + "target_field": "destination.service.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.mac_destination_address", + "target_field": "destination.mac", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dns_type", + "target_field": "dns.question.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.domain_name", + "target_field": "dns.question.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dns_message_type", + "target_field": "dns.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.tid", + "target_field": "dns.id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.loguid", + "target_field": "event.id", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.sequencenum", + "target_field": "event.sequence", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.severity", + "target_field": "event.severity", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.action", + "target_field": "event.action", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.packet_capture", + "target_field": "event.url", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.start_time", + "target_field": "event.start", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.first_detection", + "target_field": "event.start", + "ignore_missing": true, + "if": "ctx.event?.start == null" + } + }, + { + "rename" : { + "field": "checkpoint.last_detection", + "target_field": "event.end", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_risk", + "target_field": "event.risk_score", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.file_id", + "target_field": "file.inode", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_type", + "target_field": "file.type", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_name", + "target_field": "file.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_size", + "target_field": "file.size", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_md5", + "target_field": "file.hash.md5", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_sha1", + "target_field": "file.hash.sha1", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.file_sha256", + "target_field": "file.hash.sha256", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dlp_file_name", + "target_field": "file.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.user_group", + "target_field": "group.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.os_version", + "target_field": "host.os.version", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.os_name", + "target_field": "host.os.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.method", + "target_field": "http.request.method", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.referrer", + "target_field": "http.request.referrer", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.service_id", + "target_field": "network.application", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.ifdir", + "target_field": "network.direction", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.bytes", + "target_field": "network.bytes", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.proto", + "target_field": "network.iana_number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.packets", + "target_field": "network.packets", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.layer_name", + "target_field": "network.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_name", + "target_field": "network.application", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.ingress.interface.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.egress.interface.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.ifname", + "target_field": "observer.ingress.interface.name", + "ignore_missing": true, + "if": "ctx.network?.direction == 'inbound'" + } + }, + { + "rename": { + "field": "checkpoint.client_inbound_interface", + "target_field": "observer.egress.interface.name", + "ignore_missing": true, + "if": "ctx.network?.direction == 'outbound'" + } + }, + { + "rename" : { + "field": "checkpoint.type", + "target_field": "observer.type", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.origin", + "target_field": "observer.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.origin_ip", + "target_field": "observer.ip", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.endpoint_ip", + "target_field": "observer.ip", + "ignore_missing": true, + "if": "ctx.observer?.ip == null" + } + }, + { + "rename" : { + "field": "checkpoint.outzone", + "target_field": "observer.egress.zone", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.inzone", + "target_field": "observer.ingress.zone", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.security_outzone", + "target_field": "observer.egress.zone", + "ignore_missing": true, + "if": "ctx.observer?.egress?.zone == null" + } + }, + { + "rename" : { + "field": "checkpoint.security_inzone", + "target_field": "observer.ingress.zone", + "ignore_missing": true, + "if": "ctx.observer?.ingress?.zone == null" + } + }, + { + "rename" : { + "field": "checkpoint.update_version", + "target_field": "observer.version", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.process_md5", + "target_field": "process.hash.md5", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.process_name", + "target_field": "process.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.parent_process_md5", + "target_field": "process.parent.hash.md5", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.parent_process_name", + "target_field": "process.parent.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.matched_category", + "target_field": "rule.category", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.categories", + "target_field": "rule.category", + "ignore_missing": true, + "if": "ctx.rule?.category == null" + } + }, + { + "rename" : { + "field": "checkpoint.malware_action", + "target_field": "rule.description", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.malware_rule_id", + "target_field": "rule.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.app_rule_id", + "target_field": "rule.id", + "ignore_missing": true, + "if": "ctx.rule?.id == null" + } + }, + { + "rename" : { + "field": "checkpoint.objectname", + "target_field": "rule.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.malware_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.app_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.dlp_rule_name", + "target_field": "rule.name", + "ignore_missing": true, + "if": "ctx.rule?.name == null" + } + }, + { + "rename" : { + "field": "checkpoint.smartdefence_profile", + "target_field": "rule.ruleset", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.policy", + "target_field": "rule.ruleset", + "ignore_missing": true, + "if": "ctx.rule?.ruleset == null" + } + }, + { + "rename" : { + "field": "checkpoint.rule_uid", + "target_field": "rule.uuid", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.dlp_rule_uid", + "target_field": "rule.uuid", + "ignore_missing": true, + "if": "ctx.rule?.uuid == null" + } + }, + { + "rename": { + "field": "checkpoint.sent_bytes", + "target_field": "source.bytes", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.mac_source_address", + "target_field": "source.mac", + "ignore_missing": true + } + }, + { + "rename": { + "field": "checkpoint.source_user_name", + "target_field": "source.user.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.from", + "target_field": "source.user.email", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.xlatesrc", + "target_field": "source.nat.ip", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatesrc != '0.0.0.0'" + } + }, + { + "rename" : { + "field": "checkpoint.xlatesport", + "target_field": "source.nat.port", + "ignore_missing": true, + "if": "ctx.checkpoint?.xlatesport != '0'" + } + }, + { + "rename" : { + "field": "checkpoint.src_machine_name", + "target_field": "source.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.src_user_group", + "target_field": "source.user.group.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.url", + "target_field": "url.original", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.resource", + "target_field": "url.original", + "ignore_missing": true, + "if": "ctx.url?.original == null" + } + }, + { + "rename" : { + "field": "checkpoint.http_host", + "target_field": "url.domain", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.web_client_type", + "target_field": "user_agent.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.user_agent", + "target_field": "user_agent.original", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.industry_reference", + "target_field": "vulnerability.id", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.time", + "target_field": "@timestamp", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.message", + "target_field": "message", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "checkpoint.reason", + "target_field": "message", + "ignore_missing": true, + "if": "ctx.message == null" + } + }, + { + "rename" : { + "field": "checkpoint.subject", + "target_field": "message", + "ignore_missing": true, + "if": "ctx.message == null" + } + }, + { + "gsub" : { + "field": "checkpoint.sys_message", + "pattern": "^:\"", + "replacement": "", + "if": "ctx.checkpoint?.sys_message != null" + } + }, + { + "geoip" : { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true, + "if": "ctx.source?.geo == null" + } + }, + { + "geoip" : { + "field": "destination.ip", + "target_field": "destination.geo", + "ignore_missing": true, + "if": "ctx.destination?.geo == null" + } + }, + { + "geoip" : { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": ["asn", "organization_name"], + "ignore_missing": true + } + }, + { + "geoip" : { + "database_file": "GeoLite2-ASN.mmdb", + "field": "destination.ip", + "target_field": "destination.as", + "properties": ["asn", "organization_name"], + "ignore_missing": true + } + }, + { + "rename" : { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "destination.as.asn", + "target_field": "destination.as.number", + "ignore_missing": true + } + }, + { + "rename" : { + "field": "destination.as.organization_name", + "target_field": "destination.as.organization.name", + "ignore_missing": true + } + }, + { + "remove" : { + "field": [ + "checkpoint.client_outbound_packets", "checkpoint.client_outbound_bytes", + "checkpoint.server_outbound_packets", "checkpoint.server_outbound_bytes", + "checkpoint.product", "checkpoint.uid", "checkpoint.administrator", + "checkpoint.dst", "checkpoint.src", "checkpoint.service", "checkpoint.s_port", + "checkpoint.ifname", "checkpoint.xlatesrc", "checkpoint.xlatedst", "checkpoint.xlatedport", + "checkpoint.xlatesport", "checkpoint.client_ip", "syslog5424_ts" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/fields.yml b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/fields.yml new file mode 100644 index 00000000000..0967cee3b63 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/fields.yml @@ -0,0 +1,1609 @@ +- name: checkpoint.checkpoint + type: group + release: beta + fields: + - name: confidence_level + type: integer + description: | + Confidence level determined by ThreatCloud. + - name: calc_desc + type: keyword + description: | + Log description. + - name: dst_country + type: keyword + description: | + Destination country. + - name: dst_user_name + type: keyword + description: | + Connected user name on the destination IP. + - name: email_id + type: keyword + description: | + Email number in smtp connection. + - name: email_subject + type: keyword + description: | + Original email subject. + - name: email_session_id + type: keyword + description: | + Connection uuid. + - name: event_count + type: long + description: | + Number of events associated with the log. + - name: sys_message + type: keyword + description: | + System messages + - name: logid + type: keyword + description: | + System messages + - name: failure_impact + type: keyword + description: | + The impact of update service failure. + - name: id + type: integer + description: | + Override application ID. + - name: information + type: keyword + description: | + Policy installation status for a specific blade. + - name: layer_name + type: keyword + description: | + Layer name. + - name: layer_uuid + type: keyword + description: | + Layer UUID. + - name: log_id + type: integer + description: | + Unique identity for logs. + - name: malware_family + type: keyword + description: | + Additional information on protection. + - name: origin_sic_name + type: keyword + description: | + Machine SIC. + - name: policy_mgmt + type: keyword + description: | + Name of the Management Server that manages this Security Gateway. + - name: policy_name + type: keyword + description: | + Name of the last policy that this Security Gateway fetched. + - name: protection_id + type: keyword + description: | + Protection malware id. + - name: protection_name + type: keyword + description: | + Specific signature name of the attack. + - name: protection_type + type: keyword + description: | + Type of protection used to detect the attack. + - name: protocol + type: keyword + description: | + Protocol detected on the connection. + - name: proxy_src_ip + type: ip + description: | + Sender source IP (even when using proxy). + - name: rule + type: integer + description: | + Matched rule number. + - name: rule_action + type: keyword + description: | + Action of the matched rule in the access policy. + - name: scan_direction + type: keyword + description: | + Scan direction. + - name: session_id + type: keyword + description: | + Log uuid. + - name: source_os + type: keyword + description: | + OS which generated the attack. + - name: src_country + type: keyword + description: | + Country name, derived from connection source IP address. + - name: src_user_name + type: keyword + description: | + User name connected to source IP + - name: ticket_id + type: keyword + description: | + Unique ID per file. + - name: tls_server_host_name + type: keyword + description: | + SNI/CN from encrypted TLS connection used by URLF for categorization. + - name: verdict + type: keyword + description: | + TE engine verdict Possible values: Malicious/Benign/Error. + - name: user + type: keyword + description: | + Source user name. + - name: vendor_list + type: keyword + description: | + The vendor name that provided the verdict for a malicious URL. + - name: web_server_type + type: keyword + description: | + Web server detected in the HTTP response. + - name: client_name + type: keyword + description: | + Client Application or Software Blade that detected the event. + - name: client_version + type: keyword + description: | + Build version of SandBlast Agent client installed on the computer. + - name: extension_version + type: keyword + description: | + Build version of the SandBlast Agent browser extension. + - name: host_time + type: keyword + description: | + Local time on the endpoint computer. + - name: installed_products + type: keyword + description: | + List of installed Endpoint Software Blades. + - name: cc + type: keyword + description: | + The Carbon Copy address of the email. + - name: parent_process_username + type: keyword + description: | + Owner username of the parent process of the process that triggered the attack. + - name: process_username + type: keyword + description: | + Owner username of the process that triggered the attack. + - name: audit_status + type: keyword + description: | + Audit Status. Can be Success or Failure. + - name: objecttable + type: keyword + description: | + Table of affected objects. + - name: objecttype + type: keyword + description: | + The type of the affected object. + - name: operation_number + type: keyword + description: | + The operation nuber. + - name: email_recipients_num + type: integer + description: | + Amount of recipients whom the mail was sent to. + - name: suppressed_logs + type: integer + description: | + Aggregated connections for five minutes on the same source, destination and port. + - name: blade_name + type: keyword + description: | + Blade name. + - name: status + type: keyword + description: | + Ok/Warning/Error. + - name: short_desc + type: keyword + description: | + Short description of the process that was executed. + - name: long_desc + type: keyword + description: | + More information on the process (usually describing error reason in failure). + - name: scan_hosts_hour + type: integer + description: | + Number of unique hosts during the last hour. + - name: scan_hosts_day + type: integer + description: | + Number of unique hosts during the last day. + - name: scan_hosts_week + type: integer + description: | + Number of unique hosts during the last week. + - name: unique_detected_hour + type: integer + description: | + Detected virus for a specific host during the last hour. + - name: unique_detected_day + type: integer + description: | + Detected virus for a specific host during the last day. + - name: unique_detected_week + type: integer + description: | + Detected virus for a specific host during the last week. + - name: scan_mail + type: integer + description: | + Number of emails that were scanned by "AB malicious activity" engine. + - name: additional_ip + type: keyword + description: | + DNS host name. + - name: description + type: keyword + description: | + Additional explanation how the security gateway enforced the connection. + - name: email_spam_category + type: keyword + description: | + Email categories. Possible values: spam/not spam/phishing. + - name: email_control_analysis + type: keyword + description: | + Message classification, received from spam vendor engine. + - name: scan_results + type: keyword + description: | + "Infected"/description of a failure. + - name: original_queue_id + type: keyword + description: | + Original postfix email queue id. + - name: risk + type: keyword + description: | + Risk level we got from the engine. + - name: observable_name + type: keyword + description: | + IOC observable signature name. + - name: observable_id + type: keyword + description: | + IOC observable signature id. + - name: observable_comment + type: keyword + description: | + IOC observable signature description. + - name: indicator_name + type: keyword + description: | + IOC indicator name. + - name: indicator_description + type: keyword + description: | + IOC indicator description. + - name: indicator_reference + type: keyword + description: | + IOC indicator reference. + - name: indicator_uuid + type: keyword + description: | + IOC indicator uuid. + - name: app_desc + type: keyword + description: | + Application description. + - name: app_id + type: integer + description: | + Application ID. + - name: app_sig_id + type: keyword + description: | + IOC indicator description. + - name: certificate_resource + type: keyword + description: | + HTTPS resource Possible values: SNI or domain name (DN). + - name: certificate_validation + type: keyword + description: | + Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature. + - name: browse_time + type: keyword + description: | + Application session browse time. + - name: limit_requested + type: integer + description: | + Indicates whether data limit was requested for the session. + - name: limit_applied + type: integer + description: | + Indicates whether the session was actually date limited. + - name: dropped_total + type: integer + description: | + Amount of dropped packets (both incoming and outgoing). + - name: client_type_os + type: keyword + description: | + Client OS detected in the HTTP request. + - name: name + type: keyword + description: | + Application name. + - name: properties + type: keyword + description: | + Application categories. + - name: sig_id + type: keyword + description: | + Application's signature ID which how it was detected by. + - name: desc + type: keyword + description: | + Override application description. + - name: referrer_self_uid + type: keyword + description: | + UUID of the current log. + - name: referrer_parent_uid + type: keyword + description: | + Log UUID of the referring application. + - name: needs_browse_time + type: integer + description: | + Browse time required for the connection. + - name: cluster_info + type: keyword + description: | + Cluster information. Possible options: Failover reason/cluster state changes/CP cluster or 3rd party. + - name: sync + type: keyword + description: | + Sync status and the reason (stable, at risk). + - name: file_direction + type: keyword + description: | + File direction. Possible options: upload/download. + - name: invalid_file_size + type: integer + description: | + File_size field is valid only if this field is set to 0. + - name: top_archive_file_name + type: keyword + description: | + In case of archive file: the file that was sent/received. + - name: data_type_name + type: keyword + description: | + Data type in rulebase that was matched. + - name: specific_data_type_name + type: keyword + description: | + Compound/Group scenario, data type that was matched. + - name: word_list + type: keyword + description: | + Words matched by data type. + - name: info + type: keyword + description: | + Special log message. + - name: outgoing_url + type: keyword + description: | + URL related to this log (for HTTP). + - name: dlp_rule_name + type: keyword + description: | + Matched rule name. + - name: dlp_recipients + type: keyword + description: | + Mail recipients. + - name: dlp_subject + type: keyword + description: | + Mail subject. + - name: dlp_word_list + type: keyword + description: | + Phrases matched by data type. + - name: dlp_template_score + type: keyword + description: | + Template data type match score. + - name: message_size + type: integer + description: | + Mail/post size. + - name: dlp_incident_uid + type: keyword + description: | + Unique ID of the matched rule. + - name: dlp_related_incident_uid + type: keyword + description: | + Other ID related to this one. + - name: dlp_data_type_name + type: keyword + description: | + Matched data type. + - name: dlp_data_type_uid + type: keyword + description: | + Unique ID of the matched data type. + - name: dlp_violation_description + type: keyword + description: | + Violation descriptions described in the rulebase. + - name: dlp_relevant_data_types + type: keyword + description: | + In case of Compound/Group: the inner data types that were matched. + - name: dlp_action_reason + type: keyword + description: | + Action chosen reason. + - name: dlp_categories + type: keyword + description: | + Data type category. + - name: dlp_transint + type: keyword + description: | + HTTP/SMTP/FTP. + - name: duplicate + type: keyword + description: | + Log marked as duplicated, when mail is split and the Security Gateway sees it twice. + - name: incident_extension + type: keyword + description: | + Matched data type. + - name: matched_file + type: keyword + description: | + Unique ID of the matched data type. + - name: matched_file_text_segments + type: integer + description: | + Fingerprint: number of text segments matched by this traffic. + - name: matched_file_percentage + type: integer + description: | + Fingerprint: match percentage of the traffic. + - name: dlp_additional_action + type: keyword + description: | + Watermark/None. + - name: dlp_watermark_profile + type: keyword + description: | + Watermark which was applied. + - name: dlp_repository_id + type: keyword + description: | + ID of scanned repository. + - name: dlp_repository_root_path + type: keyword + description: | + Repository path. + - name: scan_id + type: keyword + description: | + Sequential number of scan. + - name: special_properties + type: integer + description: | + If this field is set to '1' the log will not be shown (in use for monitoring scan progress). + - name: dlp_repository_total_size + type: integer + description: | + Repository size. + - name: dlp_repository_files_number + type: integer + description: | + Number of files in repository. + - name: dlp_repository_scanned_files_number + type: integer + description: | + Number of scanned files in repository. + - name: duration + type: keyword + description: "Scan duration. \n" + - name: dlp_fingerprint_long_status + type: keyword + description: | + Scan status - long format. + - name: dlp_fingerprint_short_status + type: keyword + description: | + Scan status - short format. + - name: dlp_repository_directories_number + type: integer + description: | + Number of directories in repository. + - name: dlp_repository_unreachable_directories_number + type: integer + description: | + Number of directories the Security Gateway was unable to read. + - name: dlp_fingerprint_files_number + type: integer + description: | + Number of successfully scanned files in repository. + - name: dlp_repository_skipped_files_number + type: integer + description: | + Skipped number of files because of configuration. + - name: dlp_repository_scanned_directories_number + type: integer + description: | + Amount of directories scanned. + - name: number_of_errors + type: integer + description: | + Number of files that were not scanned due to an error. + - name: next_scheduled_scan_date + type: keyword + description: "Next scan scheduled time according to time object. \n" + - name: dlp_repository_scanned_total_size + type: integer + description: | + Size scanned. + - name: dlp_repository_reached_directories_number + type: integer + description: | + Number of scanned directories in repository. + - name: dlp_repository_not_scanned_directories_percentage + type: integer + description: | + Percentage of directories the Security Gateway was unable to read. + - name: speed + type: integer + description: | + Current scan speed. + - name: dlp_repository_scan_progress + type: integer + description: | + Scan percentage. + - name: sub_policy_name + type: keyword + description: | + Layer name. + - name: sub_policy_uid + type: keyword + description: | + Layer uid. + - name: fw_message + type: keyword + description: | + Used for various firewall errors. + - name: message + type: keyword + description: | + ISP link has failed. + - name: isp_link + type: keyword + description: | + Name of ISP link. + - name: fw_subproduct + type: keyword + description: | + Can be vpn/non vpn. + - name: sctp_error + type: keyword + description: | + Error information, what caused sctp to fail on out_of_state. + - name: chunk_type + type: keyword + description: | + Chunck of the sctp stream. + - name: sctp_association_state + type: keyword + description: | + The bad state you were trying to update to. + - name: tcp_packet_out_of_state + type: keyword + description: | + State violation. + - name: tcp_flags + type: keyword + description: | + TCP packet flags (SYN, ACK, etc.,). + - name: connectivity_level + type: keyword + description: | + Log for a new connection in wire mode. + - name: ip_option + type: integer + description: | + IP option that was dropped. + - name: tcp_state + type: keyword + description: | + Log reinting a tcp state change. + - name: expire_time + type: keyword + description: | + Connection closing time. + - name: icmp_type + type: integer + description: | + In case a connection is ICMP, type info will be added to the log. + - name: icmp_code + type: integer + description: | + In case a connection is ICMP, code info will be added to the log. + - name: rpc_prog + type: integer + description: | + Log for new RPC state - prog values. + - name: dce-rpc_interface_uuid + type: keyword + description: | + Log for new RPC state - UUID values + - name: elapsed + type: keyword + description: | + Time passed since start time. + - name: icmp + type: keyword + description: | + Number of packets, received by the client. + - name: capture_uuid + type: keyword + description: | + UUID generated for the capture. Used when enabling the capture when logging. + - name: diameter_app_ID + type: integer + description: | + The ID of diameter application. + - name: diameter_cmd_code + type: integer + description: | + Diameter not allowed application command id. + - name: diameter_msg_type + type: keyword + description: | + Diameter message type. + - name: cp_message + type: integer + description: | + Used to log a general message. + - name: log_delay + type: integer + description: | + Time left before deleting template. + - name: attack_status + type: keyword + description: | + In case of a malicious event on an endpoint computer, the status of the attack. + - name: impacted_files + type: keyword + description: | + In case of an infection on an endpoint computer, the list of files that the malware impacted. + - name: remediated_files + type: keyword + description: | + In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer. + - name: triggered_by + type: keyword + description: | + The name of the mechanism that triggered the Software Blade to enforce a protection. + - name: https_inspection_rule_id + type: keyword + description: | + ID of the matched rule. + - name: https_inspection_rule_name + type: keyword + description: | + Name of the matched rule. + - name: app_properties + type: keyword + description: | + List of all found categories. + - name: https_validation + type: keyword + description: | + Precise error, describing HTTPS inspection failure. + - name: https_inspection_action + type: keyword + description: | + HTTPS inspection action (Inspect/Bypass/Error). + - name: icap_service_id + type: integer + description: | + Service ID, can work with multiple servers, treated as services. + - name: icap_server_name + type: keyword + description: | + Server name. + - name: internal_error + type: keyword + description: | + Internal error, for troubleshooting + - name: icap_more_info + type: integer + description: | + Free text for verdict. + - name: reply_status + type: integer + description: | + ICAP reply status code, e.g. 200 or 204. + - name: icap_server_service + type: keyword + description: | + Service name, as given in the ICAP URI + - name: mirror_and_decrypt_type + type: keyword + description: | + Information about decrypt and forward. Possible values: Mirror only, Decrypt and mirror, Partial mirroring (HTTPS inspection Bypass). + - name: interface_name + type: keyword + description: | + Designated interface for mirror And decrypt. + - name: session_uid + type: keyword + description: | + HTTP session-id. + - name: broker_publisher + type: ip + description: | + IP address of the broker publisher who shared the session information. + - name: src_user_dn + type: keyword + description: | + User distinguished name connected to source IP. + - name: proxy_user_name + type: keyword + description: | + User name connected to proxy IP. + - name: proxy_machine_name + type: integer + description: | + Machine name connected to proxy IP. + - name: proxy_user_dn + type: keyword + description: | + User distinguished name connected to proxy IP. + - name: query + type: keyword + description: | + DNS query. + - name: dns_query + type: keyword + description: | + DNS query. + - name: inspection_item + type: keyword + description: | + Blade element performed inspection. + - name: performance_impact + type: integer + description: | + Protection performance impact. + - name: inspection_category + type: keyword + description: | + Inspection category: protocol anomaly, signature etc. + - name: inspection_profile + type: keyword + description: | + Profile which the activated protection belongs to. + - name: summary + type: keyword + description: | + Summary message of a non-compliant DNS traffic drops or detects. + - name: question_rdata + type: keyword + description: | + List of question records domains. + - name: answer_rdata + type: keyword + description: | + List of answer resource records to the questioned domains. + - name: authority_rdata + type: keyword + description: | + List of authoritative servers. + - name: additional_rdata + type: keyword + description: | + List of additional resource records. + - name: files_names + type: keyword + description: | + List of files requested by FTP. + - name: ftp_user + type: keyword + description: | + FTP username. + - name: mime_from + type: keyword + description: | + Sender's address. + - name: mime_to + type: keyword + description: | + List of receiver address. + - name: bcc + type: keyword + description: | + List of BCC addresses. + - name: content_type + type: keyword + description: | + Mail content type. Possible values: application/msword, text/html, image/gif etc. + - name: user_agent + type: keyword + description: | + String identifying requesting software user agent. + - name: referrer + type: keyword + description: | + Referrer HTTP request header, previous web page address. + - name: http_location + type: keyword + description: | + Response header, indicates the URL to redirect a page to. + - name: content_disposition + type: keyword + description: | + Indicates how the content is expected to be displayed inline in the browser. + - name: via + type: keyword + description: | + Via header is added by proxies for tracking purposes to avoid sending reqests in loop. + - name: http_server + type: keyword + description: | + Server HTTP header value, contains information about the software used by the origin server, which handles the request. + - name: content_length + type: keyword + description: | + Indicates the size of the entity-body of the HTTP header. + - name: authorization + type: keyword + description: | + Authorization HTTP header value. + - name: http_host + type: keyword + description: | + Domain name of the server that the HTTP request is sent to. + - name: inspection_settings_log + type: keyword + description: | + Indicats that the log was released by inspection settings. + - name: cvpn_resource + type: keyword + description: | + Mobile Access application. + - name: cvpn_category + type: keyword + description: | + Mobile Access application type. + - name: url + type: keyword + description: | + Translated URL. + - name: reject_id + type: keyword + description: | + A reject ID that corresponds to the one presented in the Mobile Access error page. + - name: fs-proto + type: keyword + description: | + The file share protocol used in mobile acess file share application. + - name: app_package + type: keyword + description: | + Unique identifier of the application on the protected mobile device. + - name: appi_name + type: keyword + description: | + Name of application downloaded on the protected mobile device. + - name: app_repackaged + type: keyword + description: | + Indicates whether the original application was repackage not by the official developer. + - name: app_sid_id + type: keyword + description: | + Unique SHA identifier of a mobile application. + - name: app_version + type: keyword + description: | + Version of the application downloaded on the protected mobile device. + - name: developer_certificate_name + type: keyword + description: | + Name of the developer's certificate that was used to sign the mobile application. + - name: email_control + type: keyword + description: | + Engine name. + - name: email_message_id + type: keyword + description: | + Email session id (uniqe ID of the mail). + - name: email_queue_id + type: keyword + description: | + Postfix email queue id. + - name: email_queue_name + type: keyword + description: | + Postfix email queue name. + - name: file_name + type: keyword + description: | + Malicious file name. + - name: failure_reason + type: keyword + description: | + MTA failure description. + - name: email_headers + type: keyword + description: | + String containing all the email headers. + - name: arrival_time + type: keyword + description: | + Email arrival timestamp. + - name: email_status + type: keyword + description: | + Describes the email's state. Possible options: delivered, deferred, skipped, bounced, hold, new, scan_started, scan_ended + - name: status_update + type: keyword + description: | + Last time log was updated. + - name: delivery_time + type: keyword + description: | + Timestamp of when email was delivered (MTA finished handling the email. + - name: links_num + type: integer + description: | + Number of links in the mail. + - name: attachments_num + type: integer + description: | + Number of attachments in the mail. + - name: email_content + type: keyword + description: | + Mail contents. Possible options: attachments/links & attachments/links/text only. + - name: allocated_ports + type: integer + description: | + Amount of allocated ports. + - name: capacity + type: integer + description: | + Capacity of the ports. + - name: ports_usage + type: integer + description: | + Percentage of allocated ports. + - name: nat_exhausted_pool + type: keyword + description: | + 4-tuple of an exhausted pool. + - name: nat_rulenum + type: integer + description: | + NAT rulebase first matched rule. + - name: nat_addtnl_rulenum + type: integer + description: | + When matching 2 automatic rules , second rule match will be shown otherwise field will be 0. + - name: message_info + type: keyword + description: | + Used for information messages, for example:NAT connection has ended. + - name: nat46 + type: keyword + description: | + NAT 46 status, in most cases "enabled". + - name: end_time + type: keyword + description: | + TCP connection end time. + - name: tcp_end_reason + type: keyword + description: | + Reason for TCP connection closure. + - name: cgnet + type: keyword + description: | + Describes NAT allocation for specific subscriber. + - name: subscriber + type: ip + description: | + Source IP before CGNAT. + - name: hide_ip + type: ip + description: | + Source IP which will be used after CGNAT. + - name: int_start + type: integer + description: | + Subscriber start int which will be used for NAT. + - name: int_end + type: integer + description: | + Subscriber end int which will be used for NAT. + - name: packet_amount + type: integer + description: | + Amount of packets dropped. + - name: monitor_reason + type: keyword + description: | + Aggregated logs of monitored packets. + - name: drops_amount + type: integer + description: | + Amount of multicast packets dropped. + - name: securexl_message + type: keyword + description: | + Two options for a SecureXL message: 1. Missed accounting records after heavy load on logging system. 2. FW log message regarding a packet drop. + - name: conns_amount + type: integer + description: | + Connections amount of aggregated log info. + - name: scope + type: keyword + description: | + IP related to the attack. + - name: analyzed_on + type: keyword + description: | + Check Point ThreatCloud / emulator name. + - name: detected_on + type: keyword + description: | + System and applications version the file was emulated on. + - name: dropped_file_name + type: keyword + description: | + List of names dropped from the original file. + - name: dropped_file_type + type: keyword + description: | + List of file types dropped from the original file. + - name: dropped_file_hash + type: keyword + description: | + List of file hashes dropped from the original file. + - name: dropped_file_verdict + type: keyword + description: | + List of file verdics dropped from the original file. + - name: emulated_on + type: keyword + description: | + Images the files were emulated on. + - name: extracted_file_type + type: keyword + description: | + Types of extracted files in case of an archive. + - name: extracted_file_names + type: keyword + description: | + Names of extracted files in case of an archive. + - name: extracted_file_hash + type: keyword + description: | + Archive hash in case of extracted files. + - name: extracted_file_verdict + type: keyword + description: | + Verdict of extracted files in case of an archive. + - name: extracted_file_uid + type: keyword + description: | + UID of extracted files in case of an archive. + - name: mitre_initial_access + type: keyword + description: | + The adversary is trying to break into your network. + - name: mitre_execution + type: keyword + description: | + The adversary is trying to run malicious code. + - name: mitre_persistence + type: keyword + description: | + The adversary is trying to maintain his foothold. + - name: mitre_privilege_escalation + type: keyword + description: | + The adversary is trying to gain higher-level permissions. + - name: mitre_defense_evasion + type: keyword + description: | + The adversary is trying to avoid being detected. + - name: mitre_credential_access + type: keyword + description: | + The adversary is trying to steal account names and passwords. + - name: mitre_discovery + type: keyword + description: | + The adversary is trying to expose information about your environment. + - name: mitre_lateral_movement + type: keyword + description: | + The adversary is trying to explore your environment. + - name: mitre_collection + type: keyword + description: | + The adversary is trying to collect data of interest to achieve his goal. + - name: mitre_command_and_control + type: keyword + description: | + The adversary is trying to communicate with compromised systems in order to control them. + - name: mitre_exfiltration + type: keyword + description: | + The adversary is trying to steal data. + - name: mitre_impact + type: keyword + description: | + The adversary is trying to manipulate, interrupt, or destroy your systems and data. + - name: parent_file_hash + type: keyword + description: | + Archive's hash in case of extracted files. + - name: parent_file_name + type: keyword + description: | + Archive's name in case of extracted files. + - name: parent_file_uid + type: keyword + description: | + Archive's UID in case of extracted files. + - name: similiar_iocs + type: keyword + description: | + Other IoCs similar to the ones found, related to the malicious file. + - name: similar_hashes + type: keyword + description: | + Hashes found similar to the malicious file. + - name: similar_strings + type: keyword + description: | + Strings found similar to the malicious file. + - name: similar_communication + type: keyword + description: | + Network action found similar to the malicious file. + - name: te_verdict_determined_by + type: keyword + description: | + Emulators determined file verdict. + - name: packet_capture_unique_id + type: keyword + description: | + Identifier of the packet capture files. + - name: total_attachments + type: integer + description: | + The number of attachments in an email. + - name: additional_info + type: keyword + description: | + ID of original file/mail which are sent by admin. + - name: content_risk + type: integer + description: | + File risk. + - name: operation + type: keyword + description: | + Operation made by Threat Extraction. + - name: scrubbed_content + type: keyword + description: | + Active content that was found. + - name: scrub_time + type: keyword + description: | + Extraction process duration. + - name: scrub_download_time + type: keyword + description: | + File download time from resource. + - name: scrub_total_time + type: keyword + description: | + Threat extraction total file handling time. + - name: scrub_activity + type: keyword + description: | + The result of the extraction + - name: watermark + type: keyword + description: | + Reports whether watermark is added to the cleaned file. + - name: source_object + type: integer + description: | + Matched object name on source column. + - name: destination_object + type: keyword + description: | + Matched object name on destination column. + - name: drop_reason + type: keyword + description: | + Drop reason description. + - name: hit + type: integer + description: | + Number of hits on a rule. + - name: rulebase_id + type: integer + description: | + Layer number. + - name: first_hit_time + type: integer + description: | + First hit time in current interval. + - name: last_hit_time + type: integer + description: | + Last hit time in current interval. + - name: rematch_info + type: keyword + description: | + Information sent when old connections cannot be matched during policy installation. + - name: last_rematch_time + type: keyword + description: | + Connection rematched time. + - name: action_reason + type: integer + description: | + Connection drop reason. + - name: c_bytes + type: integer + description: | + Boolean value indicates whether bytes sent from the client side are used. + - name: context_num + type: integer + description: | + Serial number of the log for a specific connection. + - name: match_id + type: integer + description: | + Private key of the rule + - name: alert + type: keyword + description: | + Alert level of matched rule (for connection logs). + - name: parent_rule + type: integer + description: | + Parent rule number, in case of inline layer. + - name: match_fk + type: integer + description: | + Rule number. + - name: dropped_outgoing + type: integer + description: | + Number of outgoing bytes dropped when using UP-limit feature. + - name: dropped_incoming + type: integer + description: | + Number of incoming bytes dropped when using UP-limit feature. + - name: media_type + type: keyword + description: | + Media used (audio, video, etc.) + - name: sip_reason + type: keyword + description: | + Explains why 'source_ip' isn't allowed to redirect (handover). + - name: voip_method + type: keyword + description: | + Registration request. + - name: registered_ip-phones + type: keyword + description: | + Registered IP-Phones. + - name: voip_reg_user_type + type: keyword + description: | + Registered IP-Phone type. + - name: voip_call_id + type: keyword + description: | + Call-ID. + - name: voip_reg_int + type: integer + description: | + Registration port. + - name: voip_reg_ipp + type: integer + description: | + Registration IP protocol. + - name: voip_reg_period + type: integer + description: | + Registration period. + - name: voip_log_type + type: keyword + description: | + VoIP log types. Possible values: reject, call, registration. + - name: src_phone_number + type: keyword + description: | + Source IP-Phone. + - name: voip_from_user_type + type: keyword + description: | + Source IP-Phone type. + - name: dst_phone_number + type: keyword + description: | + Destination IP-Phone. + - name: voip_to_user_type + type: keyword + description: | + Destination IP-Phone type. + - name: voip_call_dir + type: keyword + description: | + Call direction: in/out. + - name: voip_call_state + type: keyword + description: | + Call state. Possible values: in/out. + - name: voip_call_term_time + type: keyword + description: | + Call termination time stamp. + - name: voip_duration + type: keyword + description: | + Call duration (seconds). + - name: voip_media_port + type: keyword + description: | + Media int. + - name: voip_media_ipp + type: keyword + description: | + Media IP protocol. + - name: voip_est_codec + type: keyword + description: | + Estimated codec. + - name: voip_exp + type: integer + description: | + Expiration. + - name: voip_attach_sz + type: integer + description: | + Attachment size. + - name: voip_attach_action_info + type: keyword + description: | + Attachment action Info. + - name: voip_media_codec + type: keyword + description: | + Estimated codec. + - name: voip_reject_reason + type: keyword + description: | + Reject reason. + - name: voip_reason_info + type: keyword + description: | + Information. + - name: voip_config + type: keyword + description: | + Configuration. + - name: voip_reg_server + type: ip + description: | + Registrar server IP address. + - name: scv_user + type: keyword + description: | + Username whose packets are dropped on SCV. + - name: scv_message_info + type: keyword + description: | + Drop reason. + - name: ppp + type: keyword + description: | + Authentication status. + - name: scheme + type: keyword + description: | + Describes the scheme used for the log. + - name: auth_method + type: keyword + description: | + Password authentication protocol used (PAP or EAP). + - name: machine + type: keyword + description: | + L2TP machine which triggered the log and the log refers to it. + - name: vpn_feature_name + type: keyword + description: | + L2TP /IKE / Link Selection. + - name: reject_category + type: keyword + description: | + Authentication failure reason. + - name: peer_ip_probing_status_update + type: keyword + description: | + IP address response status. + - name: peer_ip + type: keyword + description: | + IP address which the client connects to. + - name: peer_gateway + type: ip + description: | + Main IP of the peer Security Gateway. + - name: link_probing_status_update + type: keyword + description: | + IP address response status. + - name: source_interface + type: keyword + description: | + External Interface name for source interface or Null if not found. + - name: next_hop_ip + type: keyword + description: | + Next hop IP address. + - name: srckeyid + type: keyword + description: | + Initiator Spi ID. + - name: dstkeyid + type: keyword + description: | + Responder Spi ID. + - name: encryption_failure + type: keyword + description: | + Message indicating why the encryption failed. + - name: ike_ids + type: keyword + description: | + All QM ids. + - name: community + type: keyword + description: | + Community name for the IPSec key and the use of the IKEv. + - name: ike + type: keyword + description: | + IKEMode (PHASE1, PHASE2, etc..). + - name: cookieI + type: keyword + description: | + Initiator cookie. + - name: cookieR + type: keyword + description: | + Responder cookie. + - name: msgid + type: keyword + description: | + Message ID. + - name: methods + type: keyword + description: | + IPSEc methods. + - name: connection_uid + type: keyword + description: | + Calculation of md5 of the IP and user name as UID. + - name: site_name + type: keyword + description: | + Site name. + - name: esod_rule_name + type: keyword + description: | + Unknown rule name. + - name: esod_rule_action + type: keyword + description: | + Unknown rule action. + - name: esod_rule_type + type: keyword + description: | + Unknown rule type. + - name: esod_noncompliance_reason + type: keyword + description: | + Non-compliance reason. + - name: esod_associated_policies + type: keyword + description: | + Associated policies. + - name: spyware_name + type: keyword + description: | + Spyware name. + - name: spyware_type + type: keyword + description: | + Spyware type. + - name: anti_virus_type + type: keyword + description: | + Anti virus type. + - name: end_user_firewall_type + type: keyword + description: | + End user firewall type. + - name: esod_scan_status + type: keyword + description: | + Scan failed. + - name: esod_access_status + type: keyword + description: | + Access denied. + - name: client_type + type: keyword + description: | + Endpoint Connect. + - name: precise_error + type: keyword + description: | + HTTP parser error. + - name: method + type: keyword + description: | + HTTP method. + - name: trusted_domain + type: keyword + description: In case of phishing event, the domain, which the attacker was impersonating. diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/package-fields.yml b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/package-fields.yml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/fields/package-fields.yml @@ -0,0 +1 @@ +[] diff --git a/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/manifest.yml b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/manifest.yml new file mode 100644 index 00000000000..a03b66f8f34 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/dataset/firewall/manifest.yml @@ -0,0 +1,21 @@ +title: Checkpoint firewall logs +release: experimental +type: logs +streams: +- input: syslog + template_path: syslog.yml.hbs + title: Checkpoint firewall logs (syslog) + description: Collect Checkpoint firewall logs using syslog input +- input: logs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - checkpoint-firewall + template_path: log.yml.hbs + title: Checkpoint firewall logs (log) + description: Collect Checkpoint firewall logs using log input diff --git a/dev/packages/beats/checkpoint/0.0.1/docs/README.md b/dev/packages/beats/checkpoint/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/checkpoint/0.0.1/manifest.yml b/dev/packages/beats/checkpoint/0.0.1/manifest.yml new file mode 100644 index 00000000000..d58b19bdd56 --- /dev/null +++ b/dev/packages/beats/checkpoint/0.0.1/manifest.yml @@ -0,0 +1,23 @@ +format_version: 1.0.0 +name: checkpoint +title: Checkpoint +version: 0.0.1 +license: basic +description: Checkpoint Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: + versions: '>7.0.1' +datasources: +- name: checkpoint + title: Checkpoint logs + description: Collect logs from Checkpoint instances + inputs: + - type: logs + title: Collect logs from Checkpoint instances + description: Collecting Checkpoint firewall logs diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/log.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..07498558fef --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/log.yml.hbs @@ -0,0 +1,8 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/udp.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/udp.yml.hbs new file mode 100644 index 00000000000..b7a119a43e8 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/agent/stream/udp.yml.hbs @@ -0,0 +1,3 @@ +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/cisco/0.0.1/dataset/asa/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..9668282b478 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,1282 @@ +--- +description: "Pipeline for Cisco FIX_ME logs" +processors: + # + # Parse the syslog header + # + # This populates the host.hostname, process.name, timestamp and other fields + # from the header and stores the message contents in log.original. + - grok: + field: message + patterns: + - "(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:log.original}" + pattern_definitions: + SYSLOG_HEADER: "(?:%{SYSLOGFACILITY}\\s*)?(?:%{FTD_DATE:_temp_.raw_date}:?\\s+)?(?:%{PROCESS_HOST}|%{HOST_PROCESS})(?:{DATA})?%{SYSLOG_END}?" + SYSLOGFACILITY: "<%{NONNEGINT:syslog.facility:int}(?:.%{NONNEGINT:syslog.priority:int})?>" + # Beginning with version 6.3, Firepower Threat Defense provides the option to enable timestamp as per RFC 5424. + FTD_DATE: "(?:%{TIMESTAMP_ISO8601}|%{ASA_DATE})" + ASA_DATE: "(?:%{DAY} )?%{MONTH} *%{MONTHDAY}(?: %{YEAR})? %{TIME}(?: %{TZ})?" + PROCESS: "(?:[^%\\s:\\[]+)" + SYSLOG_END: "(?:(:|\\s)\\s+)" + # exactly match the syntax for firepower management logs + PROCESS_HOST: "(?:%{PROCESS:process.name}:\\s%{SYSLOGHOST:host.name})" + HOST_PROCESS: "(?:%{SYSLOGHOST:host.hostname}:?\\s+)?(?:%{PROCESS:process.name}?(?:\\[%{POSINT:process.pid:long}\\])?)?" + + # + # Parse FTD/ASA style message + # + # This parses the header of an EMBLEM-style message for FTD and ASA prefixes. + - grok: + field: log.original + patterns: + - "%{FTD_PREFIX}-(?:%{FTD_SUFFIX:_temp_.cisco.suffix}-)?%{NONNEGINT:event.severity:int}-%{POSINT:_temp_.cisco.message_id}?:?\\s*%{GREEDYDATA:message}" + # Before version 6.3, messages for connection, security intelligence, and intrusion events didn't include an event type ID in the message header. + - "%{GREEDYDATA:message}" + pattern_definitions: + FTD_SUFFIX: "[^0-9-]+" + # Before version 6.3, FTD used ASA prefix in syslog messages + FTD_PREFIX: "%{DATA}%(?:[A-Z]+)" + + # + # Create missing fields when no %FTD label is present + # + # message_id is needed in order for some processors below to work. + - set: + field: _temp_.cisco.message_id + value: "" + if: "ctx?._temp_?.cisco?.message_id == null" + + # + # set default event.severity to 7 (debug): + # + # This value is read from the EMBLEM header and won't be present if this is not + # an emblem message (firewalls can be configured to report other kinds of events) + # This has no effect unless var.log_level is above 7 (default) to filter some + # messages. + - set: + field: event.severity + value: 7 + if: "ctx?.event?.severity == null" + + # + # Drop messages above configured log_level + # + - drop: + if: "ctx.event.severity > FIX_ME" + + # + # Parse the date included in FTD logs + # + - date: + if: "ctx.event.timezone == null" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + - date: + if: "ctx.event.timezone != null" + timezone: "{{ event.timezone }}" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + + # + # Set log.level + # + - set: + field: "log.level" + if: "ctx.event.severity == 0" + value: unknown + - set: + field: "log.level" + if: "ctx.event.severity == 1" + value: alert + - set: + field: "log.level" + if: "ctx.event.severity == 2" + value: critical + - set: + field: "log.level" + if: "ctx.event.severity == 3" + value: error + - set: + field: "log.level" + if: "ctx.event.severity == 4" + value: warning + - set: + field: "log.level" + if: "ctx.event.severity == 5" + value: notification + - set: + field: "log.level" + if: "ctx.event.severity == 6" + value: informational + - set: + field: "log.level" + if: "ctx.event.severity == 7" + value: debug + + # + # Firewall messages + # + # This set of messages is shared between FTD and ASA. + - set: + if: 'ctx._temp_.cisco.message_id != ""' + field: "event.action" + value: "firewall-rule" + - dissect: + if: "ctx._temp_.cisco.message_id == '106001'" + field: "message" + pattern: "%{network.direction} %{network.transport} connection %{event.outcome} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106002'" + field: "message" + pattern: "%{network.transport} Connection %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106006'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106007'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} due to %{network.protocol} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106010'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} %{} dst %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "message" + pattern: "Dropping echo request from %{source.address} to PAT address %{destination.address}" + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.transport" + value: icmp + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.direction" + value: inbound + - dissect: + if: "ctx._temp_.cisco.message_id == '106014'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address} %{}dst %{_temp_.cisco.destination_interface}:%{destination.address} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106015'" + field: "message" + pattern: "%{event.outcome} %{network.transport} (no connection) from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106016'" + field: "message" + pattern: "%{event.outcome} IP spoof from (%{source.address}) to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106017'" + field: "message" + pattern: "%{event.outcome} IP due to Land Attack from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106018'" + field: "message" + pattern: "%{network.transport} packet type %{_temp_.cisco.icmp_type} %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106020'" + field: "message" + pattern: "%{event.outcome} IP teardrop fragment (size = %{}, offset = %{}) from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106021'" + field: "message" + pattern: "%{event.outcome} %{network.transport} reverse path check from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106022'" + field: "message" + pattern: "%{event.outcome} %{network.transport} connection spoof from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - grok: + if: "ctx._temp_.cisco.message_id == '106023'" + field: "message" + patterns: + - ^%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(%{GREEDYDATA:_temp_.cisco.source_username} )?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access.group "%{NOTSPACE:_temp_.cisco.list_id}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106027'" + field: "message" + pattern: '%{} %{event.outcome} src %{source.address} dst %{destination.address} by access-group "%{_temp_.cisco.list_id}"' + - dissect: + if: "ctx._temp_.cisco.message_id == '106100'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port}) -> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port}) %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106102'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106103'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "message" + pattern: "%{source.address} %{}ccessed URL %{destination.address}:%{url.original}" + - set: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "event.outcome" + value: allow + - dissect: + if: "ctx._temp_.cisco.message_id == '304002'" + field: "message" + pattern: "Access %{event.outcome} URL %{url.original} SRC %{source.address} %{}EST %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313001'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313004'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, from%{}addr %{source.address} on interface %{_temp_.cisco.source_interface} to %{destination.address}: no matching session" + - dissect: + if: "ctx._temp_.cisco.message_id == '313005'" + field: "message" + pattern: "No matching connection for %{network.transport} error message: %{} on %{_temp_.cisco.source_interface} interface.%{}riginal IP payload: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313008'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type} , code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313009'" + field: "message" + pattern: "%{event.outcome} invalid %{network.transport} code %{_temp_.cisco.icmp_code} , for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '322001'" + field: "message" + pattern: "%{event.outcome} MAC address %{source.mac}, possible spoof attempt on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "message" + pattern: "Dynamic filter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338003'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338004'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338007'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338008'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338103'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338104'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "message" + pattern: "Intercepted DNS reply for domain %{source.domain} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, matched %{_temp_.cisco.list_id}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.address" + value: "{{destination.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.port" + value: "{{destination.port}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.address" + value: "{{source.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.port" + value: "{{source.port}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '734001'" + field: "message" + pattern: "DAP: User %{user.email}, Addr %{source.address}, Connection %{_temp_.cisco.connection_type}: The following DAP records were selected for this connection: %{_temp_.cisco.dap_records->}" + - split: + field: "_temp_.cisco.dap_records" + separator: ",\\s+" + ignore_missing: true + + # + # Handle 302xxx messages (Flow expiration a.k.a "Teardown") + # + - set: + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + field: "event.action" + value: "flow-expiration" + - grok: + field: "message" + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + patterns: + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?(?:duration %{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes:int})%{GREEDYDATA} + - Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.source_username})?%{GREEDYDATA} + pattern_definitions: + NOTCOLON: "[^:]*" + ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" + ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" + MAPPEDSRC: "(?:%{DATA:_temp_.cisco.mapped_source_ip}|%{HOSTNAME})" + + # + # Decode FTD's Security Event Syslog Messages + # + # 43000x messages are security event syslog messages specific to FTD. + # Format is a comma-separated sequence of key: value pairs. + # + # The result of this decoding is saved as _temp_.orig_security.{Key}: {Value} + - kv: + if: '["430001", "430002", "430003", "430004", "430005", ""].contains(ctx._temp_.cisco.message_id)' + field: "message" + field_split: ",(?=[A-za-z1-9\\s]+:)" + value_split: ":" + target_field: "_temp_.orig_security" + trim_key: " " + trim_value: " " + ignore_failure: true + + # + # Remove message. + # + # The field has been used as temporary buffer while decoding. The full message + # is kept log.original. Processors below can still add a message field, as some + # security events contain an explanatory Message field. + - remove: + field: + - message + ignore_missing: true + + # + # Populate ECS fields from Security Events + # + # This script uses the key-value pairs from Security Events to populate + # the appropriate ECS fields. + # + # A single key can be mapped to multiple ECS fields, and more than one key can + # map to the same ECS field, which results in an array being created. + # + # This script performs an additional job: + # + # Before FTD version 6.3, the message_id was not included in Security Events. + # As this field encodes the kind of event (intrusion, connection, malware...) + # the script below will guess the right message_id from the keys present in + # the event. + # + # The reason for overloading this script with different behaviors is + # that this pipeline is already reaching the limit on script compilations. + # + #******************************************************************************* + # Code generated by go generate. DO NOT EDIT. + #******************************************************************************* + - script: + if: ctx._temp_?.orig_security != null + params: + ACPolicy: + target: ac_policy + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleAction: + target: access_control_rule_action + id: ["430002", "430003"] + ecs: [event.outcome] + AccessControlRuleName: + target: access_control_rule_name + id: ["430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleReason: + target: access_control_rule_reason + id: ["430002", "430003"] + ApplicationProtocol: + target: application_protocol + ecs: [network.protocol] + ArchiveDepth: + target: archive_depth + id: ["430004", "430005"] + ArchiveFileName: + target: archive_file_name + id: ["430004", "430005"] + ecs: [file.name] + ArchiveFileStatus: + target: archive_file_status + id: ["430004", "430005"] + ArchiveSHA256: + target: archive_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + Classification: + target: classification + id: ["430001"] + Client: + target: client + ecs: [network.application] + ClientVersion: + target: client_version + id: ["430002", "430003"] + ConnectionDuration: + target: connection_duration + id: ["430003"] + ecs: [event.duration] + DNS_Sinkhole: + target: dns_sinkhole + id: ["430002", "430003"] + DNS_TTL: + target: dns_ttl + id: ["430002", "430003"] + DNSQuery: + target: dns_query + id: ["430002", "430003"] + ecs: [dns.question.name] + DNSRecordType: + target: dns_record_type + id: ["430002", "430003"] + ecs: [dns.question.type] + DNSResponseType: + target: dns_response_type + id: ["430002", "430003"] + ecs: [dns.response_code] + DNSSICategory: + target: dnssi_category + id: ["430002", "430003"] + DstIP: + target: dst_ip + ecs: [destination.address] + DstPort: + target: dst_port + ecs: [destination.port] + EgressInterface: + target: egress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.destination_interface] + EgressZone: + target: egress_zone + id: ["430001", "430002", "430003"] + Endpoint Profile: + target: endpoint_profile + id: ["430002", "430003"] + FileAction: + target: file_action + id: ["430004", "430005"] + FileCount: + target: file_count + id: ["430002", "430003"] + FileDirection: + target: file_direction + id: ["430004", "430005"] + FileName: + target: file_name + id: ["430004", "430005"] + ecs: [file.name] + FilePolicy: + target: file_policy + id: ["430004", "430005"] + ecs: [_temp_.cisco.rule_name] + FileSHA256: + target: file_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + FileSandboxStatus: + target: file_sandbox_status + id: ["430004", "430005"] + FileSize: + target: file_size + id: ["430004", "430005"] + ecs: [file.size] + FileStorageStatus: + target: file_storage_status + id: ["430004", "430005"] + FileType: + target: file_type + id: ["430004", "430005"] + FirstPacketSecond: + target: first_packet_second + id: ["430004", "430005"] + ecs: [event.start] + GID: + target: gid + id: ["430001"] + ecs: [service.id] + HTTPReferer: + target: http_referer + id: ["430002", "430003"] + ecs: [http.request.referrer] + HTTPResponse: + target: http_response + id: ["430001", "430002", "430003"] + ecs: [http.response.status_code] + ICMPCode: + target: icmp_code + id: ["430001", "430002", "430003"] + ICMPType: + target: icmp_type + id: ["430001", "430002", "430003"] + IPReputationSICategory: + target: ip_reputation_si_category + id: ["430002", "430003"] + IPSCount: + target: ips_count + id: ["430002", "430003"] + IngressInterface: + target: ingress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.source_interface] + IngressZone: + target: ingress_zone + id: ["430001", "430002", "430003"] + InitiatorBytes: + target: initiator_bytes + id: ["430003"] + ecs: [source.bytes] + InitiatorPackets: + target: initiator_packets + id: ["430003"] + ecs: [source.packets] + InlineResult: + target: inline_result + id: ["430001"] + ecs: [event.outcome] + IntrusionPolicy: + target: intrusion_policy + id: ["430001"] + ecs: [_temp_.cisco.rule_name] + MPLS_Label: + target: mpls_label + id: ["430001"] + Message: + target: message + id: ["430001"] + ecs: [message] + NAPPolicy: + target: nap_policy + id: ["430001", "430002", "430003"] + NetBIOSDomain: + target: net_bios_domain + id: ["430002", "430003"] + ecs: [host.hostname] + NumIOC: + target: num_ioc + id: ["430001"] + Prefilter Policy: + target: prefilter_policy + id: ["430002", "430003"] + Priority: + target: priority + id: ["430001"] + Protocol: + target: protocol + ecs: [network.transport] + ReferencedHost: + target: referenced_host + id: ["430002", "430003"] + ecs: [url.domain] + ResponderBytes: + target: responder_bytes + id: ["430003"] + ecs: [destination.bytes] + ResponderPackets: + target: responder_packets + id: ["430003"] + ecs: [destination.packets] + Revision: + target: revision + id: ["430001"] + SHA_Disposition: + target: sha_disposition + id: ["430004", "430005"] + SID: + target: sid + id: ["430001"] + SSLActualAction: + target: ssl_actual_action + ecs: [event.outcome] + SSLCertificate: + target: ssl_certificate + id: ["430002", "430003", "430004", "430005"] + SSLExpectedAction: + target: ssl_expected_action + id: ["430002", "430003"] + SSLFlowStatus: + target: ssl_flow_status + id: ["430002", "430003", "430004", "430005"] + SSLPolicy: + target: ssl_policy + id: ["430002", "430003"] + SSLRuleName: + target: ssl_rule_name + id: ["430002", "430003"] + SSLServerCertStatus: + target: ssl_server_cert_status + id: ["430002", "430003"] + SSLServerName: + target: ssl_server_name + id: ["430002", "430003"] + ecs: [server.domain] + SSLSessionID: + target: ssl_session_id + id: ["430002", "430003"] + SSLTicketID: + target: ssl_ticket_id + id: ["430002", "430003"] + SSLURLCategory: + target: sslurl_category + id: ["430002", "430003"] + SSLVersion: + target: ssl_version + id: ["430002", "430003"] + SSSLCipherSuite: + target: sssl_cipher_suite + id: ["430002", "430003"] + SecIntMatchingIP: + target: sec_int_matching_ip + id: ["430002", "430003"] + Security Group: + target: security_group + id: ["430002", "430003"] + SperoDisposition: + target: spero_disposition + id: ["430004", "430005"] + SrcIP: + target: src_ip + ecs: [source.address] + SrcPort: + target: src_port + ecs: [source.port] + TCPFlags: + target: tcp_flags + id: ["430002", "430003"] + ThreatName: + target: threat_name + id: ["430005"] + ecs: [_temp_.cisco.threat_category] + ThreatScore: + target: threat_score + id: ["430005"] + ecs: [_temp_.cisco.threat_level] + Tunnel or Prefilter Rule: + target: tunnel_or_prefilter_rule + id: ["430002", "430003"] + URI: + target: uri + id: ["430004", "430005"] + ecs: [url.original] + URL: + target: url + id: ["430002", "430003"] + ecs: [url.original] + URLCategory: + target: url_category + id: ["430002", "430003"] + URLReputation: + target: url_reputation + id: ["430002", "430003"] + URLSICategory: + target: urlsi_category + id: ["430002", "430003"] + User: + target: user + ecs: [user.id, user.name] + UserAgent: + target: user_agent + id: ["430002", "430003"] + ecs: [user_agent.original] + VLAN_ID: + target: vlan_id + id: ["430001", "430002", "430003"] + WebApplication: + target: web_application + ecs: [network.application] + originalClientSrcIP: + target: original_client_src_ip + id: ["430002", "430003"] + ecs: [client.address] + lang: painless + source: | + boolean isEmpty(def value) { + return (value instanceof AbstractList? value.size() : value.length()) == 0; + } + def appendOrCreate(Map dest, String[] path, def value) { + for (int i=0; i new HashMap()); + } + String key = path[path.length - 1]; + def existing = dest.get(key); + return existing == null? + dest.put(key, value) + : existing instanceof AbstractList? + existing.add(value) + : dest.put(key, new ArrayList([existing, value])); + } + def msg = ctx._temp_.orig_security; + def counters = new HashMap(); + def dest = new HashMap(); + ctx._temp_.cisco['security'] = dest; + for (entry in msg.entrySet()) { + def param = params.get(entry.getKey()); + if (param == null) { + continue; + } + param.getOrDefault('id', []).forEach( id -> counters[id] = 1 + counters.getOrDefault(id, 0) ); + if (!isEmpty(entry.getValue())) { + param.getOrDefault('ecs', []).forEach( field -> appendOrCreate(ctx, field.splitOnToken('.'), entry.getValue()) ); + dest[param.target] = entry.getValue(); + } + } + if (ctx._temp_.cisco.message_id != "") return; + def best; + for (entry in counters.entrySet()) { + if (best == null || best.getValue() < entry.getValue()) best = entry; + } + if (best != null) ctx._temp_.cisco.message_id = best.getKey(); + #******************************************************************************* + # End of generated code. + #******************************************************************************* + + # + # Normalize ECS field values + # + - script: + lang: painless + params: + "ctx._temp_.cisco.message_id": + target: event.action + map: + "430001": intrusion-detected + "430002": connection-started + "430003": connection-finished + "430004": file-detected + "430005": malware-detected + + "dns.question.type": + map: + "a host address": A + "ip6 address": AAAA + "text strings": TXT + "a domain name pointer": PTR + "an authoritative name server": NS + "the canonical name for an alias": CNAME + "marks the start of a zone of authority": SOA + "mail exchange": MX + "server selection": SRV + + "dns.response_code": + map: + "non-existent domain": NXDOMAIN + "server failure": SERVFAIL + "query refused": REFUSED + "no error": NOERROR + + source: | + def getField(Map src, String[] path) { + for (int i=0; i new HashMap()); + } + dest[path[path.length-1]] = value; + } + for (entry in params.entrySet()) { + def srcField = entry.getKey(); + def param = entry.getValue(); + String oldVal = getField(ctx, srcField.splitOnToken('.')); + if (oldVal == null) continue; + def newVal = param.map?.getOrDefault(oldVal.toLowerCase(), null); + if (newVal != null) { + def dstField = param.getOrDefault('target', srcField); + setField(ctx, dstField.splitOnToken('.'), newVal); + } + } + + - set: + if: "ctx.dns?.question?.type != null && ctx.dns?.response_code == null" + field: dns.response_code + value: NOERROR + + - set: + if: 'ctx._temp_.cisco.message_id == "430001"' + field: event.action + value: intrusion-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430002"' + field: event.action + value: connection-started + - set: + if: 'ctx._temp_.cisco.message_id == "430003"' + field: event.action + value: connection-finished + - set: + if: 'ctx._temp_.cisco.message_id == "430004"' + field: event.action + value: file-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430005"' + field: event.action + value: malware-detected + + # + # Handle event.duration + # + # It can be set from ConnectionDuration FTD field above. This field holds + # seconds as a string. Copy it to _temp_.duration_hms so that the following + # processor converts it to the right value and populates start and end. + - set: + field: "_temp_.duration_hms" + value: "{{event.duration}}" + if: "ctx.event?.duration != null" + + # + # Process the flow duration "hh:mm:ss" present in some messages + # This will fill event.start, event.end and event.duration + # + - script: + lang: painless + if: "ctx?._temp_?.duration_hms != null" + source: > + long parse_hms(String s) { + long cur = 0, total = 0; + for (char c: s.toCharArray()) { + if (c >= (char)'0' && c <= (char)'9') { + cur = (cur*10) + (long)c - (char)'0'; + } else if (c == (char)':') { + total = (total + cur) * 60; + cur = 0; + } else { + return 0; + } + } + return total + cur; + } + if (ctx?.event == null) { + ctx['event'] = new HashMap(); + } + String end = ctx['@timestamp']; + ctx.event['end'] = end; + long nanos = parse_hms(ctx._temp_.duration_hms) * 1000000000L; + ctx.event['duration'] = nanos; + ctx.event['start'] = ZonedDateTime.ofInstant( + Instant.parse(end).minusNanos(nanos), + ZoneOffset.UTC); + + # + # Normalize protocol names + # + - lowercase: + field: "network.transport" + ignore_failure: true + - lowercase: + field: "network.protocol" + ignore_failure: true + - lowercase: + field: "network.application" + ignore_failure: true + - lowercase: + field: "file.type" + ignore_failure: true + - lowercase: + field: "network.direction" + ignore_failure: true + + # + # Populate network.iana_number from network.transport. Also does reverse + # mapping in case network.transport contains the iana_number. + # + - script: + if: "ctx?.network?.transport != null" + lang: painless + params: + icmp: 1 + igmp: 2 + ipv4: 4 + tcp: 6 + egp: 8 + igp: 9 + pup: 12 + udp: 17 + rdp: 27 + irtp: 28 + dccp: 33 + idpr: 35 + ipv6: 41 + ipv6-route: 43 + ipv6-frag: 44 + rsvp: 46 + gre: 47 + esp: 50 + ipv6-icmp: 58 + ipv6-nonxt: 59 + ipv6-opts: 60 + source: > + def net = ctx.network; + def iana = params[net.transport]; + if (iana != null) { + net['iana_number'] = iana; + return; + } + def reverse = new HashMap(); + def[] arr = new def[] { null }; + for (entry in params.entrySet()) { + arr[0] = entry.getValue(); + reverse.put(String.format("%d", arr), entry.getKey()); + } + def trans = reverse[net.transport]; + if (trans != null) { + net['iana_number'] = net.transport; + net['transport'] = trans; + } + + # + # Normalize event.outcome + # + - lowercase: + field: "event.outcome" + ignore_missing: true + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "est-allowed"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "permitted"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "denied"' + value: deny + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "dropped"' + value: deny + + - set: + field: "network.transport" + if: 'ctx.network?.transport == "icmpv6"' + value: "ipv6-icmp" + + # + # Convert integer fields, as output of dissect and kv processors is always a string + # + - convert: + field: "source.port" + type: integer + ignore_failure: true + - convert: + field: "destination.port" + type: integer + ignore_failure: true + - convert: + field: "source.bytes" + type: integer + ignore_failure: true + - convert: + field: "destination.bytes" + type: integer + ignore_failure: true + - convert: + field: "source.packets" + type: integer + ignore_failure: true + - convert: + field: "destination.packets" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_source_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_destination_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_code" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_type" + type: integer + ignore_failure: true + - convert: + field: "network.iana_number" + type: integer + ignore_failure: true + + # + # Assign ECS .ip fields from .address is a valid IP address is found, + # otherwise set .domain field. + # + - grok: + field: source.address + patterns: + - "(?:%{IP:source.ip}|%{GREEDYDATA:source.domain})" + ignore_failure: true + - grok: + field: destination.address + patterns: + - "(?:%{IP:destination.ip}|%{GREEDYDATA:destination.domain})" + ignore_failure: true + - grok: + field: client.address + patterns: + - "(?:%{IP:client.ip}|%{GREEDYDATA:client.domain})" + ignore_failure: true + - grok: + field: server.address + patterns: + - "(?:%{IP:server.ip}|%{GREEDYDATA:server.domain})" + ignore_failure: true + + # + # Geolocation for source and destination addresses + # + - geoip: + field: "source.ip" + target_field: "source.geo" + ignore_missing: true + - geoip: + field: "destination.ip" + target_field: "destination.geo" + ignore_missing: true + + # + # IP Autonomous System (AS) Lookup + # + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + + # + # NAT fields + # + # The firewall always populates mapped ip and port even if there was no NAT. + # This populates both nat.ip and nat.port only when some translation is done. + # Fills nat.ip and nat.port even when only the ip or port changed. + - set: + field: source.nat.ip + value: "{{_temp_.cisco.mapped_source_ip}}" + if: "ctx._temp_.cisco.mapped_source_ip != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: source.nat.port + value: "{{_temp_.cisco.mapped_source_port}}" + if: "ctx._temp_.cisco.mapped_source_port != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: destination.nat.ip + value: "{{_temp_.cisco.mapped_destination_ip}}" + if: "ctx._temp_.cisco.mapped_destination_ip != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + - set: + field: destination.nat.port + value: "{{_temp_.cisco.mapped_destination_port}}" + if: "ctx._temp_.cisco.mapped_destination_port != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + + # + # Populate ECS event.code + # + - convert: + field: _temp_.cisco.message_id + target_field: event.code + type: integer + ignore_failure: true + + - remove: + field: + - _temp_.cisco.message_id + - event.code + if: 'ctx._temp_.cisco.message_id == ""' + ignore_failure: true + + # + # Copy _temp_.cisco to its final destination, cisco.asa or cisco.ftd. + # + - rename: + field: _temp_.cisco + target_field: "cisco.FIX_ME" + ignore_failure: true + + # + # Remove temporary fields + # + - remove: + field: _temp_ + ignore_missing: true + + # + # Rename some 7.x fields + # + - rename: + field: log.original + target_field: event.original + ignore_missing: true + - rename: + field: cisco.FIX_ME.list_id + target_field: cisco.FIX_ME.rule_name + ignore_missing: true + +on_failure: + - append: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/fields.yml new file mode 100644 index 00000000000..48fbc993406 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/fields.yml @@ -0,0 +1,75 @@ +- name: cisco.asa + type: group + fields: + - name: message_id + type: keyword + description: | + The Cisco ASA message identifier. + - name: suffix + type: keyword + description: | + Optional suffix after %ASA identifier. + - name: source_interface + type: keyword + description: | + Source interface for the flow or event. + - name: destination_interface + type: keyword + description: | + Destination interface for the flow or event. + - name: rule_name + type: keyword + description: | + Name of the Access Control List rule that matched this event. + - name: source_username + type: keyword + description: | + Name of the user that is the source for this event. + - name: destination_username + type: keyword + description: | + Name of the user that is the destination for this event. + - name: mapped_source_ip + type: ip + description: | + The translated source IP address. + - name: mapped_source_port + type: long + description: | + The translated source port. + - name: mapped_destination_ip + type: ip + description: | + The translated destination IP address. + - name: mapped_destination_port + type: long + description: | + The translated destination port. + - name: threat_level + type: keyword + description: | + Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. + - name: threat_category + type: keyword + description: | + Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. + - name: connection_id + type: keyword + description: | + Unique identifier for a flow. + - name: icmp_type + type: short + description: | + ICMP type. + - name: icmp_code + type: short + description: | + ICMP code. + - name: connection_type + type: keyword + description: | + The VPN connection type + - name: dap_records + type: keyword + description: | + The assigned DAP records diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/package-fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/package-fields.yml new file mode 100644 index 00000000000..2318aac27b2 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: cisco + type: group diff --git a/dev/packages/beats/cisco/0.0.1/dataset/asa/manifest.yml b/dev/packages/beats/cisco/0.0.1/dataset/asa/manifest.yml new file mode 100644 index 00000000000..4f8405dfd7b --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/asa/manifest.yml @@ -0,0 +1,38 @@ +title: Cisco asa logs +release: experimental +type: logs +streams: +- input: udp + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-asa + template_path: udp.yml.hbs + title: Cisco asa logs (udp) + description: Collect Cisco asa logs using udp input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/cisco-asa.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-asa + template_path: log.yml.hbs + title: Cisco asa logs (log) + description: Collect Cisco asa logs using log input diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/log.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..07498558fef --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/log.yml.hbs @@ -0,0 +1,8 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/udp.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/udp.yml.hbs new file mode 100644 index 00000000000..b7a119a43e8 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/agent/stream/udp.yml.hbs @@ -0,0 +1,3 @@ +tags: {{tags}} +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/cisco/0.0.1/dataset/ftd/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..9668282b478 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,1282 @@ +--- +description: "Pipeline for Cisco FIX_ME logs" +processors: + # + # Parse the syslog header + # + # This populates the host.hostname, process.name, timestamp and other fields + # from the header and stores the message contents in log.original. + - grok: + field: message + patterns: + - "(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:log.original}" + pattern_definitions: + SYSLOG_HEADER: "(?:%{SYSLOGFACILITY}\\s*)?(?:%{FTD_DATE:_temp_.raw_date}:?\\s+)?(?:%{PROCESS_HOST}|%{HOST_PROCESS})(?:{DATA})?%{SYSLOG_END}?" + SYSLOGFACILITY: "<%{NONNEGINT:syslog.facility:int}(?:.%{NONNEGINT:syslog.priority:int})?>" + # Beginning with version 6.3, Firepower Threat Defense provides the option to enable timestamp as per RFC 5424. + FTD_DATE: "(?:%{TIMESTAMP_ISO8601}|%{ASA_DATE})" + ASA_DATE: "(?:%{DAY} )?%{MONTH} *%{MONTHDAY}(?: %{YEAR})? %{TIME}(?: %{TZ})?" + PROCESS: "(?:[^%\\s:\\[]+)" + SYSLOG_END: "(?:(:|\\s)\\s+)" + # exactly match the syntax for firepower management logs + PROCESS_HOST: "(?:%{PROCESS:process.name}:\\s%{SYSLOGHOST:host.name})" + HOST_PROCESS: "(?:%{SYSLOGHOST:host.hostname}:?\\s+)?(?:%{PROCESS:process.name}?(?:\\[%{POSINT:process.pid:long}\\])?)?" + + # + # Parse FTD/ASA style message + # + # This parses the header of an EMBLEM-style message for FTD and ASA prefixes. + - grok: + field: log.original + patterns: + - "%{FTD_PREFIX}-(?:%{FTD_SUFFIX:_temp_.cisco.suffix}-)?%{NONNEGINT:event.severity:int}-%{POSINT:_temp_.cisco.message_id}?:?\\s*%{GREEDYDATA:message}" + # Before version 6.3, messages for connection, security intelligence, and intrusion events didn't include an event type ID in the message header. + - "%{GREEDYDATA:message}" + pattern_definitions: + FTD_SUFFIX: "[^0-9-]+" + # Before version 6.3, FTD used ASA prefix in syslog messages + FTD_PREFIX: "%{DATA}%(?:[A-Z]+)" + + # + # Create missing fields when no %FTD label is present + # + # message_id is needed in order for some processors below to work. + - set: + field: _temp_.cisco.message_id + value: "" + if: "ctx?._temp_?.cisco?.message_id == null" + + # + # set default event.severity to 7 (debug): + # + # This value is read from the EMBLEM header and won't be present if this is not + # an emblem message (firewalls can be configured to report other kinds of events) + # This has no effect unless var.log_level is above 7 (default) to filter some + # messages. + - set: + field: event.severity + value: 7 + if: "ctx?.event?.severity == null" + + # + # Drop messages above configured log_level + # + - drop: + if: "ctx.event.severity > FIX_ME" + + # + # Parse the date included in FTD logs + # + - date: + if: "ctx.event.timezone == null" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + - date: + if: "ctx.event.timezone != null" + timezone: "{{ event.timezone }}" + field: "_temp_.raw_date" + target_field: "@timestamp" + formats: + - "ISO8601" + - "MMM d HH:mm:ss" + - "MMM dd HH:mm:ss" + - "EEE MMM d HH:mm:ss" + - "EEE MMM dd HH:mm:ss" + - "MMM d HH:mm:ss z" + - "MMM dd HH:mm:ss z" + - "EEE MMM d HH:mm:ss z" + - "EEE MMM dd HH:mm:ss z" + - "MMM d yyyy HH:mm:ss" + - "MMM dd yyyy HH:mm:ss" + - "EEE MMM d yyyy HH:mm:ss" + - "EEE MMM dd yyyy HH:mm:ss" + - "MMM d yyyy HH:mm:ss z" + - "MMM dd yyyy HH:mm:ss z" + - "EEE MMM d yyyy HH:mm:ss z" + - "EEE MMM dd yyyy HH:mm:ss z" + on_failure: + [ + { + "append": + { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}", + }, + }, + ] + + # + # Set log.level + # + - set: + field: "log.level" + if: "ctx.event.severity == 0" + value: unknown + - set: + field: "log.level" + if: "ctx.event.severity == 1" + value: alert + - set: + field: "log.level" + if: "ctx.event.severity == 2" + value: critical + - set: + field: "log.level" + if: "ctx.event.severity == 3" + value: error + - set: + field: "log.level" + if: "ctx.event.severity == 4" + value: warning + - set: + field: "log.level" + if: "ctx.event.severity == 5" + value: notification + - set: + field: "log.level" + if: "ctx.event.severity == 6" + value: informational + - set: + field: "log.level" + if: "ctx.event.severity == 7" + value: debug + + # + # Firewall messages + # + # This set of messages is shared between FTD and ASA. + - set: + if: 'ctx._temp_.cisco.message_id != ""' + field: "event.action" + value: "firewall-rule" + - dissect: + if: "ctx._temp_.cisco.message_id == '106001'" + field: "message" + pattern: "%{network.direction} %{network.transport} connection %{event.outcome} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106002'" + field: "message" + pattern: "%{network.transport} Connection %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106006'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106007'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} due to %{network.protocol} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106010'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} %{} dst %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "message" + pattern: "Dropping echo request from %{source.address} to PAT address %{destination.address}" + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.transport" + value: icmp + - set: + if: "ctx._temp_.cisco.message_id == '106013'" + field: "network.direction" + value: inbound + - dissect: + if: "ctx._temp_.cisco.message_id == '106014'" + field: "message" + pattern: "%{event.outcome} %{network.direction} %{network.transport} src %{_temp_.cisco.source_interface}:%{source.address} %{}dst %{_temp_.cisco.destination_interface}:%{destination.address} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106015'" + field: "message" + pattern: "%{event.outcome} %{network.transport} (no connection) from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106016'" + field: "message" + pattern: "%{event.outcome} IP spoof from (%{source.address}) to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106017'" + field: "message" + pattern: "%{event.outcome} IP due to Land Attack from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106018'" + field: "message" + pattern: "%{network.transport} packet type %{_temp_.cisco.icmp_type} %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106020'" + field: "message" + pattern: "%{event.outcome} IP teardrop fragment (size = %{}, offset = %{}) from %{source.address} to %{destination.address}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106021'" + field: "message" + pattern: "%{event.outcome} %{network.transport} reverse path check from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106022'" + field: "message" + pattern: "%{event.outcome} %{network.transport} connection spoof from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + - grok: + if: "ctx._temp_.cisco.message_id == '106023'" + field: "message" + patterns: + - ^%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(%{GREEDYDATA:_temp_.cisco.source_username} )?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access.group "%{NOTSPACE:_temp_.cisco.list_id}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106027'" + field: "message" + pattern: '%{} %{event.outcome} src %{source.address} dst %{destination.address} by access-group "%{_temp_.cisco.list_id}"' + - dissect: + if: "ctx._temp_.cisco.message_id == '106100'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port}) -> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port}) %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106102'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '106103'" + field: "message" + pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{_temp_.cisco.username} %{_temp_.cisco.source_interface}/%{source.address} %{source.port} %{_temp_.cisco.destination_interface}/%{destination.address} %{destination.port} %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "message" + pattern: "%{source.address} %{}ccessed URL %{destination.address}:%{url.original}" + - set: + if: "ctx._temp_.cisco.message_id == '304001'" + field: "event.outcome" + value: allow + - dissect: + if: "ctx._temp_.cisco.message_id == '304002'" + field: "message" + pattern: "Access %{event.outcome} URL %{url.original} SRC %{source.address} %{}EST %{destination.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313001'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313004'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, from%{}addr %{source.address} on interface %{_temp_.cisco.source_interface} to %{destination.address}: no matching session" + - dissect: + if: "ctx._temp_.cisco.message_id == '313005'" + field: "message" + pattern: "No matching connection for %{network.transport} error message: %{} on %{_temp_.cisco.source_interface} interface.%{}riginal IP payload: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313008'" + field: "message" + pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type} , code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '313009'" + field: "message" + pattern: "%{event.outcome} invalid %{network.transport} code %{_temp_.cisco.icmp_code} , for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '322001'" + field: "message" + pattern: "%{event.outcome} MAC address %{source.mac}, possible spoof attempt on interface %{_temp_.cisco.source_interface}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "message" + pattern: "Dynamic filter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338001'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338002'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338003'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338004'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338005'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338006'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338007'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338008'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338101'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" + - set: + if: "ctx._temp_.cisco.message_id == '338102'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338103'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338104'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338201'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338202'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338203'" + field: "server.domain" + value: "{{source.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "message" + pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.cisco.mapped_source_ip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.cisco.mapped_destination_ip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" + - set: + if: "ctx._temp_.cisco.message_id == '338204'" + field: "server.domain" + value: "{{destination.domain}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "message" + pattern: "Intercepted DNS reply for domain %{source.domain} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, matched %{_temp_.cisco.list_id}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.address" + value: "{{destination.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "client.port" + value: "{{destination.port}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.address" + value: "{{source.address}}" + - set: + if: "ctx._temp_.cisco.message_id == '338301'" + field: "server.port" + value: "{{source.port}}" + - dissect: + if: "ctx._temp_.cisco.message_id == '734001'" + field: "message" + pattern: "DAP: User %{user.email}, Addr %{source.address}, Connection %{_temp_.cisco.connection_type}: The following DAP records were selected for this connection: %{_temp_.cisco.dap_records->}" + - split: + field: "_temp_.cisco.dap_records" + separator: ",\\s+" + ignore_missing: true + + # + # Handle 302xxx messages (Flow expiration a.k.a "Teardown") + # + - set: + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + field: "event.action" + value: "flow-expiration" + - grok: + field: "message" + if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + patterns: + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?(?:duration %{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes:int})%{GREEDYDATA} + - Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.source_username})?%{GREEDYDATA} + pattern_definitions: + NOTCOLON: "[^:]*" + ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" + ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" + MAPPEDSRC: "(?:%{DATA:_temp_.cisco.mapped_source_ip}|%{HOSTNAME})" + + # + # Decode FTD's Security Event Syslog Messages + # + # 43000x messages are security event syslog messages specific to FTD. + # Format is a comma-separated sequence of key: value pairs. + # + # The result of this decoding is saved as _temp_.orig_security.{Key}: {Value} + - kv: + if: '["430001", "430002", "430003", "430004", "430005", ""].contains(ctx._temp_.cisco.message_id)' + field: "message" + field_split: ",(?=[A-za-z1-9\\s]+:)" + value_split: ":" + target_field: "_temp_.orig_security" + trim_key: " " + trim_value: " " + ignore_failure: true + + # + # Remove message. + # + # The field has been used as temporary buffer while decoding. The full message + # is kept log.original. Processors below can still add a message field, as some + # security events contain an explanatory Message field. + - remove: + field: + - message + ignore_missing: true + + # + # Populate ECS fields from Security Events + # + # This script uses the key-value pairs from Security Events to populate + # the appropriate ECS fields. + # + # A single key can be mapped to multiple ECS fields, and more than one key can + # map to the same ECS field, which results in an array being created. + # + # This script performs an additional job: + # + # Before FTD version 6.3, the message_id was not included in Security Events. + # As this field encodes the kind of event (intrusion, connection, malware...) + # the script below will guess the right message_id from the keys present in + # the event. + # + # The reason for overloading this script with different behaviors is + # that this pipeline is already reaching the limit on script compilations. + # + #******************************************************************************* + # Code generated by go generate. DO NOT EDIT. + #******************************************************************************* + - script: + if: ctx._temp_?.orig_security != null + params: + ACPolicy: + target: ac_policy + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleAction: + target: access_control_rule_action + id: ["430002", "430003"] + ecs: [event.outcome] + AccessControlRuleName: + target: access_control_rule_name + id: ["430002", "430003"] + ecs: [_temp_.cisco.rule_name] + AccessControlRuleReason: + target: access_control_rule_reason + id: ["430002", "430003"] + ApplicationProtocol: + target: application_protocol + ecs: [network.protocol] + ArchiveDepth: + target: archive_depth + id: ["430004", "430005"] + ArchiveFileName: + target: archive_file_name + id: ["430004", "430005"] + ecs: [file.name] + ArchiveFileStatus: + target: archive_file_status + id: ["430004", "430005"] + ArchiveSHA256: + target: archive_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + Classification: + target: classification + id: ["430001"] + Client: + target: client + ecs: [network.application] + ClientVersion: + target: client_version + id: ["430002", "430003"] + ConnectionDuration: + target: connection_duration + id: ["430003"] + ecs: [event.duration] + DNS_Sinkhole: + target: dns_sinkhole + id: ["430002", "430003"] + DNS_TTL: + target: dns_ttl + id: ["430002", "430003"] + DNSQuery: + target: dns_query + id: ["430002", "430003"] + ecs: [dns.question.name] + DNSRecordType: + target: dns_record_type + id: ["430002", "430003"] + ecs: [dns.question.type] + DNSResponseType: + target: dns_response_type + id: ["430002", "430003"] + ecs: [dns.response_code] + DNSSICategory: + target: dnssi_category + id: ["430002", "430003"] + DstIP: + target: dst_ip + ecs: [destination.address] + DstPort: + target: dst_port + ecs: [destination.port] + EgressInterface: + target: egress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.destination_interface] + EgressZone: + target: egress_zone + id: ["430001", "430002", "430003"] + Endpoint Profile: + target: endpoint_profile + id: ["430002", "430003"] + FileAction: + target: file_action + id: ["430004", "430005"] + FileCount: + target: file_count + id: ["430002", "430003"] + FileDirection: + target: file_direction + id: ["430004", "430005"] + FileName: + target: file_name + id: ["430004", "430005"] + ecs: [file.name] + FilePolicy: + target: file_policy + id: ["430004", "430005"] + ecs: [_temp_.cisco.rule_name] + FileSHA256: + target: file_sha256 + id: ["430004", "430005"] + ecs: [file.hash.sha256] + FileSandboxStatus: + target: file_sandbox_status + id: ["430004", "430005"] + FileSize: + target: file_size + id: ["430004", "430005"] + ecs: [file.size] + FileStorageStatus: + target: file_storage_status + id: ["430004", "430005"] + FileType: + target: file_type + id: ["430004", "430005"] + FirstPacketSecond: + target: first_packet_second + id: ["430004", "430005"] + ecs: [event.start] + GID: + target: gid + id: ["430001"] + ecs: [service.id] + HTTPReferer: + target: http_referer + id: ["430002", "430003"] + ecs: [http.request.referrer] + HTTPResponse: + target: http_response + id: ["430001", "430002", "430003"] + ecs: [http.response.status_code] + ICMPCode: + target: icmp_code + id: ["430001", "430002", "430003"] + ICMPType: + target: icmp_type + id: ["430001", "430002", "430003"] + IPReputationSICategory: + target: ip_reputation_si_category + id: ["430002", "430003"] + IPSCount: + target: ips_count + id: ["430002", "430003"] + IngressInterface: + target: ingress_interface + id: ["430001", "430002", "430003"] + ecs: [_temp_.cisco.source_interface] + IngressZone: + target: ingress_zone + id: ["430001", "430002", "430003"] + InitiatorBytes: + target: initiator_bytes + id: ["430003"] + ecs: [source.bytes] + InitiatorPackets: + target: initiator_packets + id: ["430003"] + ecs: [source.packets] + InlineResult: + target: inline_result + id: ["430001"] + ecs: [event.outcome] + IntrusionPolicy: + target: intrusion_policy + id: ["430001"] + ecs: [_temp_.cisco.rule_name] + MPLS_Label: + target: mpls_label + id: ["430001"] + Message: + target: message + id: ["430001"] + ecs: [message] + NAPPolicy: + target: nap_policy + id: ["430001", "430002", "430003"] + NetBIOSDomain: + target: net_bios_domain + id: ["430002", "430003"] + ecs: [host.hostname] + NumIOC: + target: num_ioc + id: ["430001"] + Prefilter Policy: + target: prefilter_policy + id: ["430002", "430003"] + Priority: + target: priority + id: ["430001"] + Protocol: + target: protocol + ecs: [network.transport] + ReferencedHost: + target: referenced_host + id: ["430002", "430003"] + ecs: [url.domain] + ResponderBytes: + target: responder_bytes + id: ["430003"] + ecs: [destination.bytes] + ResponderPackets: + target: responder_packets + id: ["430003"] + ecs: [destination.packets] + Revision: + target: revision + id: ["430001"] + SHA_Disposition: + target: sha_disposition + id: ["430004", "430005"] + SID: + target: sid + id: ["430001"] + SSLActualAction: + target: ssl_actual_action + ecs: [event.outcome] + SSLCertificate: + target: ssl_certificate + id: ["430002", "430003", "430004", "430005"] + SSLExpectedAction: + target: ssl_expected_action + id: ["430002", "430003"] + SSLFlowStatus: + target: ssl_flow_status + id: ["430002", "430003", "430004", "430005"] + SSLPolicy: + target: ssl_policy + id: ["430002", "430003"] + SSLRuleName: + target: ssl_rule_name + id: ["430002", "430003"] + SSLServerCertStatus: + target: ssl_server_cert_status + id: ["430002", "430003"] + SSLServerName: + target: ssl_server_name + id: ["430002", "430003"] + ecs: [server.domain] + SSLSessionID: + target: ssl_session_id + id: ["430002", "430003"] + SSLTicketID: + target: ssl_ticket_id + id: ["430002", "430003"] + SSLURLCategory: + target: sslurl_category + id: ["430002", "430003"] + SSLVersion: + target: ssl_version + id: ["430002", "430003"] + SSSLCipherSuite: + target: sssl_cipher_suite + id: ["430002", "430003"] + SecIntMatchingIP: + target: sec_int_matching_ip + id: ["430002", "430003"] + Security Group: + target: security_group + id: ["430002", "430003"] + SperoDisposition: + target: spero_disposition + id: ["430004", "430005"] + SrcIP: + target: src_ip + ecs: [source.address] + SrcPort: + target: src_port + ecs: [source.port] + TCPFlags: + target: tcp_flags + id: ["430002", "430003"] + ThreatName: + target: threat_name + id: ["430005"] + ecs: [_temp_.cisco.threat_category] + ThreatScore: + target: threat_score + id: ["430005"] + ecs: [_temp_.cisco.threat_level] + Tunnel or Prefilter Rule: + target: tunnel_or_prefilter_rule + id: ["430002", "430003"] + URI: + target: uri + id: ["430004", "430005"] + ecs: [url.original] + URL: + target: url + id: ["430002", "430003"] + ecs: [url.original] + URLCategory: + target: url_category + id: ["430002", "430003"] + URLReputation: + target: url_reputation + id: ["430002", "430003"] + URLSICategory: + target: urlsi_category + id: ["430002", "430003"] + User: + target: user + ecs: [user.id, user.name] + UserAgent: + target: user_agent + id: ["430002", "430003"] + ecs: [user_agent.original] + VLAN_ID: + target: vlan_id + id: ["430001", "430002", "430003"] + WebApplication: + target: web_application + ecs: [network.application] + originalClientSrcIP: + target: original_client_src_ip + id: ["430002", "430003"] + ecs: [client.address] + lang: painless + source: | + boolean isEmpty(def value) { + return (value instanceof AbstractList? value.size() : value.length()) == 0; + } + def appendOrCreate(Map dest, String[] path, def value) { + for (int i=0; i new HashMap()); + } + String key = path[path.length - 1]; + def existing = dest.get(key); + return existing == null? + dest.put(key, value) + : existing instanceof AbstractList? + existing.add(value) + : dest.put(key, new ArrayList([existing, value])); + } + def msg = ctx._temp_.orig_security; + def counters = new HashMap(); + def dest = new HashMap(); + ctx._temp_.cisco['security'] = dest; + for (entry in msg.entrySet()) { + def param = params.get(entry.getKey()); + if (param == null) { + continue; + } + param.getOrDefault('id', []).forEach( id -> counters[id] = 1 + counters.getOrDefault(id, 0) ); + if (!isEmpty(entry.getValue())) { + param.getOrDefault('ecs', []).forEach( field -> appendOrCreate(ctx, field.splitOnToken('.'), entry.getValue()) ); + dest[param.target] = entry.getValue(); + } + } + if (ctx._temp_.cisco.message_id != "") return; + def best; + for (entry in counters.entrySet()) { + if (best == null || best.getValue() < entry.getValue()) best = entry; + } + if (best != null) ctx._temp_.cisco.message_id = best.getKey(); + #******************************************************************************* + # End of generated code. + #******************************************************************************* + + # + # Normalize ECS field values + # + - script: + lang: painless + params: + "ctx._temp_.cisco.message_id": + target: event.action + map: + "430001": intrusion-detected + "430002": connection-started + "430003": connection-finished + "430004": file-detected + "430005": malware-detected + + "dns.question.type": + map: + "a host address": A + "ip6 address": AAAA + "text strings": TXT + "a domain name pointer": PTR + "an authoritative name server": NS + "the canonical name for an alias": CNAME + "marks the start of a zone of authority": SOA + "mail exchange": MX + "server selection": SRV + + "dns.response_code": + map: + "non-existent domain": NXDOMAIN + "server failure": SERVFAIL + "query refused": REFUSED + "no error": NOERROR + + source: | + def getField(Map src, String[] path) { + for (int i=0; i new HashMap()); + } + dest[path[path.length-1]] = value; + } + for (entry in params.entrySet()) { + def srcField = entry.getKey(); + def param = entry.getValue(); + String oldVal = getField(ctx, srcField.splitOnToken('.')); + if (oldVal == null) continue; + def newVal = param.map?.getOrDefault(oldVal.toLowerCase(), null); + if (newVal != null) { + def dstField = param.getOrDefault('target', srcField); + setField(ctx, dstField.splitOnToken('.'), newVal); + } + } + + - set: + if: "ctx.dns?.question?.type != null && ctx.dns?.response_code == null" + field: dns.response_code + value: NOERROR + + - set: + if: 'ctx._temp_.cisco.message_id == "430001"' + field: event.action + value: intrusion-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430002"' + field: event.action + value: connection-started + - set: + if: 'ctx._temp_.cisco.message_id == "430003"' + field: event.action + value: connection-finished + - set: + if: 'ctx._temp_.cisco.message_id == "430004"' + field: event.action + value: file-detected + - set: + if: 'ctx._temp_.cisco.message_id == "430005"' + field: event.action + value: malware-detected + + # + # Handle event.duration + # + # It can be set from ConnectionDuration FTD field above. This field holds + # seconds as a string. Copy it to _temp_.duration_hms so that the following + # processor converts it to the right value and populates start and end. + - set: + field: "_temp_.duration_hms" + value: "{{event.duration}}" + if: "ctx.event?.duration != null" + + # + # Process the flow duration "hh:mm:ss" present in some messages + # This will fill event.start, event.end and event.duration + # + - script: + lang: painless + if: "ctx?._temp_?.duration_hms != null" + source: > + long parse_hms(String s) { + long cur = 0, total = 0; + for (char c: s.toCharArray()) { + if (c >= (char)'0' && c <= (char)'9') { + cur = (cur*10) + (long)c - (char)'0'; + } else if (c == (char)':') { + total = (total + cur) * 60; + cur = 0; + } else { + return 0; + } + } + return total + cur; + } + if (ctx?.event == null) { + ctx['event'] = new HashMap(); + } + String end = ctx['@timestamp']; + ctx.event['end'] = end; + long nanos = parse_hms(ctx._temp_.duration_hms) * 1000000000L; + ctx.event['duration'] = nanos; + ctx.event['start'] = ZonedDateTime.ofInstant( + Instant.parse(end).minusNanos(nanos), + ZoneOffset.UTC); + + # + # Normalize protocol names + # + - lowercase: + field: "network.transport" + ignore_failure: true + - lowercase: + field: "network.protocol" + ignore_failure: true + - lowercase: + field: "network.application" + ignore_failure: true + - lowercase: + field: "file.type" + ignore_failure: true + - lowercase: + field: "network.direction" + ignore_failure: true + + # + # Populate network.iana_number from network.transport. Also does reverse + # mapping in case network.transport contains the iana_number. + # + - script: + if: "ctx?.network?.transport != null" + lang: painless + params: + icmp: 1 + igmp: 2 + ipv4: 4 + tcp: 6 + egp: 8 + igp: 9 + pup: 12 + udp: 17 + rdp: 27 + irtp: 28 + dccp: 33 + idpr: 35 + ipv6: 41 + ipv6-route: 43 + ipv6-frag: 44 + rsvp: 46 + gre: 47 + esp: 50 + ipv6-icmp: 58 + ipv6-nonxt: 59 + ipv6-opts: 60 + source: > + def net = ctx.network; + def iana = params[net.transport]; + if (iana != null) { + net['iana_number'] = iana; + return; + } + def reverse = new HashMap(); + def[] arr = new def[] { null }; + for (entry in params.entrySet()) { + arr[0] = entry.getValue(); + reverse.put(String.format("%d", arr), entry.getKey()); + } + def trans = reverse[net.transport]; + if (trans != null) { + net['iana_number'] = net.transport; + net['transport'] = trans; + } + + # + # Normalize event.outcome + # + - lowercase: + field: "event.outcome" + ignore_missing: true + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "est-allowed"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "permitted"' + value: allow + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "denied"' + value: deny + - set: + field: "event.outcome" + if: 'ctx.event?.outcome == "dropped"' + value: deny + + - set: + field: "network.transport" + if: 'ctx.network?.transport == "icmpv6"' + value: "ipv6-icmp" + + # + # Convert integer fields, as output of dissect and kv processors is always a string + # + - convert: + field: "source.port" + type: integer + ignore_failure: true + - convert: + field: "destination.port" + type: integer + ignore_failure: true + - convert: + field: "source.bytes" + type: integer + ignore_failure: true + - convert: + field: "destination.bytes" + type: integer + ignore_failure: true + - convert: + field: "source.packets" + type: integer + ignore_failure: true + - convert: + field: "destination.packets" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_source_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.mapped_destination_port" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_code" + type: integer + ignore_failure: true + - convert: + field: "_temp_.cisco.icmp_type" + type: integer + ignore_failure: true + - convert: + field: "network.iana_number" + type: integer + ignore_failure: true + + # + # Assign ECS .ip fields from .address is a valid IP address is found, + # otherwise set .domain field. + # + - grok: + field: source.address + patterns: + - "(?:%{IP:source.ip}|%{GREEDYDATA:source.domain})" + ignore_failure: true + - grok: + field: destination.address + patterns: + - "(?:%{IP:destination.ip}|%{GREEDYDATA:destination.domain})" + ignore_failure: true + - grok: + field: client.address + patterns: + - "(?:%{IP:client.ip}|%{GREEDYDATA:client.domain})" + ignore_failure: true + - grok: + field: server.address + patterns: + - "(?:%{IP:server.ip}|%{GREEDYDATA:server.domain})" + ignore_failure: true + + # + # Geolocation for source and destination addresses + # + - geoip: + field: "source.ip" + target_field: "source.geo" + ignore_missing: true + - geoip: + field: "destination.ip" + target_field: "destination.geo" + ignore_missing: true + + # + # IP Autonomous System (AS) Lookup + # + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + + # + # NAT fields + # + # The firewall always populates mapped ip and port even if there was no NAT. + # This populates both nat.ip and nat.port only when some translation is done. + # Fills nat.ip and nat.port even when only the ip or port changed. + - set: + field: source.nat.ip + value: "{{_temp_.cisco.mapped_source_ip}}" + if: "ctx._temp_.cisco.mapped_source_ip != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: source.nat.port + value: "{{_temp_.cisco.mapped_source_port}}" + if: "ctx._temp_.cisco.mapped_source_port != null && (ctx._temp_.cisco.mapped_source_ip != ctx.source.ip || ctx._temp_.cisco.mapped_source_port != ctx.source.port)" + - set: + field: destination.nat.ip + value: "{{_temp_.cisco.mapped_destination_ip}}" + if: "ctx._temp_.cisco.mapped_destination_ip != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + - set: + field: destination.nat.port + value: "{{_temp_.cisco.mapped_destination_port}}" + if: "ctx._temp_.cisco.mapped_destination_port != null && (ctx._temp_.cisco.mapped_destination_ip != ctx.destination.ip || ctx._temp_.cisco.mapped_destination_port != ctx.destination.port)" + + # + # Populate ECS event.code + # + - convert: + field: _temp_.cisco.message_id + target_field: event.code + type: integer + ignore_failure: true + + - remove: + field: + - _temp_.cisco.message_id + - event.code + if: 'ctx._temp_.cisco.message_id == ""' + ignore_failure: true + + # + # Copy _temp_.cisco to its final destination, cisco.asa or cisco.ftd. + # + - rename: + field: _temp_.cisco + target_field: "cisco.FIX_ME" + ignore_failure: true + + # + # Remove temporary fields + # + - remove: + field: _temp_ + ignore_missing: true + + # + # Rename some 7.x fields + # + - rename: + field: log.original + target_field: event.original + ignore_missing: true + - rename: + field: cisco.FIX_ME.list_id + target_field: cisco.FIX_ME.rule_name + ignore_missing: true + +on_failure: + - append: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/fields.yml new file mode 100644 index 00000000000..2bc86881f98 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/fields.yml @@ -0,0 +1,78 @@ +- name: cisco.ftd + type: group + fields: + - name: message_id + type: keyword + description: | + The Cisco FTD message identifier. + - name: suffix + type: keyword + description: | + Optional suffix after %FTD identifier. + - name: source_interface + type: keyword + description: | + Source interface for the flow or event. + - name: destination_interface + type: keyword + description: | + Destination interface for the flow or event. + - name: rule_name + type: keyword + description: | + Name of the Access Control List rule that matched this event. + - name: source_username + type: keyword + description: | + Name of the user that is the source for this event. + - name: destination_username + type: keyword + description: | + Name of the user that is the destination for this event. + - name: mapped_source_ip + type: ip + description: | + The translated source IP address. Use ECS source.nat.ip. + - name: mapped_source_port + type: long + description: | + The translated source port. Use ECS source.nat.port. + - name: mapped_destination_ip + type: ip + description: | + The translated destination IP address. Use ECS destination.nat.ip. + - name: mapped_destination_port + type: long + description: | + The translated destination port. Use ECS destination.nat.port. + - name: threat_level + type: keyword + description: | + Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. + - name: threat_category + type: keyword + description: | + Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. + - name: connection_id + type: keyword + description: | + Unique identifier for a flow. + - name: icmp_type + type: short + description: | + ICMP type. + - name: icmp_code + type: short + description: | + ICMP code. + - name: security + type: object + description: Raw fields for Security Events. + - name: connection_type + type: keyword + description: | + The VPN connection type + - name: dap_records + type: keyword + description: | + The assigned DAP records diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/package-fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/package-fields.yml new file mode 100644 index 00000000000..2318aac27b2 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: cisco + type: group diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ftd/manifest.yml b/dev/packages/beats/cisco/0.0.1/dataset/ftd/manifest.yml new file mode 100644 index 00000000000..8ec7bfb85c1 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ftd/manifest.yml @@ -0,0 +1,38 @@ +title: Cisco ftd logs +release: experimental +type: logs +streams: +- input: udp + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-ftd + template_path: udp.yml.hbs + title: Cisco ftd logs (udp) + description: Collect Cisco ftd logs using udp input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/cisco-ftd.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-ftd + template_path: log.yml.hbs + title: Cisco ftd logs (log) + description: Collect Cisco ftd logs using log input diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/log.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..a077d010df5 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ + - script: + lang: javascript + id: cisco_ios + file: ${path.home}/module/cisco/ios/config/pipeline.js \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/pipeline.js b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/pipeline.js new file mode 100644 index 00000000000..c4e28d2fe11 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/pipeline.js @@ -0,0 +1,222 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var ciscoIOS = (function() { + var processor = require("processor"); + + var newDissect = function(pattern) { + return new processor.Dissect({ + "tokenizer": pattern, + "field": "message", + "target_prefix": "", + }).Run; + }; + + var accessListMessagePatterns = { + "IPACCESSLOGP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address}(%{source.port}) -> " + + "%{destination.address}(%{destination.port}), %{source.packets} packet"), + + "IPACCESSLOGDP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address} (%{icmp.type}/%{icmp.code}), %{source.packets} packet"), + + "IPACCESSLOGRP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address}, %{source.packets} packet"), + + "IPACCESSLOGSP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.transport} %{source.address} -> " + + "%{destination.address} (%{igmp.type}), %{source.packets} packet"), + + "IPACCESSLOGNP": newDissect("list %{cisco.ios.access_list} %{event.outcome} " + + "%{network.iana_number} %{source.address} -> " + + "%{destination.address}, %{source.packets} packet"), + }; + // Add IPv6 log message patterns. + accessListMessagePatterns.ACCESSLOGP = accessListMessagePatterns.IPACCESSLOGP; + accessListMessagePatterns.ACCESSLOGSP = accessListMessagePatterns.IPACCESSLOGSP; + accessListMessagePatterns.ACCESSLOGDP = accessListMessagePatterns.IPACCESSLOGDP; + accessListMessagePatterns.ACCESSLOGNP = accessListMessagePatterns.IPACCESSLOGNP; + + var setLogLevel = function(evt) { + var severity = evt.Get("event.severity"); + + var levelKeyword = ""; + switch (severity) { + case 0: + levelKeyword = "emergencies"; + break; + case 1: + levelKeyword = "alerts"; + break; + case 2: + levelKeyword = "critical"; + break; + case 3: + levelKeyword = "errors"; + break; + case 4: + levelKeyword = "warnings"; + break; + case 5: + levelKeyword = "notifications"; + break; + case 6: + levelKeyword = "informational"; + break; + case 7: + levelKeyword = "debugging"; + break; + default: + return; + } + + evt.Put("log.level", levelKeyword); + }; + + var copyOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "log.original"}, + ], + mode: "copy", + }); + + var parseSyslogFileHeader = new processor.Chain() + .Dissect({ + tokenizer: "%{_tmp.ts->} %{+_tmp.ts} %{+_tmp.ts->} %{log.source.address} %{event.sequence}: %{_tmp.timestamp}: %{_tmp.message}", + field: "message", + target_prefix: "", + }) + .Convert({ + fields: [ + {from: "_tmp.message", to: "message"}, + ], + mode: "rename", + }) + .Convert({ + fields: [ + {from: "event.sequence", type: "long"}, + ], + ignore_missing: true, + }) + .Add(function(evt) { + processor.Timestamp({ + field: "_tmp.timestamp", + target_field: "@timestamp", + timezone: evt.Get("event.timezone"), + layouts: [ + 'Jan _2 15:04:05.999', + 'Jan _2 15:04:05.999 MST', + ], + ignore_missing: true, + }).Run(evt); + }) + .Add(function(evt) { + evt.Delete("_tmp"); + }) + .Build(); + + var processMessage = new processor.Chain() + // Parse the header of the message that is common to all messages. + .Dissect({ + "tokenizer": "%{}%%{cisco.ios.facility}-%{_event_severity}-%{event.code}: %{_message}", + "field": "message", + "target_prefix": "", + }) + .Add(function(evt) { + evt.Delete("message"); + evt.Rename("_message", "message"); + evt.Delete("event.severity"); + evt.Rename("_event_severity", "event.severity"); + }) + .Convert({ + fields: [ + {from: "event.severity", type: "long"}, + ], + }) + .Add(setLogLevel) + // Use a specific dissect pattern based on the event.code. + .Add(function(evt) { + var eventCode = evt.Get("event.code"); + if (!eventCode) { + return; + } + + var dissect = accessListMessagePatterns[eventCode]; + if (dissect) { + dissect(evt); + coerceNumbers(evt); + normalizeEventOutcome(evt); + setNetworkType(evt); + setRelatedIP(evt); + evt.Put("event.category", "network_traffic"); + evt.Put("event.type", "firewall"); + return; + } + }) + .CommunityID() + .Build(); + + var coerceNumbers = new processor.Convert({ + fields: [ + {from: "destination.address", to: "destination.ip", type: "ip"}, + {from: "destination.port", type: "long"}, + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "source.port", type: "long"}, + {from: "source.packets", type: "long"}, + {from: "source.packets", to: "network.packets", type: "long"}, + {from: "icmp.type", type: "long"}, + {from: "icmp.code", type: "long"}, + {from: "igmp.type", type: "long"}, + ], + ignore_missing: true, + }).Run; + + var normalizeEventOutcome = function(evt) { + var outcome = evt.Get("event.outcome"); + switch (outcome) { + case "denied": + evt.Put("event.outcome", "deny"); + break; + case "permitted": + evt.Put("event.outcome", "allow"); + break; + } + }; + + var setNetworkType = function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }; + + var setRelatedIP = function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }; + + return { + process: function(evt) { + copyOriginalMessage.Run(evt); + + if (evt.Get("input.type") === "log") { + parseSyslogFileHeader.Run(evt); + } + + processMessage.Run(evt); + }, + }; +})(); + +function process(evt) { + ciscoIOS.process(evt); +} diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/syslog.yml.hbs b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..4aeb0e718de --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/agent/stream/syslog.yml.hbs @@ -0,0 +1,9 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +tags: {{tags}} +processors: + - add_locale: ~ + - script: + lang: javascript + id: cisco_ios + file: ${path.home}/module/cisco/ios/config/pipeline.js \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/cisco/0.0.1/dataset/ios/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..7b641d38a21 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for Cisco IOS logs. + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/fields.yml new file mode 100644 index 00000000000..ab69d90dba8 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/fields.yml @@ -0,0 +1,11 @@ +- name: cisco.ios + type: group + fields: + - name: access_list + type: keyword + description: | + Name of the IP access list. + - name: facility + type: keyword + description: | + The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/package-fields.yml b/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/package-fields.yml new file mode 100644 index 00000000000..2318aac27b2 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: cisco + type: group diff --git a/dev/packages/beats/cisco/0.0.1/dataset/ios/manifest.yml b/dev/packages/beats/cisco/0.0.1/dataset/ios/manifest.yml new file mode 100644 index 00000000000..114bbe87377 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/dataset/ios/manifest.yml @@ -0,0 +1,52 @@ +title: Cisco ios logs +release: experimental +type: logs +streams: +- input: syslog + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-ios + - name: syslog_host + type: text + title: Syslog Host + multi: false + required: true + show_user: true + default: localhost + - name: syslog_port + type: integer + title: Syslog Port + multi: false + required: true + show_user: true + default: 9002 + template_path: syslog.yml.hbs + title: Cisco ios logs (syslog) + description: Collect Cisco ios logs using syslog input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/cisco-ios.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - cisco-ios + template_path: log.yml.hbs + title: Cisco ios logs (log) + description: Collect Cisco ios logs using log input diff --git a/dev/packages/beats/cisco/0.0.1/docs/README.md b/dev/packages/beats/cisco/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/img/cisco.svg b/dev/packages/beats/cisco/0.0.1/img/cisco.svg new file mode 100644 index 00000000000..20ebebf1974 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/img/cisco.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/img/kibana-cisco-asa.png b/dev/packages/beats/cisco/0.0.1/img/kibana-cisco-asa.png new file mode 100644 index 00000000000..ad51be22046 Binary files /dev/null and b/dev/packages/beats/cisco/0.0.1/img/kibana-cisco-asa.png differ diff --git a/dev/packages/beats/cisco/0.0.1/kibana/dashboard/a555b160-4987-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/dashboard/a555b160-4987-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..4b8c27615d2 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/dashboard/a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,176 @@ +{ + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Destination Port and Transport", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Source Port and Transport", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "ASA Firewall Events Over Time", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "ASA Flows by Network Bytes", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Blocked by Source", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "title": "Top ACL by Blocked", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "9", + "panelRefName": "panel_6", + "version": "7.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Cisco] ASA Firewall", + "version": 1 + }, + "id": "a555b160-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "118da960-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/search/14fce5e0-498f-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/search/14fce5e0-498f-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..378a5ae8a03 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/search/14fce5e0-498f-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id :*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "All ASA Logs [Logs Cisco]", + "version": 1 + }, + "id": "14fce5e0-498f-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/search/753406e0-4986-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/search/753406e0-4986-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..c4580907d38 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/search/753406e0-4986-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id:* and event.action:\"flow-expiration\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "ASA Firewall flows [Logs Cisco]", + "version": 1 + }, + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/search/96c6ff60-4986-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/search/96c6ff60-4986-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..a75e81f98dd --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/search/96c6ff60-4986-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "cisco.asa.message_id:* and event.action:\"firewall-rule\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "ASA Firewall Events [Logs Cisco]", + "version": 1 + }, + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/08ef4d90-499b-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/08ef4d90-499b-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..b6e2e9827ed --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/08ef4d90-499b-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Top ACL by Blocked [Logs Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Top ACL by Blocked [Logs Cisco]", + "type": "table" + } + }, + "id": "08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/118da960-4987-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/118da960-4987-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..45eca0f1bde --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/118da960-4987-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Port and Transport [Logs Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port and Transport [Logs Cisco]", + "type": "pie" + } + }, + "id": "118da960-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/5d0322d0-4987-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/5d0322d0-4987-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..c474b445400 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/5d0322d0-4987-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Port and Transport [Logs Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Source Port and Transport [Logs Cisco]", + "type": "pie" + } + }, + "id": "5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..84c5fd1a8e7 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,126 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Flows by Network Bytes [Logs Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ] + }, + "title": "ASA Flows by Network Bytes [Logs Cisco]", + "type": "histogram" + } + }, + "id": "80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..44c1a7d41a2 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Events Over Time [Logs Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "ASA Events Over Time [Logs Cisco]", + "type": "histogram" + } + }, + "id": "a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/d05cdf60-498b-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/d05cdf60-498b-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..c8f6b0d1325 --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/d05cdf60-498b-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Firewall Blocked by Source [Logs Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Firewall Blocked by Source [Logs Cisco]", + "type": "table" + } + }, + "id": "d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/kibana/visualization/fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/dev/packages/beats/cisco/0.0.1/kibana/visualization/fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..b1c9d75ea3c --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/kibana/visualization/fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top ASA Messages [Logs Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "cisco.asa.message_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top ASA Messages [Logs Cisco]", + "type": "table" + } + }, + "id": "fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "14fce5e0-498f-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cisco/0.0.1/manifest.yml b/dev/packages/beats/cisco/0.0.1/manifest.yml new file mode 100644 index 00000000000..ae5541f94df --- /dev/null +++ b/dev/packages/beats/cisco/0.0.1/manifest.yml @@ -0,0 +1,34 @@ +format_version: 1.0.0 +name: cisco +title: Cisco +version: 0.0.1 +license: basic +description: Cisco Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-cisco-asa.png + title: kibana cisco asa + size: 1800x1559 + type: image/png +icons: +- src: /img/cisco.svg + title: cisco + size: 216x216 + type: image/svg+xml +datasources: +- name: cisco + title: Cisco logs + description: Collect logs from Cisco instances + inputs: + - type: logs + title: Collect logs from Cisco instances + description: Collecting Cisco asa, ftd and ios logs diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/agent/stream/stream.yml.hbs b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6a211272cf5 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/agent/stream/stream.yml.hbs @@ -0,0 +1,19 @@ +metricsets: ["container"] +{{#if api_address}} +api_address: {{api_address}} +{{/if}} +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +{{#if doppler_address}} +doppler_address: {{doppler_address}} +{{/if}} +{{#if rlp_address}} +rlp_address: {{rlp_address}} +{{/if}} +{{#if uaa_address}} +uaa_address: {{uaa_address}} +{{/if}} diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 00000000000..21bcb6eb2b1 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,28 @@ +- name: cloudfoundry.container + type: group + release: beta + fields: + - name: instance_index + type: long + description: | + Index of the instance the metric belongs to. + - name: cpu.pct + type: float + description: | + CPU usage percentage. + - name: memory.bytes + type: long + description: | + Bytes of used memory. + - name: memory.quota.bytes + type: long + description: | + Bytes of available memory. + - name: disk.bytes + type: long + description: | + Bytes of used storage. + - name: disk.quota.bytes + type: long + description: | + Bytes of available storage. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/package-fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/package-fields.yml new file mode 100644 index 00000000000..7bbcd5b0222 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/fields/package-fields.yml @@ -0,0 +1,14 @@ +- name: cloudfoundry + type: group + fields: + - name: type + type: keyword + description: | + The type of event from Cloud Foundry. Possible values include 'container', 'counter' and 'value'. + - name: app + type: group + fields: + - name: id + type: keyword + description: | + The ID of the application. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/manifest.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/manifest.yml new file mode 100644 index 00000000000..631c33396ed --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/container/manifest.yml @@ -0,0 +1,7 @@ +title: cloudfoundry container metrics +release: experimental +type: metrics +streams: +- input: cloudfoundry/metrics + title: cloudfoundry container metrics + description: Collect cloudfoundry container metrics diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/agent/stream/stream.yml.hbs b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9f3d0241900 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/agent/stream/stream.yml.hbs @@ -0,0 +1,19 @@ +metricsets: ["counter"] +{{#if api_address}} +api_address: {{api_address}} +{{/if}} +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +{{#if doppler_address}} +doppler_address: {{doppler_address}} +{{/if}} +{{#if rlp_address}} +rlp_address: {{rlp_address}} +{{/if}} +{{#if uaa_address}} +uaa_address: {{uaa_address}} +{{/if}} diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/fields.yml new file mode 100644 index 00000000000..822906a815a --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/fields.yml @@ -0,0 +1,16 @@ +- name: cloudfoundry.counter + type: group + release: beta + fields: + - name: name + type: keyword + description: | + The name of the counter. + - name: delta + type: long + description: | + The difference between the last time the counter event occurred. + - name: total + type: long + description: | + The total value for the counter. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/package-fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/package-fields.yml new file mode 100644 index 00000000000..7bbcd5b0222 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/fields/package-fields.yml @@ -0,0 +1,14 @@ +- name: cloudfoundry + type: group + fields: + - name: type + type: keyword + description: | + The type of event from Cloud Foundry. Possible values include 'container', 'counter' and 'value'. + - name: app + type: group + fields: + - name: id + type: keyword + description: | + The ID of the application. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/manifest.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/manifest.yml new file mode 100644 index 00000000000..0adf499fd19 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/counter/manifest.yml @@ -0,0 +1,7 @@ +title: cloudfoundry counter metrics +release: experimental +type: metrics +streams: +- input: cloudfoundry/metrics + title: cloudfoundry counter metrics + description: Collect cloudfoundry counter metrics diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/agent/stream/stream.yml.hbs b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f8f5e1c4f7a --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/agent/stream/stream.yml.hbs @@ -0,0 +1,19 @@ +metricsets: ["value"] +{{#if api_address}} +api_address: {{api_address}} +{{/if}} +{{#if client_id}} +client_id: {{client_id}} +{{/if}} +{{#if client_secret}} +client_secret: {{client_secret}} +{{/if}} +{{#if doppler_address}} +doppler_address: {{doppler_address}} +{{/if}} +{{#if rlp_address}} +rlp_address: {{rlp_address}} +{{/if}} +{{#if uaa_address}} +uaa_address: {{uaa_address}} +{{/if}} diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/fields.yml new file mode 100644 index 00000000000..5c1b8ab4260 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/fields.yml @@ -0,0 +1,16 @@ +- name: cloudfoundry.value + type: group + release: beta + fields: + - name: name + type: keyword + description: | + The name of the value. + - name: unit + type: keyword + description: | + The unit of the value. + - name: value + type: float + description: | + The value of the value. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/package-fields.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/package-fields.yml new file mode 100644 index 00000000000..7bbcd5b0222 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/fields/package-fields.yml @@ -0,0 +1,14 @@ +- name: cloudfoundry + type: group + fields: + - name: type + type: keyword + description: | + The type of event from Cloud Foundry. Possible values include 'container', 'counter' and 'value'. + - name: app + type: group + fields: + - name: id + type: keyword + description: | + The ID of the application. diff --git a/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/manifest.yml b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/manifest.yml new file mode 100644 index 00000000000..da1c5cda43e --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/dataset/value/manifest.yml @@ -0,0 +1,7 @@ +title: cloudfoundry value metrics +release: experimental +type: metrics +streams: +- input: cloudfoundry/metrics + title: cloudfoundry value metrics + description: Collect cloudfoundry value metrics diff --git a/dev/packages/beats/cloudfoundry/0.0.1/docs/README.md b/dev/packages/beats/cloudfoundry/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/cloudfoundry/0.0.1/manifest.yml b/dev/packages/beats/cloudfoundry/0.0.1/manifest.yml new file mode 100644 index 00000000000..7a7fb7f8712 --- /dev/null +++ b/dev/packages/beats/cloudfoundry/0.0.1/manifest.yml @@ -0,0 +1,65 @@ +format_version: 1.0.0 +name: cloudfoundry +title: cloudfoundry +version: 0.0.1 +license: basic +description: cloudfoundry Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: cloudfoundry + title: cloudfoundry metrics + description: Collect metrics from cloudfoundry instances + inputs: + - type: cloudfoundry/metrics + vars: + - name: api_address + type: text + title: Api Address + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_API_ADDRESS:""} + - name: client_id + type: text + title: Client Id + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_CLIENT_ID:""} + - name: client_secret + type: text + title: Client Secret + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_CLIENT_SECRET:""} + - name: doppler_address + type: text + title: Doppler Address + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_DOPPLER_ADDRESS:""} + - name: rlp_address + type: text + title: Rlp Address + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_RLP_ADDRESS:""} + - name: uaa_address + type: text + title: Uaa Address + multi: false + required: true + show_user: true + default: ${CLOUDFOUNDRY_UAA_ADDRESS:""} + title: Collect metrics from cloudfoundry instances + description: Collecting cloudfoundry container, counter and value metrics diff --git a/dev/packages/beats/cockroachdb/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..576a3ad4b99 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["status"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..7117d2dd416 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,3 @@ +- name: cockroachdb. + type: keyword + release: beta diff --git a/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..79101579b8d --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: cockroachdb + type: group diff --git a/dev/packages/beats/cockroachdb/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..9e1ae47f35a --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,15 @@ +title: CockroachDB status metrics +release: experimental +type: metrics +streams: +- input: cockroachdb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: CockroachDB status metrics + description: Collect CockroachDB status metrics diff --git a/dev/packages/beats/cockroachdb/0.0.1/docs/README.md b/dev/packages/beats/cockroachdb/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/img/cockroachdb.svg b/dev/packages/beats/cockroachdb/0.0.1/img/cockroachdb.svg new file mode 100644 index 00000000000..08a4bdabb38 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/img/cockroachdb.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/img/metricbeat-cockroachdb-overview.png b/dev/packages/beats/cockroachdb/0.0.1/img/metricbeat-cockroachdb-overview.png new file mode 100644 index 00000000000..4b3020d91d5 Binary files /dev/null and b/dev/packages/beats/cockroachdb/0.0.1/img/metricbeat-cockroachdb-overview.png differ diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/dashboard/e3ba0c30-9766-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/dashboard/e3ba0c30-9766-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..2a77ed6fda3 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/dashboard/e3ba0c30-9766-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,161 @@ +{ + "attributes": { + "description": "Overview of the CockroachDB server status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Number of SQL connections", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "SQL queries", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "3", + "w": 16, + "x": 16, + "y": 11 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Replicas per Store", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "4", + "w": 16, + "x": 32, + "y": 11 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Replica leaseholders", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "5", + "w": 16, + "x": 0, + "y": 11 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Ranges", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Average log commit latency", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "7", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Average command commit latency", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics CockroachDB] Overview", + "version": 1 + }, + "id": "e3ba0c30-9766-11e9-9eea-6f554992ec1f", + "references": [ + { + "id": "79691920-9766-11e9-9eea-6f554992ec1f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5073ed20-9760-11e9-9eea-6f554992ec1f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bad285b0-9769-11e9-9eea-6f554992ec1f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "8add0960-976a-11e9-9eea-6f554992ec1f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "2af19b90-976c-11e9-9eea-6f554992ec1f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "74cf44b0-9771-11e9-9eea-6f554992ec1f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "b5ab45b0-9771-11e9-9eea-6f554992ec1f", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/2af19b90-976c-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/2af19b90-976c-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..7293ed662cd --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/2af19b90-976c-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Ranges [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": "0", + "formatter": "number", + "id": "e4489e50-976b-11e9-b3d5-07b0ab7d6354", + "label": "Underreplicated", + "line_width": "2", + "metrics": [ + { + "field": "prometheus.metrics.ranges_underreplicated", + "id": "e4489e51-976b-11e9-b3d5-07b0ab7d6354", + "type": "max" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": null + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0", + "formatter": "number", + "id": "c938f9c0-976b-11e9-b3d5-07b0ab7d6354", + "label": "Overreplicated", + "line_width": "2", + "metrics": [ + { + "field": "prometheus.metrics.ranges_overreplicated", + "id": "c938f9c1-976b-11e9-b3d5-07b0ab7d6354", + "type": "max" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": null + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "id": "0ed1bf80-976c-11e9-b3d5-07b0ab7d6354", + "label": "Unavailable", + "line_width": "2", + "metrics": [ + { + "field": "prometheus.metrics.ranges_unavailable", + "id": "0ed1bf81-976c-11e9-b3d5-07b0ab7d6354", + "type": "max" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": null + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(204,204,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ranges", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": null + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Ranges [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "2af19b90-976c-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/5073ed20-9760-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/5073ed20-9760-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..29f6d88c192 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/5073ed20-9760-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,184 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SQL queries [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "88d6bda0-9760-11e9-b3d5-07b0ab7d6354", + "label": "Selects", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.sql_select_count", + "id": "88d70bc0-9760-11e9-b3d5-07b0ab7d6354", + "type": "sum" + }, + { + "field": "88d70bc0-9760-11e9-b3d5-07b0ab7d6354", + "id": "658d2990-9762-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "658d2990-9762-11e9-b3d5-07b0ab7d6354", + "function": "sum", + "id": "ec698bc0-9762-11e9-b3d5-07b0ab7d6354", + "sigma": "", + "type": "positive_only" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked", + "terms_field": "service.address", + "terms_order_by": "88d70bc0-9760-11e9-b3d5-07b0ab7d6354" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "02d89100-9761-11e9-b3d5-07b0ab7d6354", + "label": "Inserts", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.sql_insert_count", + "id": "02d89101-9761-11e9-b3d5-07b0ab7d6354", + "type": "sum" + }, + { + "field": "02d89101-9761-11e9-b3d5-07b0ab7d6354", + "id": "74eba420-9762-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "74eba420-9762-11e9-b3d5-07b0ab7d6354", + "id": "54cb8aa0-9764-11e9-b3d5-07b0ab7d6354", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Updates", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.sql_update_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "9aa7ace0-9762-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "9aa7ace0-9762-11e9-b3d5-07b0ab7d6354", + "id": "939af2c0-9764-11e9-b3d5-07b0ab7d6354", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked", + "terms_field": "service.address" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "03f6d240-9761-11e9-b3d5-07b0ab7d6354", + "label": "Deletes", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.sql_delete_count", + "id": "03f6d241-9761-11e9-b3d5-07b0ab7d6354", + "type": "sum" + }, + { + "field": "03f6d241-9761-11e9-b3d5-07b0ab7d6354", + "id": "a3ed7c30-9762-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "a3ed7c30-9762-11e9-b3d5-07b0ab7d6354", + "id": "a13994e0-9764-11e9-b3d5-07b0ab7d6354", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SQL queries [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "5073ed20-9760-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/74cf44b0-9771-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/74cf44b0-9771-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..6760e3d22b5 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/74cf44b0-9771-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,103 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Log commit latency [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "filter": "", + "formatter": "ns,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average log commit latency", + "line_width": 1, + "metrics": [ + { + "agg_with": "avg", + "field": "prometheus.metrics.raft_process_logcommit_latency_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "order": "desc", + "size": 1, + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4346d3b0-976f-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "prometheus.metrics.raft_process_logcommit_latency_sum", + "id": "4a430120-976f-11e9-b3d5-07b0ab7d6354", + "type": "max", + "unit": "" + }, + { + "field": "4a430120-976f-11e9-b3d5-07b0ab7d6354", + "id": "581519e0-9770-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "id": "6574b730-9770-11e9-b3d5-07b0ab7d6354", + "script": "params.sum / params.count", + "type": "calculation", + "variables": [ + { + "field": "581519e0-9770-11e9-b3d5-07b0ab7d6354", + "id": "6fbb54b0-9770-11e9-b3d5-07b0ab7d6354", + "name": "sum" + }, + { + "field": "4346d3b0-976f-11e9-b3d5-07b0ab7d6354", + "id": "76cc90c0-9770-11e9-b3d5-07b0ab7d6354", + "name": "count" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "service.address", + "value_template": "{{value}}ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Log commit latency [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "74cf44b0-9771-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/79691920-9766-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/79691920-9766-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..824cfa11c80 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/79691920-9766-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of SQL connections [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of connections", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.sql_conns", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "stacked", + "terms_direction": "desc", + "terms_field": "service.address", + "terms_order_by": "_count" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of SQL connections [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "79691920-9766-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/8add0960-976a-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/8add0960-976a-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..0386a5215f3 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/8add0960-976a-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Replica leaseholders [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Replica leaseholders per store", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.replicas_leaseholders", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "service.address" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Replica leaseholders [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "8add0960-976a-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/b5ab45b0-9771-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/b5ab45b0-9771-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..e0bba0a9746 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/b5ab45b0-9771-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,103 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Command commit latency [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "filter": "", + "formatter": "ns,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average command commit latency", + "line_width": 1, + "metrics": [ + { + "agg_with": "avg", + "field": "prometheus.metrics.raft_process_commandcommit_latency_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "order": "desc", + "size": 1, + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "4346d3b0-976f-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "field": "prometheus.metrics.raft_process_commandcommit_latency_sum", + "id": "4a430120-976f-11e9-b3d5-07b0ab7d6354", + "type": "max", + "unit": "" + }, + { + "field": "4a430120-976f-11e9-b3d5-07b0ab7d6354", + "id": "581519e0-9770-11e9-b3d5-07b0ab7d6354", + "type": "derivative", + "unit": "" + }, + { + "id": "6574b730-9770-11e9-b3d5-07b0ab7d6354", + "script": "params.sum / params.count", + "type": "calculation", + "variables": [ + { + "field": "581519e0-9770-11e9-b3d5-07b0ab7d6354", + "id": "6fbb54b0-9770-11e9-b3d5-07b0ab7d6354", + "name": "sum" + }, + { + "field": "4346d3b0-976f-11e9-b3d5-07b0ab7d6354", + "id": "76cc90c0-9770-11e9-b3d5-07b0ab7d6354", + "name": "count" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "service.address", + "value_template": "{{value}}ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Command commit latency [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "b5ab45b0-9771-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/bad285b0-9769-11e9-9eea-6f554992ec1f.json b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/bad285b0-9769-11e9-9eea-6f554992ec1f.json new file mode 100644 index 00000000000..b5a62ed222b --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/kibana/visualization/bad285b0-9769-11e9-9eea-6f554992ec1f.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Replicas per Store [Metrics CockroachDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Replicas per store", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.replicas", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "stacked", + "terms_direction": "desc", + "terms_field": "service.address", + "terms_order_by": "_count" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Replicas per Store [Metrics CockroachDB]", + "type": "metrics" + } + }, + "id": "bad285b0-9769-11e9-9eea-6f554992ec1f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/cockroachdb/0.0.1/manifest.yml b/dev/packages/beats/cockroachdb/0.0.1/manifest.yml new file mode 100644 index 00000000000..6ecacf42201 --- /dev/null +++ b/dev/packages/beats/cockroachdb/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: cockroachdb +title: CockroachDB +version: 0.0.1 +license: basic +description: CockroachDB Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-cockroachdb-overview.png + title: metricbeat cockroachdb overview + size: 1383x853 + type: image/png +icons: +- src: /img/cockroachdb.svg + title: cockroachdb + size: 35x35 + type: image/svg+xml +datasources: +- name: cockroachdb + title: CockroachDB metrics + description: Collect metrics from CockroachDB instances + inputs: + - type: cockroachdb/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8080 + title: Collect metrics from CockroachDB instances + description: Collecting CockroachDB status metrics diff --git a/dev/packages/beats/consul/0.0.1/dataset/agent/agent/stream/stream.yml.hbs b/dev/packages/beats/consul/0.0.1/dataset/agent/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5733bf08533 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/dataset/agent/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["agent"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/consul/0.0.1/dataset/agent/fields/fields.yml b/dev/packages/beats/consul/0.0.1/dataset/agent/fields/fields.yml new file mode 100644 index 00000000000..d00537603ae --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/dataset/agent/fields/fields.yml @@ -0,0 +1,59 @@ +- name: consul.agent + type: group + release: beta + fields: + - name: autopilot + type: group + fields: + - name: healthy + type: boolean + description: Overall health of the local server cluster + - name: runtime + type: group + fields: + - name: sys + type: group + fields: + - name: bytes + type: long + description: Number of bytes of memory obtained from the OS. + - name: malloc_count + type: long + description: Heap objects allocated + - name: heap_objects + type: long + description: Objects allocated on the heap and is a general memory pressure + indicator. This may burst from time to time but should return to a steady + state value. + - name: goroutines + type: long + description: Running goroutines and is a general load pressure indicator. This + may burst from time to time but should return to a steady state value. + - name: alloc + type: group + fields: + - name: bytes + type: long + description: Bytes allocated by the Consul process. + - name: garbage_collector + type: group + fields: + - name: runs + type: long + description: Garbage collector total executions + - name: pause + type: group + fields: + - name: current + type: group + fields: + - name: ns + type: long + description: Garbage collector pause time in nanoseconds + - name: total + type: group + fields: + - name: ns + type: long + description: Nanoseconds consumed by stop-the-world garbage collection + pauses since Consul started. diff --git a/dev/packages/beats/consul/0.0.1/dataset/agent/fields/package-fields.yml b/dev/packages/beats/consul/0.0.1/dataset/agent/fields/package-fields.yml new file mode 100644 index 00000000000..03593de0df5 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/dataset/agent/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: consul + type: group diff --git a/dev/packages/beats/consul/0.0.1/dataset/agent/manifest.yml b/dev/packages/beats/consul/0.0.1/dataset/agent/manifest.yml new file mode 100644 index 00000000000..7bf4e32f9f6 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/dataset/agent/manifest.yml @@ -0,0 +1,15 @@ +title: consul agent metrics +release: experimental +type: metrics +streams: +- input: consul/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: consul agent metrics + description: Collect consul agent metrics diff --git a/dev/packages/beats/consul/0.0.1/docs/README.md b/dev/packages/beats/consul/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/img/consul.svg b/dev/packages/beats/consul/0.0.1/img/consul.svg new file mode 100644 index 00000000000..5ef8feaded6 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/img/consul.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/img/metricbeat-consul.png b/dev/packages/beats/consul/0.0.1/img/metricbeat-consul.png new file mode 100644 index 00000000000..90aaa7477e8 Binary files /dev/null and b/dev/packages/beats/consul/0.0.1/img/metricbeat-consul.png differ diff --git a/dev/packages/beats/consul/0.0.1/kibana/dashboard/6d0cf140-2deb-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/dashboard/6d0cf140-2deb-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..64e8570df61 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/dashboard/6d0cf140-2deb-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,180 @@ +{ + "attributes": { + "description": "Overview of Consul", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Garbage Collector stats", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 16, + "x": 15, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Goroutines", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Bytes Allocated", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 17, + "x": 31, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Heap Objects", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 15, + "x": 0, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Bytes of memory obtained from the OS", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 16, + "x": 31, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Malloc count", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 14, + "x": 0, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Garbage Collector pause ms", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 17, + "x": 14, + "y": 30 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Garbage Collector Runs", + "version": "7.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Metrics Consul] Overview", + "version": 1 + }, + "id": "6d0cf140-2deb-11e9-bf7e-f35bf5d2e71b", + "references": [ + { + "id": "dda0c950-2dea-11e9-bf7e-f35bf5d2e71b", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ea842730-2de9-11e9-bf7e-f35bf5d2e71b", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "6c39d4b0-2de9-11e9-bf7e-f35bf5d2e71b", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "37c75bc0-2dea-11e9-bf7e-f35bf5d2e71b", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "69b29820-2dea-11e9-bf7e-f35bf5d2e71b", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "8ab67000-2dea-11e9-bf7e-f35bf5d2e71b", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d275dbc0-2de9-11e9-bf7e-f35bf5d2e71b", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "1e97c1d0-2dea-11e9-bf7e-f35bf5d2e71b", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/1e97c1d0-2dea-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/1e97c1d0-2dea-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..9ccf626414c --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/1e97c1d0-2dea-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Garbage Collector Runs [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Garbage Collector Runs", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.garbage_collector.runs", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "ffaa1fc0-2de9-11e9-83ed-b7c793d35de5", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 1 + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Garbage Collector Runs [Metrics Consul]", + "type": "metrics" + } + }, + "id": "1e97c1d0-2dea-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/37c75bc0-2dea-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/37c75bc0-2dea-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..b98fa781d72 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/37c75bc0-2dea-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Heap Objects [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Heap Objects", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.heap_objects", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Heap Objects [Metrics Consul]", + "type": "metrics" + } + }, + "id": "37c75bc0-2dea-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/69b29820-2dea-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/69b29820-2dea-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..a087cc5097e --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/69b29820-2dea-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Bytes of memory obtained from the OS [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Bytes of memory obtained from the OS", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.sys.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Bytes of memory obtained from the OS [Metrics Consul]", + "type": "metrics" + } + }, + "id": "69b29820-2dea-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/6c39d4b0-2de9-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/6c39d4b0-2de9-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..a6b338fe56f --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/6c39d4b0-2de9-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Bytes Allocated [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Bytes allocated", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.alloc.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Bytes Allocated [Metrics Consul]", + "type": "metrics" + } + }, + "id": "6c39d4b0-2de9-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/8ab67000-2dea-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/8ab67000-2dea-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..1e1700b722d --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/8ab67000-2dea-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Malloc count [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Malloc Count", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.malloc_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "7a6e0aa0-2dea-11e9-83ed-b7c793d35de5", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Malloc count [Metrics Consul]", + "type": "metrics" + } + }, + "id": "8ab67000-2dea-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/d275dbc0-2de9-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/d275dbc0-2de9-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..12d18bbc5a9 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/d275dbc0-2de9-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Garbage Collector pause ms [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "ns,ms,4", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Garbage Collector pause", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.garbage_collector.pause.current.ns", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Garbage Collector pause ms [Metrics Consul]", + "type": "metrics" + } + }, + "id": "d275dbc0-2de9-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/dda0c950-2dea-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/dda0c950-2dea-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..8c57a09b770 --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/dda0c950-2dea-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Garbage Collector stats [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "ns,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Pause time", + "line_width": "1", + "metrics": [ + { + "field": "consul.agent.runtime.garbage_collector.pause.current.ns", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} ms" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(115,216,255,1)", + "fill": "0.5", + "formatter": "number", + "id": "9728a010-2dea-11e9-83ed-b7c793d35de5", + "label": "Runs", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.garbage_collector.runs", + "id": "9728a011-2dea-11e9-83ed-b7c793d35de5", + "type": "sum" + }, + { + "field": "9728a011-2dea-11e9-83ed-b7c793d35de5", + "id": "9ed22480-2dea-11e9-83ed-b7c793d35de5", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 1 + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Garbage Collector stats [Metrics Consul]", + "type": "metrics" + } + }, + "id": "dda0c950-2dea-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/kibana/visualization/ea842730-2de9-11e9-bf7e-f35bf5d2e71b.json b/dev/packages/beats/consul/0.0.1/kibana/visualization/ea842730-2de9-11e9-bf7e-f35bf5d2e71b.json new file mode 100644 index 00000000000..85f1ad76ecd --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/kibana/visualization/ea842730-2de9-11e9-bf7e-f35bf5d2e71b.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Goroutines [Metrics Consul]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Goroutines", + "line_width": 1, + "metrics": [ + { + "field": "consul.agent.runtime.goroutines", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Goroutines [Metrics Consul]", + "type": "metrics" + } + }, + "id": "ea842730-2de9-11e9-bf7e-f35bf5d2e71b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/consul/0.0.1/manifest.yml b/dev/packages/beats/consul/0.0.1/manifest.yml new file mode 100644 index 00000000000..04e57cde29e --- /dev/null +++ b/dev/packages/beats/consul/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: consul +title: consul +version: 0.0.1 +license: basic +description: consul Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-SNAPSHOT <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-consul.png + title: metricbeat consul + size: 3840x2016 + type: image/png +icons: +- src: /img/consul.svg + title: consul + size: 250x250 + type: image/svg+xml +datasources: +- name: consul + title: consul metrics + description: Collect metrics from consul instances + inputs: + - type: consul/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8500 + title: Collect metrics from consul instances + description: Collecting consul agent metrics diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/coredns/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..7a80cff0521 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,6 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: {{tags}} +processors: \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..10d7128c22e --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,113 @@ +--- +description: Pipeline for normalizing Kubernetes CoreDNS logs. +processors: + - pipeline: + if: ctx.message.charAt(0) == (char)("{") + name: '{{ IngestPipeline "pipeline-json" }}' + - pipeline: + if: ctx.message.charAt(0) != (char)("{") + name: '{{ IngestPipeline "pipeline-plaintext" }}' + - script: + lang: painless + source: > + ctx.event.created = ctx['@timestamp']; + ctx['@timestamp'] = ctx['timestamp']; + ctx.remove('timestamp'); + ignore_failure: true + - script: + lang: painless + if: ctx.temp?.source != null + source: > + ctx['source'] = new HashMap(); + if (ctx.temp.source.charAt(0) == (char)("[")) { + def p = ctx.temp.source.indexOf (']'); + def l = ctx.temp.source.length(); + ctx.source.address = ctx.temp.source.substring(1, p); + ctx.source.port = ctx.temp.source.substring(p+2, l); + } else { + def p = ctx.temp.source.indexOf(':'); + def l = ctx.temp.source.length(); + ctx.source.address = ctx.temp.source.substring(0, p); + ctx.source.port = ctx.temp.source.substring(p+1, l); + } + ctx.remove('temp'); + - set: + field: source.ip + value: "{{source.address}}" + if: ctx.source?.address != null + - convert: + field: source.port + type: integer + - convert: + field: coredns.duration + type: double + - convert: + field: coredns.query.size + type: long + - convert: + field: coredns.response.size + type: long + - convert: + field: coredns.dnssec_ok + type: boolean + - uppercase: + field: dns.header_flags + - split: + field: dns.header_flags + separator: "," + - append: + if: ctx.coredns?.dnssec_ok + field: dns.header_flags + value: DO + - script: + lang: painless + source: ctx.event.duration = Math.round(ctx.coredns.duration * params.scale); + params: + scale: 1000000000 + if: ctx.coredns?.duration != null + - remove: + field: + - coredns.duration + ignore_missing: true + # The following copies values from dns namespace (ECS) to the coredns + # namespace to avoid introducing breaking change. This should be removed + # for 8.0.0. Additionally coredns.dnssec_ok can be removed. + - set: + if: ctx.dns?.id != null + field: coredns.id + value: '{{dns.id}}' + - set: + if: ctx.dns?.question?.class != null + field: coredns.query.class + value: '{{dns.question.class}}' + - set: + if: ctx.dns?.question?.name != null + field: coredns.query.name + value: '{{dns.question.name}}' + - set: + if: ctx.dns?.question?.type != null + field: coredns.query.type + value: '{{dns.question.type}}' + - set: + if: ctx.dns?.response_code != null + field: coredns.response.code + value: '{{dns.response_code}}' + - script: + if: ctx.dns?.header_flags != null + lang: painless + source: > + ctx.coredns.response.flags = ctx.dns.header_flags; + # Right trim the trailing dot from domain names. + - script: + if: ctx.dns?.question?.name != null + lang: painless + source: > + def q = ctx.dns.question.name; + def end = q.length() - 1; + if (q.charAt(end) == (char) '.') { + ctx.dns.question.name = q.substring(0, end); + } +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.yml b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.yml new file mode 100644 index 00000000000..0b89ab35252 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.yml @@ -0,0 +1,32 @@ +--- +description: Pipeline for dissecting CoreDNS JSON logs. +processors: + - rename: + field: message + target_field: event.original + ignore_failure: true + - json: + field: event.original + target_field: json + - dissect: + field: json.message + pattern: '%{timestamp} [%{log.level}] %{temp.source} - %{dns.id} "%{dns.question.type} + %{dns.question.class} %{dns.question.name} %{network.transport} %{coredns.query.size} + %{coredns.dnssec_ok} %{?bufsize}" %{dns.response_code} %{dns.header_flags} + %{coredns.response.size} %{coredns.duration}s' + - rename: + field: json.message + target_field: message + ignore_failure: true + - rename: + field: json.kubernetes + target_field: kubernetes + ignore_failure: true + - remove: + field: + - json + ignore_failure: true +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.yml b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.yml new file mode 100644 index 00000000000..fcec1fffdc1 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.yml @@ -0,0 +1,13 @@ +--- +description: Pipeline for dissecting CoreDNS plaintext logs. +processors: + - dissect: + field: message + pattern: '%{timestamp} [%{log.level}] %{temp.source} - %{dns.id} "%{dns.question.type} + %{dns.question.class} %{dns.question.name} %{network.transport} %{coredns.query.size} + %{coredns.dnssec_ok} %{?bufsize}" %{dns.response_code} %{dns.header_flags} + %{coredns.response.size} %{coredns.duration}s' +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/coredns/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..f900d83f963 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,41 @@ +- name: coredns + type: group + fields: + - name: id + type: keyword + description: | + id of the DNS transaction + - name: query.size + type: integer + format: bytes + description: | + size of the DNS query + - name: query.class + type: keyword + description: | + DNS query class + - name: query.name + type: keyword + description: | + DNS query name + - name: query.type + type: keyword + description: | + DNS query type + - name: response.code + type: keyword + description: | + DNS response code + - name: response.flags + type: keyword + description: | + DNS response flags + - name: response.size + type: integer + format: bytes + description: | + size of the DNS response + - name: dnssec_ok + type: boolean + description: | + dnssec flag diff --git a/dev/packages/beats/coredns/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/coredns/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..f282e37ec7c --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,17 @@ +title: Coredns log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/coredns.log + template_path: log.yml.hbs + title: Coredns log logs (log) + description: Collect Coredns log logs using log input diff --git a/dev/packages/beats/coredns/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/coredns/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..4dee95a2785 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,93 @@ +- name: coredns.stats + type: group + release: ga + fields: + - name: panic.count + type: long + description: | + Total number of panics + - name: dns.request.count + type: long + description: | + Total query count + - name: dns.request.duration.ns.bucket.* + type: object + description: | + Request duration histogram buckets in nanoseconds + - name: dns.request.duration.ns.sum + type: long + format: duration + description: | + Requests duration, sum of durations in nanoseconds + - name: dns.request.duration.ns.count + type: long + description: | + Requests duration, number of requests + - name: dns.request.size.bytes.bucket.* + type: object + description: | + Request Size histogram buckets + - name: dns.request.size.bytes.sum + type: long + description: | + Request Size histogram sum + - name: dns.request.size.bytes.count + type: long + description: | + Request Size histogram count + - name: dns.request.do.count + type: long + description: | + Number of queries that have the DO bit set + - name: dns.request.type.count + type: long + description: | + Counter of queries per zone and type + - name: type + type: keyword + description: | + Holds the query type of the request + - name: dns.response.rcode.count + type: long + description: | + Counter of responses per zone and rcode + - name: rcode + type: keyword + description: | + Holds the rcode of the response + - name: family + type: keyword + description: | + The address family of the transport (1 = IP (IP version 4), 2 = IP6 (IP version 6)) + - name: dns.response.size.bytes.bucket.* + type: object + description: | + Response Size histogram buckets + - name: dns.response.size.bytes.sum + type: long + description: | + Response Size histogram sum + - name: dns.response.size.bytes.count + type: long + description: | + Response Size histogram count + - name: server + type: keyword + description: | + The server responsible for the request + - name: zone + type: keyword + description: | + The zonename used for the request/response + - name: proto + type: keyword + description: | + The transport of the response ("udp" or "tcp") + - name: dns.cache.hits.count + type: long + description: | + Cache hits count for the cache plugin + - name: dns.cache.misses.count + type: long + description: | + Cache misses count for the cache plugin diff --git a/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..05395bf3d61 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: coredns + type: group diff --git a/dev/packages/beats/coredns/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/coredns/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..2fabdabc979 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: coredns stats metrics +release: experimental +type: metrics +streams: +- input: coredns/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: coredns stats metrics + description: Collect coredns stats metrics diff --git a/dev/packages/beats/coredns/0.0.1/docs/README.md b/dev/packages/beats/coredns/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/img/coredns.svg b/dev/packages/beats/coredns/0.0.1/img/coredns.svg new file mode 100644 index 00000000000..e38616a15a1 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/img/coredns.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/img/kibana-coredns.jpg b/dev/packages/beats/coredns/0.0.1/img/kibana-coredns.jpg new file mode 100644 index 00000000000..70921fa9baf Binary files /dev/null and b/dev/packages/beats/coredns/0.0.1/img/kibana-coredns.jpg differ diff --git a/dev/packages/beats/coredns/0.0.1/img/metricbeat_coredns_dashboard.png b/dev/packages/beats/coredns/0.0.1/img/metricbeat_coredns_dashboard.png new file mode 100644 index 00000000000..c30d35d0cca Binary files /dev/null and b/dev/packages/beats/coredns/0.0.1/img/metricbeat_coredns_dashboard.png differ diff --git a/dev/packages/beats/coredns/0.0.1/kibana/dashboard/53aa1f70-443e-11e9-8548-ab7fbe04f038.json b/dev/packages/beats/coredns/0.0.1/kibana/dashboard/53aa1f70-443e-11e9-8548-ab7fbe04f038.json new file mode 100644 index 00000000000..c7b213db286 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/dashboard/53aa1f70-443e-11e9-8548-ab7fbe04f038.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "description": "Overview of CoreDNS", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "1", + "w": 41, + "x": 4, + "y": 7 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "2", + "w": 20, + "x": 4, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "3", + "w": 21, + "x": 24, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "4", + "w": 41, + "x": 4, + "y": 21 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs CoreDNS] Overview", + "version": 1 + }, + "id": "53aa1f70-443e-11e9-8548-ab7fbe04f038", + "references": [ + { + "id": "3ad75810-4429-11e9-8548-ab7fbe04f038", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "9dc640e0-4432-11e9-8548-ab7fbe04f038", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "75743f70-443c-11e9-8548-ab7fbe04f038", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cfde7fb0-443d-11e9-8548-ab7fbe04f038", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/dashboard/Metricbeat-CoreDNS-Dashboard-ecs.json b/dev/packages/beats/coredns/0.0.1/kibana/dashboard/Metricbeat-CoreDNS-Dashboard-ecs.json new file mode 100644 index 00000000000..f9f3341b75f --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/dashboard/Metricbeat-CoreDNS-Dashboard-ecs.json @@ -0,0 +1,187 @@ +{ + "attributes": { + "description": "Overview of CoreDNS server metrics.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "2", + "w": 14, + "x": 10, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "NXDOMAIN": "#99440A" + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 19, + "x": 24, + "y": 25 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "10", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "10", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "tcp - 1": "#B7DBAB", + "udp - 1": "#5195CE" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 10, + "i": "11", + "w": 19, + "x": 24, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "12", + "w": 19, + "x": 24, + "y": 10 + }, + "panelIndex": "12", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "15", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "15", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "16", + "w": 24, + "x": 0, + "y": 25 + }, + "panelIndex": "16", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics CoreDNS] Overview ECS", + "version": 1 + }, + "id": "Metrics-CoreDNS-Dashboard-ecs", + "references": [ + { + "id": "36e08510-53c4-11e9-b466-9be470bbd327-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "a19df590-53c4-11e9-b466-9be470bbd327-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "27da53f0-53d5-11e9-b466-9be470bbd327-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "277fc650-67a9-11e9-a534-715561d0bf42", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "86177430-728d-11e9-b0d0-414c3011ddbb", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "a58345f0-7298-11e9-b0d0-414c3011ddbb", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "57c74300-7308-11e9-b0d0-414c3011ddbb", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "4804eaa0-7315-11e9-b0d0-414c3011ddbb", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/277fc650-67a9-11e9-a534-715561d0bf42.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/277fc650-67a9-11e9-a534-715561d0bf42.json new file mode 100644 index 00000000000..e8f63dd3609 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/277fc650-67a9-11e9-a534-715561d0bf42.json @@ -0,0 +1,200 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": " Cache Hits, Misses [Metrics CoreDNS] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Average coredns.stats.dns.cache.misses.count": "#E24D42", + "Hits": "#9AC48A", + "Misses": "#EA6460" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hits", + "field": "coredns.stats.dns.cache.hits.count" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 0, + "timeRange": { + "from": "now-30m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Misses", + "field": "coredns.stats.dns.cache.misses.count" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "server", + "field": "coredns.stats.server", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Hits" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Misses" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Hits" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Misses" + }, + "type": "value" + } + ] + }, + "title": " Cache Hits, Misses [Metrics CoreDNS] ECS", + "type": "line" + } + }, + "id": "277fc650-67a9-11e9-a534-715561d0bf42", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/27da53f0-53d5-11e9-b466-9be470bbd327-ecs.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/27da53f0-53d5-11e9-b466-9be470bbd327-ecs.json new file mode 100644 index 00000000000..9397386b9f4 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/27da53f0-53d5-11e9-b466-9be470bbd327-ecs.json @@ -0,0 +1,181 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Responses by Rcode [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Response per rcode", + "field": "coredns.stats.dns.response.rcode.count" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "server", + "field": "coredns.stats.server", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "coredns.stats.rcode", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "coredns.stats.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Response per rcode" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 1, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Response per rcode" + }, + "type": "value" + } + ] + }, + "title": "Responses by Rcode [Metrics CoreDNS] ECS", + "type": "line" + } + }, + "id": "27da53f0-53d5-11e9-b466-9be470bbd327-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/36e08510-53c4-11e9-b466-9be470bbd327-ecs.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/36e08510-53c4-11e9-b466-9be470bbd327-ecs.json new file mode 100644 index 00000000000..07862e02102 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/36e08510-53c4-11e9-b466-9be470bbd327-ecs.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "coredns.stats.panic.count" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "coredns.stats.panic.count", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Panic Count [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "coredns.stats.panic.count", + "percents": [ + 100 + ] + }, + "schema": "metric", + "type": "percentiles" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Panic Count [Metrics CoreDNS] ECS", + "type": "metric" + } + }, + "id": "36e08510-53c4-11e9-b466-9be470bbd327-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/3ad75810-4429-11e9-8548-ab7fbe04f038.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/3ad75810-4429-11e9-8548-ab7fbe04f038.json new file mode 100644 index 00000000000..a806da38ded --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/3ad75810-4429-11e9-8548-ab7fbe04f038.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Domains [Logs CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "coredns.query.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Domains [Logs CoreDNS]", + "type": "tagcloud" + } + }, + "id": "3ad75810-4429-11e9-8548-ab7fbe04f038", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/4804eaa0-7315-11e9-b0d0-414c3011ddbb.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/4804eaa0-7315-11e9-b0d0-414c3011ddbb.json new file mode 100644 index 00000000000..7fc3a4a61f9 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/4804eaa0-7315-11e9-b0d0-414c3011ddbb.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Avg Request Size (cumulative) [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(228,155,238,1)", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Avg Request Size (bytes)", + "line_width": 1, + "metrics": [ + { + "field": "coredns.stats.dns.request.size.bytes.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "coredns.stats.dns.request.size.bytes.count", + "id": "98fe65e0-7314-11e9-8e06-d9a616f1e6f2", + "type": "sum" + }, + { + "id": "ab81ee30-7314-11e9-8e06-d9a616f1e6f2", + "script": "params.sum / params.count", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "aeed53c0-7314-11e9-8e06-d9a616f1e6f2", + "name": "sum" + }, + { + "field": "98fe65e0-7314-11e9-8e06-d9a616f1e6f2", + "id": "b84dd700-7314-11e9-8e06-d9a616f1e6f2", + "name": "count" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "coredns.stats.zone", + "value_template": "{{value}} bytes" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Avg Request Size (cumulative) [Metrics CoreDNS] ECS", + "type": "metrics" + } + }, + "id": "4804eaa0-7315-11e9-b0d0-414c3011ddbb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/57c74300-7308-11e9-b0d0-414c3011ddbb.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/57c74300-7308-11e9-b0d0-414c3011ddbb.json new file mode 100644 index 00000000000..7c5f5fd6a6e --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/57c74300-7308-11e9-b0d0-414c3011ddbb.json @@ -0,0 +1,108 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Avg Request Duration (cumulative) [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Avg Request Duration (ms)", + "line_width": 1, + "metrics": [ + { + "agg_with": "max", + "field": "coredns.stats.dns.request.duration.ns.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "sum" + }, + { + "agg_with": "max", + "field": "coredns.stats.dns.request.duration.ns.count", + "id": "f6c82d30-7307-11e9-aba0-4f43d70788c6", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "sum" + }, + { + "id": "1d9de350-7308-11e9-aba0-4f43d70788c6", + "script": "params.sum / params.count / 1e6", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "20eee310-7308-11e9-aba0-4f43d70788c6", + "name": "sum" + }, + { + "field": "f6c82d30-7307-11e9-aba0-4f43d70788c6", + "id": "2e4139f0-7308-11e9-aba0-4f43d70788c6", + "name": "count" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "lucene", + "query": "" + }, + "id": "505e0670-7309-11e9-aba0-4f43d70788c6", + "label": "" + } + ], + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "coredns.stats.zone", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "value_template": "{{value}} ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Avg Request Duration (cumulative) [Metrics CoreDNS] ECS", + "type": "metrics" + } + }, + "id": "57c74300-7308-11e9-b0d0-414c3011ddbb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/75743f70-443c-11e9-8548-ab7fbe04f038.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/75743f70-443c-11e9-8548-ab7fbe04f038.json new file mode 100644 index 00000000000..61f0c75c70f --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/75743f70-443c-11e9-8548-ab7fbe04f038.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unique Domains [Logs CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Domains", + "field": "coredns.query.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ], + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Unique Domains [Logs CoreDNS]", + "type": "metric" + } + }, + "id": "75743f70-443c-11e9-8548-ab7fbe04f038", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/86177430-728d-11e9-b0d0-414c3011ddbb.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/86177430-728d-11e9-b0d0-414c3011ddbb.json new file mode 100644 index 00000000000..d067f17b06b --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/86177430-728d-11e9-b0d0-414c3011ddbb.json @@ -0,0 +1,188 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Requests by Zone [Metrics CoreDNS] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "max", + "customLabel": "Request count", + "field": "coredns.stats.dns.request.count", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "server", + "field": "coredns.stats.server", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "zone", + "field": "coredns.stats.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "protocol", + "field": "coredns.stats.proto", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "family", + "field": "coredns.stats.family", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Request count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "BottomAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Request count" + }, + "type": "value" + } + ] + }, + "title": "Requests by Zone [Metrics CoreDNS] ECS", + "type": "horizontal_bar" + } + }, + "id": "86177430-728d-11e9-b0d0-414c3011ddbb", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/9dc640e0-4432-11e9-8548-ab7fbe04f038.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/9dc640e0-4432-11e9-8548-ab7fbe04f038.json new file mode 100644 index 00000000000..bd3703a1df4 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/9dc640e0-4432-11e9-8548-ab7fbe04f038.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total DNS Queries [Logs CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total DNS Queries [Logs CoreDNS]", + "type": "metric" + } + }, + "id": "9dc640e0-4432-11e9-8548-ab7fbe04f038", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/a19df590-53c4-11e9-b466-9be470bbd327-ecs.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/a19df590-53c4-11e9-b466-9be470bbd327-ecs.json new file mode 100644 index 00000000000..60a4b7960fd --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/a19df590-53c4-11e9-b466-9be470bbd327-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "coredns.stats.dns.request.do.count" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "coredns.stats.dns.request.do.count", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "DO Count [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "DO Count", + "field": "coredns.stats.dns.request.do.count", + "percents": [ + 100 + ] + }, + "schema": "metric", + "type": "percentiles" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DO Count [Metrics CoreDNS] ECS", + "type": "metric" + } + }, + "id": "a19df590-53c4-11e9-b466-9be470bbd327-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/a58345f0-7298-11e9-b0d0-414c3011ddbb.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/a58345f0-7298-11e9-b0d0-414c3011ddbb.json new file mode 100644 index 00000000000..62fc9acc579 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/a58345f0-7298-11e9-b0d0-414c3011ddbb.json @@ -0,0 +1,180 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Requests by Type [Metrics CoreDNS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "max", + "customLabel": "Requests", + "field": "coredns.stats.dns.request.type.count", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "server", + "field": "coredns.stats.server", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "coredns.stats.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "field": "coredns.stats.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Requests" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Requests" + }, + "type": "value" + } + ] + }, + "title": "Requests by Type [Metrics CoreDNS] ECS", + "type": "line" + } + }, + "id": "a58345f0-7298-11e9-b0d0-414c3011ddbb", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/kibana/visualization/cfde7fb0-443d-11e9-8548-ab7fbe04f038.json b/dev/packages/beats/coredns/0.0.1/kibana/visualization/cfde7fb0-443d-11e9-8548-ab7fbe04f038.json new file mode 100644 index 00000000000..f7adea47d1c --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/kibana/visualization/cfde7fb0-443d-11e9-8548-ab7fbe04f038.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "tags:\"coredns\"" + } + } + }, + "title": "Time Series Visualizer [Logs CoreDNS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "65ad37b0-443f-11e9-94ba-69b05a5f82b8" + } + ], + "bar_color_rules": [ + { + "id": "e1f6cda0-443e-11e9-94ba-69b05a5f82b8" + } + ], + "default_index_pattern": "logs-*", + "gauge_color_rules": [ + { + "id": "6996a6e0-443f-11e9-94ba-69b05a5f82b8" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "fileset.name:kubernetes" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "CoreDNS Kubernetes", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none", + "terms_field": "fileset.name" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "fileset.name:log" + }, + "formatter": "number", + "id": "3c8999f0-443f-11e9-94ba-69b05a5f82b8", + "label": "CoreDNS Native", + "line_width": 1, + "metrics": [ + { + "id": "3c8999f1-443f-11e9-94ba-69b05a5f82b8", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Time Series Visualizer [Logs CoreDNS]", + "type": "metrics" + } + }, + "id": "cfde7fb0-443d-11e9-8548-ab7fbe04f038", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/coredns/0.0.1/manifest.yml b/dev/packages/beats/coredns/0.0.1/manifest.yml new file mode 100644 index 00000000000..c2fd2751d14 --- /dev/null +++ b/dev/packages/beats/coredns/0.0.1/manifest.yml @@ -0,0 +1,60 @@ +format_version: 1.0.0 +name: coredns +title: coredns +version: 0.0.1 +license: basic +description: coredns Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-coredns.jpg + title: kibana coredns + size: 3340x1880 + type: image/jpg +- src: /img/metricbeat_coredns_dashboard.png + title: metricbeat coredns dashboard + size: 1507x767 + type: image/png +icons: +- src: /img/coredns.svg + title: coredns + size: 163x145 + type: image/svg+xml +datasources: +- name: coredns + title: coredns logs and metrics + description: Collect logs and metrics from coredns instances + inputs: + - type: logs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - coredns + title: Collect logs from coredns instances + description: Collecting coredns log logs + - type: coredns/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:9153 + title: Collect metrics from coredns instances + description: Collecting coredns stats metrics diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/bucket/agent/stream/stream.yml.hbs b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ccaf863f2b8 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["bucket"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/fields.yml new file mode 100644 index 00000000000..e5087a7318a --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/fields.yml @@ -0,0 +1,49 @@ +- name: couchbase.bucket + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Name of the bucket. + - name: type + type: keyword + description: | + Type of the bucket. + - name: data.used.bytes + type: long + format: bytes + description: | + Size of user data within buckets of the specified state that are resident in RAM. + - name: disk.fetches + type: long + description: | + Number of disk fetches. + - name: disk.used.bytes + type: long + format: bytes + description: | + Amount of disk used (bytes). + - name: memory.used.bytes + type: long + format: bytes + description: | + Amount of memory used by the bucket (bytes). + - name: quota.ram.bytes + type: long + format: bytes + description: | + Amount of RAM used by the bucket (bytes). + - name: quota.use.pct + type: scaled_float + format: percent + description: | + Percentage of RAM used (for active objects) against the configured bucket size (%). + - name: ops_per_sec + type: long + description: | + Number of operations per second. + - name: item_count + type: long + description: | + Number of items associated with the bucket. diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/package-fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/package-fields.yml new file mode 100644 index 00000000000..1d9a232dd6b --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: couchbase + type: group diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/bucket/manifest.yml b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/manifest.yml new file mode 100644 index 00000000000..53454dffb2b --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/bucket/manifest.yml @@ -0,0 +1,15 @@ +title: Couchbase bucket metrics +release: experimental +type: metrics +streams: +- input: couchbase/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Couchbase bucket metrics + description: Collect Couchbase bucket metrics diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/cluster/agent/stream/stream.yml.hbs b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5f50916a7f4 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["cluster"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/fields.yml new file mode 100644 index 00000000000..3443798f7d5 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/fields.yml @@ -0,0 +1,76 @@ +- name: couchbase.cluster + type: group + release: ga + fields: + - name: hdd.free.bytes + type: long + format: bytes + description: | + Free hard drive space in the cluster (bytes). + - name: hdd.quota.total.bytes + type: long + format: bytes + description: | + Hard drive quota total for the cluster (bytes). + - name: hdd.total.bytes + type: long + format: bytes + description: | + Total hard drive space available to the cluster (bytes). + - name: hdd.used.value.bytes + type: long + format: bytes + description: | + Hard drive space used by the cluster (bytes). + - name: hdd.used.by_data.bytes + type: long + format: bytes + description: | + Hard drive space used by the data in the cluster (bytes). + - name: max_bucket_count + type: long + description: | + Max bucket count setting. + - name: quota.index_memory.mb + type: long + description: | + Memory quota setting for the Index service (Mbyte). + - name: quota.memory.mb + type: long + description: | + Memory quota setting for the cluster (Mbyte). + - name: ram.quota.total.value.bytes + type: long + format: bytes + description: | + RAM quota total for the cluster (bytes). + - name: ram.quota.total.per_node.bytes + type: long + format: bytes + description: | + RAM quota used by the current node in the cluster (bytes). + - name: ram.quota.used.value.bytes + type: long + format: bytes + description: | + RAM quota used by the cluster (bytes). + - name: ram.quota.used.per_node.bytes + type: long + format: bytes + description: | + Ram quota used by the current node in the cluster (bytes) + - name: ram.total.bytes + type: long + format: bytes + description: | + Total RAM available to cluster (bytes). + - name: ram.used.value.bytes + type: long + format: bytes + description: | + RAM used by the cluster (bytes). + - name: ram.used.by_data.bytes + type: long + format: bytes + description: | + RAM used by the data in the cluster (bytes). diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/package-fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/package-fields.yml new file mode 100644 index 00000000000..1d9a232dd6b --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: couchbase + type: group diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/cluster/manifest.yml b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/manifest.yml new file mode 100644 index 00000000000..b5fb33f4451 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/cluster/manifest.yml @@ -0,0 +1,15 @@ +title: Couchbase cluster metrics +release: experimental +type: metrics +streams: +- input: couchbase/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Couchbase cluster metrics + description: Collect Couchbase cluster metrics diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/couchbase/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..a6404cdbd81 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,99 @@ +- name: couchbase.node + type: group + release: ga + fields: + - name: cmd_get + type: long + description: | + Number of get commands + - name: couch.docs.disk_size.bytes + type: long + format: bytes + description: | + Amount of disk space used by Couch docs (bytes). + - name: couch.docs.data_size.bytes + type: long + format: bytes + description: | + Data size of Couch docs associated with a node (bytes). + - name: couch.spatial.data_size.bytes + type: long + description: | + Size of object data for spatial views (bytes). + - name: couch.spatial.disk_size.bytes + type: long + description: | + Amount of disk space used by spatial views (bytes). + - name: couch.views.disk_size.bytes + type: long + description: | + Amount of disk space used by Couch views (bytes). + - name: couch.views.data_size.bytes + type: long + description: | + Size of object data for Couch views (bytes). + - name: cpu_utilization_rate.pct + type: scaled_float + description: | + The CPU utilization rate (%). + - name: current_items.value + type: long + description: | + Number of current items. + - name: current_items.total + type: long + description: | + Total number of items associated with the node. + - name: ep_bg_fetched + type: long + description: | + Number of disk fetches performed since the server was started. + - name: get_hits + type: long + description: | + Number of get hits. + - name: hostname + type: keyword + description: | + The hostname of the node. + - name: mcd_memory.allocated.bytes + type: long + format: bytes + description: | + Amount of memcached memory allocated (bytes). + - name: mcd_memory.reserved.bytes + type: long + description: | + Amount of memcached memory reserved (bytes). + - name: memory.free.bytes + type: long + description: | + Amount of memory free for the node (bytes). + - name: memory.total.bytes + type: long + description: | + Total memory available to the node (bytes). + - name: memory.used.bytes + type: long + description: | + Memory used by the node (bytes). + - name: ops + type: long + description: | + Number of operations performed on Couchbase. + - name: swap.total.bytes + type: long + description: | + Total swap size allocated (bytes). + - name: swap.used.bytes + type: long + description: | + Amount of swap space used (bytes). + - name: uptime.sec + type: long + description: | + Time during which the node was in operation (sec). + - name: vb_replica_curr_items + type: long + description: | + Number of items/documents that are replicas. diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..1d9a232dd6b --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: couchbase + type: group diff --git a/dev/packages/beats/couchbase/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/couchbase/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..5ee14d74edb --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,15 @@ +title: Couchbase node metrics +release: experimental +type: metrics +streams: +- input: couchbase/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Couchbase node metrics + description: Collect Couchbase node metrics diff --git a/dev/packages/beats/couchbase/0.0.1/docs/README.md b/dev/packages/beats/couchbase/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/img/logo_couchbase.svg b/dev/packages/beats/couchbase/0.0.1/img/logo_couchbase.svg new file mode 100644 index 00000000000..d42d9899d8c --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/img/logo_couchbase.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/couchbase/0.0.1/img/metricbeat-couchbase-overview.png b/dev/packages/beats/couchbase/0.0.1/img/metricbeat-couchbase-overview.png new file mode 100644 index 00000000000..c59e52e4136 Binary files /dev/null and b/dev/packages/beats/couchbase/0.0.1/img/metricbeat-couchbase-overview.png differ diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/dashboard/46d21220-b9f1-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/dashboard/46d21220-b9f1-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..93082786149 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/dashboard/46d21220-b9f1-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,237 @@ +{ + "attributes": { + "description": "This Couchbase dashboard visualizes the most relevant metrics for cluster, nodes and buckets. ", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "1", + "w": 12, + "x": 0, + "y": 11 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Buckets RAM Used", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "2", + "w": 12, + "x": 12, + "y": 11 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Buckets Disk Used", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "3", + "w": 24, + "x": 24, + "y": 11 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Node CPU Utilization", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "4", + "w": 12, + "x": 0, + "y": 22 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Buckets Operations Per Second", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Operations per Node", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "6", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Cluster HDD Usage", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "7", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Cluster RAM", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "8", + "w": 12, + "x": 12, + "y": 22 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Bucket Item Count", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "9", + "w": 24, + "x": 24, + "y": 33 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Document Replicas", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "10", + "w": 24, + "x": 24, + "y": 22 + }, + "panelIndex": "10", + "panelRefName": "panel_9", + "title": "Disk space used by docs", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "11", + "w": 24, + "x": 0, + "y": 33 + }, + "panelIndex": "11", + "panelRefName": "panel_10", + "title": "Disk Fetches", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Couchbase] Cluster Overview", + "version": 1 + }, + "id": "46d21220-b9f1-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "e781add0-b9dc-11e9-a579-f5c0a5d81340", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c4c81a30-b9dd-11e9-a579-f5c0a5d81340", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "467c99c0-b9de-11e9-a579-f5c0a5d81340", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e23a9fe0-b9db-11e9-a579-f5c0a5d81340", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "17a01210-b9e0-11e9-a579-f5c0a5d81340", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f515f2e0-b9e0-11e9-a579-f5c0a5d81340", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "7cc8def0-b9e1-11e9-a579-f5c0a5d81340", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "97ee1ea0-b9f2-11e9-a579-f5c0a5d81340", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "63efced0-b9f4-11e9-a579-f5c0a5d81340", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "99980c90-ba8b-11e9-a579-f5c0a5d81340", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "19eed0e0-ba8c-11e9-a579-f5c0a5d81340", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/17a01210-b9e0-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/17a01210-b9e0-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..89999552161 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/17a01210-b9e0-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Operations per Node [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec9c42a0-b9df-11e9-8634-0fd532c4482a", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(84,141,162,1)", + "fill": "0.1", + "formatter": "number", + "id": "ec9c42a1-b9df-11e9-8634-0fd532c4482a", + "label": "max(couchbase.node.ops)", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.node.ops", + "id": "ec9c42a2-b9df-11e9-8634-0fd532c4482a", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.node.hostname", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Operations per Node [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "17a01210-b9e0-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/19eed0e0-ba8c-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/19eed0e0-ba8c-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..723e65384f8 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/19eed0e0-ba8c-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk Fetches [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ead970d0-ba8b-11e9-8d1e-992a5619d7be", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": 0, + "formatter": "number", + "id": "ead970d1-ba8b-11e9-8d1e-992a5619d7be", + "label": "Disk Fetches", + "line_width": 2, + "metrics": [ + { + "field": "couchbase.bucket.disk.fetches", + "id": "ead970d2-ba8b-11e9-8d1e-992a5619d7be", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.bucket.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Disk Fetches [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "19eed0e0-ba8c-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/467c99c0-b9de-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/467c99c0-b9de-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..1f027aca13b --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/467c99c0-b9de-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Node CPU Utilization [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "f6ae4d80-b9dd-11e9-a864-6f6fa2fda75a", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "'0.'", + "id": "f6ae7490-b9dd-11e9-a864-6f6fa2fda75a", + "label": "CPU Utilization", + "line_width": 2, + "metrics": [ + { + "field": "couchbase.node.cpu_utilization_rate.pct", + "id": "f6ae7491-b9dd-11e9-a864-6f6fa2fda75a", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.node.hostname", + "value_template": "{{value}}%" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Node CPU Utilization [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "467c99c0-b9de-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/63efced0-b9f4-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/63efced0-b9f4-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..a69418ccd91 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/63efced0-b9f4-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Document Replicas [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "2658bfa0-b9f4-11e9-ac89-cd269ee83e5f", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "2658bfa1-b9f4-11e9-ac89-cd269ee83e5f", + "label": "replicas", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.node.vb_replica_curr_items", + "id": "2658bfa2-b9f4-11e9-ac89-cd269ee83e5f", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.node.hostname", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Document Replicas [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "63efced0-b9f4-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/7cc8def0-b9e1-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/7cc8def0-b9e1-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..de8bd012f90 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/7cc8def0-b9e1-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cluster RAM [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "3afe8650-b9e1-11e9-861c-7f7211bffe38" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "24242700-b9e1-11e9-ab98-51a45917a19d", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": 0, + "formatter": "bytes", + "id": "24242701-b9e1-11e9-ab98-51a45917a19d", + "label": "Total", + "line_width": 2, + "metrics": [ + { + "field": "couchbase.cluster.ram.total.bytes", + "id": "24242702-b9e1-11e9-ab98-51a45917a19d", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "0.2", + "formatter": "bytes", + "id": "24242703-b9e1-11e9-ab98-51a45917a19d", + "label": "Used", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.cluster.ram.used.value.bytes", + "id": "24242704-b9e1-11e9-ab98-51a45917a19d", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Cluster RAM [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "7cc8def0-b9e1-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/97ee1ea0-b9f2-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/97ee1ea0-b9f2-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..64643b362ce --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/97ee1ea0-b9f2-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Bucket Item Count [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "5b94e6a0-b9f2-11e9-9c08-535482acfc9e", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0.1", + "formatter": "number", + "id": "5b94e6a1-b9f2-11e9-9c08-535482acfc9e", + "label": "items", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.bucket.item_count", + "id": "5b94e6a2-b9f2-11e9-9c08-535482acfc9e", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.bucket.name", + "terms_order_by": "5b94e6a2-b9f2-11e9-9c08-535482acfc9e", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Bucket Item Count [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "97ee1ea0-b9f2-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/99980c90-ba8b-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/99980c90-ba8b-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..3a0638839bf --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/99980c90-ba8b-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk space used by docs [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "46d25240-ba8b-11e9-a06c-c5fca4bfd53b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(83,167,131,1)", + "fill": "0.1", + "formatter": "bytes", + "id": "46d25241-ba8b-11e9-a06c-c5fca4bfd53b", + "label": "Docs ", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.node.couch.docs.disk_size.bytes", + "id": "46d25242-ba8b-11e9-a06c-c5fca4bfd53b", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.node.hostname", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Disk space used by docs [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "99980c90-ba8b-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/c4c81a30-b9dd-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/c4c81a30-b9dd-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..b7deccc35a8 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/c4c81a30-b9dd-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buckets Disk Used [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "a126b410-b9dd-11e9-aa9d-55aa18f46863" + } + ], + "bar_color_rules": [ + { + "id": "9bcf0ee0-b9dd-11e9-aa9d-55aa18f46863" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "97d88050-b9dd-11e9-aa9d-55aa18f46863" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "04f7a400-b9dd-11e9-b988-d77f6106a7f0", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": "0.1", + "formatter": "bytes", + "id": "04f7a401-b9dd-11e9-b988-d77f6106a7f0", + "label": "Disk Used", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.bucket.disk.used.bytes", + "id": "04f7a402-b9dd-11e9-b988-d77f6106a7f0", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.bucket.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buckets Disk Used [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "c4c81a30-b9dd-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e23a9fe0-b9db-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e23a9fe0-b9db-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..8f68a440f19 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e23a9fe0-b9db-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buckets Operations Per Second [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "b8a49140-b9db-11e9-bc93-69919d73c9bb", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "b8a49141-b9db-11e9-bc93-69919d73c9bb", + "label": "ops_per_sec", + "line_width": 2, + "metrics": [ + { + "field": "couchbase.bucket.ops_per_sec", + "id": "b8a49142-b9db-11e9-bc93-69919d73c9bb", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.bucket.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buckets Operations Per Second [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "e23a9fe0-b9db-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e781add0-b9dc-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e781add0-b9dc-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..9014eb160f3 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/e781add0-b9dc-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buckets RAM Used [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "1ad80860-b9dc-11e9-a74b-270ba78f4926", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.1", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "1ad80861-b9dc-11e9-a74b-270ba78f4926", + "label": " RAM used", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.bucket.memory.used.bytes", + "id": "1ad80862-b9dc-11e9-a74b-270ba78f4926", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "couchbase.bucket.name", + "terms_order_by": "1ad80862-b9dc-11e9-a74b-270ba78f4926", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buckets RAM Used [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "e781add0-b9dc-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/kibana/visualization/f515f2e0-b9e0-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/f515f2e0-b9e0-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..8a6a8ffdadb --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/kibana/visualization/f515f2e0-b9e0-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cluster HDD Usage [Metrics Couchbase] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "c7abd1d0-b9e0-11e9-8604-efdef550e653" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "c82f80c0-b9e0-11e9-8604-efdef550e653" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "c34f7c90-b9e0-11e9-ab08-bf43409c5a0d", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(67,191,147,1)", + "fill": "0.2", + "formatter": "bytes", + "id": "c34f7c91-b9e0-11e9-ab08-bf43409c5a0d", + "label": "Free", + "line_width": "1", + "metrics": [ + { + "field": "couchbase.cluster.hdd.free.bytes", + "id": "c34f7c92-b9e0-11e9-ab08-bf43409c5a0d", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "8949ecc0-ba89-11e9-8d4d-f510918c2882", + "label": "Data", + "line_width": 1, + "metrics": [ + { + "field": "couchbase.cluster.hdd.used.by_data.bytes", + "id": "8949ecc1-ba89-11e9-8d4d-f510918c2882", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "ce3d98e0-ba89-11e9-8d4d-f510918c2882", + "label": "Cluster", + "line_width": 1, + "metrics": [ + { + "field": "couchbase.cluster.hdd.used.value.bytes", + "id": "ce3d98e1-ba89-11e9-8d4d-f510918c2882", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": "0", + "formatter": "bytes", + "id": "2f4dbb20-ba89-11e9-8d4d-f510918c2882", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "couchbase.cluster.hdd.total.bytes", + "id": "2f4dbb21-ba89-11e9-8d4d-f510918c2882", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Cluster HDD Usage [Metrics Couchbase] ECS", + "type": "metrics" + } + }, + "id": "f515f2e0-b9e0-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchbase/0.0.1/manifest.yml b/dev/packages/beats/couchbase/0.0.1/manifest.yml new file mode 100644 index 00000000000..15fcecd9472 --- /dev/null +++ b/dev/packages/beats/couchbase/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: couchbase +title: Couchbase +version: 0.0.1 +license: basic +description: Couchbase Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-couchbase-overview.png + title: metricbeat couchbase overview + size: 4964x2678 + type: image/png +icons: +- src: /img/logo_couchbase.svg + title: logo couchbase + size: 32x32 + type: image/svg+xml +datasources: +- name: couchbase + title: Couchbase metrics + description: Collect metrics from Couchbase instances + inputs: + - type: couchbase/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8091 + title: Collect metrics from Couchbase instances + description: Collecting Couchbase bucket, cluster and node metrics diff --git a/dev/packages/beats/couchdb/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/couchdb/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5d7188e3802 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["server"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..4de83105c24 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,140 @@ +- name: couchdb.server + type: group + release: ga + fields: + - name: httpd + type: group + fields: + - name: view_reads + type: long + description: | + Number of view reads + - name: bulk_requests + type: long + description: | + Number of bulk requests + - name: clients_requesting_changes + type: long + description: | + Number of clients for continuous _changes + - name: temporary_view_reads + type: long + description: | + Number of temporary view reads + - name: requests + type: long + description: | + Number of HTTP requests + - name: httpd_request_methods + type: group + fields: + - name: COPY + type: long + description: | + Number of HTTP COPY requests + - name: HEAD + type: long + description: | + Number of HTTP HEAD requests + - name: POST + type: long + description: | + Number of HTTP POST requests + - name: DELETE + type: long + description: | + Number of HTTP DELETE requests + - name: GET + type: long + description: | + Number of HTTP GET requests + - name: PUT + type: long + description: | + Number of HTTP PUT requests + - name: httpd_status_codes + type: group + fields: + - name: "200" + type: long + description: | + Number of HTTP 200 OK responses + - name: "201" + type: long + description: | + Number of HTTP 201 Created responses + - name: "202" + type: long + description: | + Number of HTTP 202 Accepted responses + - name: "301" + type: long + description: | + Number of HTTP 301 Moved Permanently responses + - name: "304" + type: long + description: | + Number of HTTP 304 Not Modified responses + - name: "400" + type: long + description: | + Number of HTTP 400 Bad Request responses + - name: "401" + type: long + description: | + Number of HTTP 401 Unauthorized responses + - name: "403" + type: long + description: | + Number of HTTP 403 Forbidden responses + - name: "404" + type: long + description: | + Number of HTTP 404 Not Found responses + - name: "405" + type: long + description: | + Number of HTTP 405 Method Not Allowed responses + - name: "409" + type: long + description: | + Number of HTTP 409 Conflict responses + - name: "412" + type: long + description: | + Number of HTTP 412 Precondition Failed responses + - name: "500" + type: long + description: | + Number of HTTP 500 Internal Server Error responses + - name: couchdb + type: group + fields: + - name: database_writes + type: long + description: | + Number of times a database was changed + - name: open_databases + type: long + description: | + Number of open databases + - name: auth_cache_misses + type: long + description: | + Number of authentication cache misses + - name: request_time + type: long + description: | + Length of a request inside CouchDB without MochiWeb + - name: database_reads + type: long + description: | + Number of times a document was read from a database + - name: auth_cache_hits + type: long + description: | + Number of authentication cache hits + - name: open_os_files + type: long + description: | + Number of file descriptors CouchDB has open diff --git a/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..76a9a558b62 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: couchdb + type: group diff --git a/dev/packages/beats/couchdb/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/couchdb/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..f4d4ad69a34 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,15 @@ +title: CouchDB server metrics +release: experimental +type: metrics +streams: +- input: couchdb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: CouchDB server metrics + description: Collect CouchDB server metrics diff --git a/dev/packages/beats/couchdb/0.0.1/docs/README.md b/dev/packages/beats/couchdb/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/img/couchdb.svg b/dev/packages/beats/couchdb/0.0.1/img/couchdb.svg new file mode 100644 index 00000000000..3c3ecb66d8c --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/img/couchdb.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/img/metricbeat-couchdb-overview.png b/dev/packages/beats/couchdb/0.0.1/img/metricbeat-couchdb-overview.png new file mode 100644 index 00000000000..cccd1418949 Binary files /dev/null and b/dev/packages/beats/couchdb/0.0.1/img/metricbeat-couchdb-overview.png differ diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/dashboard/a3ab9a60-b952-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/dashboard/a3ab9a60-b952-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..359fe12903c --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/dashboard/a3ab9a60-b952-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,161 @@ +{ + "attributes": { + "description": "This CouchDB dashboard visualizes the most important CouchDB server metrics.\n\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "HTTP Status Codes", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 10 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "HTTP Request Methods", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "3", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Open Databases", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Database Read/Writes", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Auth Cache Hit/Miss", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 14, + "x": 10, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Number of HTTP Requests", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "7", + "w": 24, + "x": 0, + "y": 25 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Number of View Reads", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics CouchDB] Database Overview", + "version": 1 + }, + "id": "a3ab9a60-b952-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "8e15ece0-b94e-11e9-a579-f5c0a5d81340", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1b60bb70-b94f-11e9-a579-f5c0a5d81340", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f8c29f10-b94f-11e9-a579-f5c0a5d81340", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "702584a0-b950-11e9-a579-f5c0a5d81340", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "abfaf130-b951-11e9-a579-f5c0a5d81340", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "06018310-b952-11e9-a579-f5c0a5d81340", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "496910f0-b952-11e9-a579-f5c0a5d81340", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/06018310-b952-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/06018310-b952-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..f665117697f --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/06018310-b952-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of HTTP Requests [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "couchdb" + }, + "id": "caae9780-b951-11e9-8945-b5f393c4775d", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(82,174,177,1)", + "fill": "0.2", + "formatter": "number", + "id": "caae9781-b951-11e9-8945-b5f393c4775d", + "label": "requests", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd.requests", + "id": "caae9782-b951-11e9-8945-b5f393c4775d", + "type": "max" + }, + { + "field": "caae9782-b951-11e9-8945-b5f393c4775d", + "id": "caae9784-b951-11e9-8945-b5f393c4775d", + "type": "derivative", + "unit": "1s" + }, + { + "field": "caae9784-b951-11e9-8945-b5f393c4775d", + "id": "caae9783-b951-11e9-8945-b5f393c4775d", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(237,193,119,1)", + "fill": "0.2", + "formatter": "number", + "id": "caae9785-b951-11e9-8945-b5f393c4775d", + "label": "bulk_requests", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd.bulk_requests", + "id": "caae9786-b951-11e9-8945-b5f393c4775d", + "type": "max" + }, + { + "field": "caae9786-b951-11e9-8945-b5f393c4775d", + "id": "caae9788-b951-11e9-8945-b5f393c4775d", + "type": "derivative", + "unit": "1s" + }, + { + "field": "caae9788-b951-11e9-8945-b5f393c4775d", + "id": "caae9787-b951-11e9-8945-b5f393c4775d", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of HTTP Requests [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "06018310-b952-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/1b60bb70-b94f-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/1b60bb70-b94f-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..118accc2d72 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/1b60bb70-b94f-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,249 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "HTTP Request Methods [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "bb936ee0-b94e-11e9-86ee-f5b628c75be4", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.2", + "formatter": "number", + "id": "bb936ee1-b94e-11e9-86ee-f5b628c75be4", + "label": "GET", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.GET", + "id": "bb936ee2-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936ee2-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ee4-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936ee4-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ee3-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "bb936ee5-b94e-11e9-86ee-f5b628c75be4", + "label": "POST", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.POST", + "id": "bb936ee6-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936ee6-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ee8-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936ee8-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ee7-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "bb936ee9-b94e-11e9-86ee-f5b628c75be4", + "label": "PUT", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.PUT", + "id": "bb936eea-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936eea-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936eec-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936eec-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936eeb-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#490092", + "fill": "0.2", + "formatter": "number", + "id": "bb936eed-b94e-11e9-86ee-f5b628c75be4", + "label": "DELETE", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.DELETE", + "id": "bb936eee-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936eee-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ef0-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936ef0-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936eef-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#FEB6DB", + "fill": "0.2", + "formatter": "number", + "id": "bb936ef1-b94e-11e9-86ee-f5b628c75be4", + "label": "HEAD", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.HEAD", + "id": "bb936ef2-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936ef2-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ef4-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936ef4-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ef3-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#E6C220", + "fill": "0.2", + "formatter": "number", + "id": "bb936ef5-b94e-11e9-86ee-f5b628c75be4", + "label": "COPY", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_request_methods.COPY", + "id": "bb936ef6-b94e-11e9-86ee-f5b628c75be4", + "type": "max" + }, + { + "field": "bb936ef6-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ef8-b94e-11e9-86ee-f5b628c75be4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "bb936ef8-b94e-11e9-86ee-f5b628c75be4", + "id": "bb936ef7-b94e-11e9-86ee-f5b628c75be4", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HTTP Request Methods [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "1b60bb70-b94f-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/496910f0-b952-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/496910f0-b952-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..aef28b72ede --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/496910f0-b952-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of View Reads [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "couchdb" + }, + "id": "1d4e0520-b952-11e9-b9f3-4d741a808166", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0, + "formatter": "number", + "id": "1d4e0521-b952-11e9-b9f3-4d741a808166", + "label": "view_reads", + "line_width": 2, + "metrics": [ + { + "field": "couchdb.server.httpd.view_reads", + "id": "1d4e0522-b952-11e9-b9f3-4d741a808166", + "type": "max" + }, + { + "field": "1d4e0522-b952-11e9-b9f3-4d741a808166", + "id": "1d4e0524-b952-11e9-b9f3-4d741a808166", + "type": "derivative", + "unit": "1s" + }, + { + "field": "1d4e0524-b952-11e9-b9f3-4d741a808166", + "id": "1d4e0523-b952-11e9-b9f3-4d741a808166", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(247,61,231,1)", + "fill": 0, + "formatter": "number", + "id": "1d4e0525-b952-11e9-b9f3-4d741a808166", + "label": "temporary_view_reads", + "line_width": 2, + "metrics": [ + { + "field": "couchdb.server.httpd.temporary_view_reads", + "id": "1d4e0526-b952-11e9-b9f3-4d741a808166", + "type": "max" + }, + { + "field": "1d4e0526-b952-11e9-b9f3-4d741a808166", + "id": "1d4e0528-b952-11e9-b9f3-4d741a808166", + "type": "derivative", + "unit": "1s" + }, + { + "field": "1d4e0528-b952-11e9-b9f3-4d741a808166", + "id": "1d4e0527-b952-11e9-b9f3-4d741a808166", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of View Reads [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "496910f0-b952-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/702584a0-b950-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/702584a0-b950-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..903daa6e229 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/702584a0-b950-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Database Read/Writes [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "couchdb" + }, + "id": "48918790-b950-11e9-84ff-97e538653deb", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "0.2", + "formatter": "number", + "id": "48918791-b950-11e9-84ff-97e538653deb", + "label": "database_writes", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.couchdb.database_writes", + "id": "48918792-b950-11e9-84ff-97e538653deb", + "type": "max" + }, + { + "field": "48918792-b950-11e9-84ff-97e538653deb", + "id": "48918794-b950-11e9-84ff-97e538653deb", + "type": "derivative", + "unit": "1s" + }, + { + "field": "48918794-b950-11e9-84ff-97e538653deb", + "id": "48918793-b950-11e9-84ff-97e538653deb", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(160,203,38,1)", + "fill": "0.2", + "formatter": "number", + "id": "7c71dd30-b950-11e9-bd31-d98b40ea3379", + "label": "database_reads", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.couchdb.database_reads", + "id": "7c71dd31-b950-11e9-bd31-d98b40ea3379", + "type": "max" + }, + { + "field": "7c71dd31-b950-11e9-bd31-d98b40ea3379", + "id": "7c71dd32-b950-11e9-bd31-d98b40ea3379", + "type": "derivative", + "unit": "1s" + }, + { + "field": "7c71dd32-b950-11e9-bd31-d98b40ea3379", + "id": "7c71dd33-b950-11e9-bd31-d98b40ea3379", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Database Read/Writes [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "702584a0-b950-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/8e15ece0-b94e-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/8e15ece0-b94e-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..3347182c000 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/8e15ece0-b94e-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,385 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "HTTP Status Codes [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "c8c0f520-b94d-11e9-8899-f736e404b0e7", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f521-b94d-11e9-8899-f736e404b0e7", + "label": "200 OK", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.200", + "id": "c8c0f522-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f522-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f524-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f524-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f523-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f529-b94d-11e9-8899-f736e404b0e7", + "label": "400 Bad Request", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.400", + "id": "c8c0f52a-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f52a-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f52c-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f52c-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f52b-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#490092", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f52d-b94d-11e9-8899-f736e404b0e7", + "label": "401 Unauthorized", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.401", + "id": "c8c0f52e-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f52e-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f530-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f530-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f52f-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#461A0A", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f541-b94d-11e9-8899-f736e404b0e7", + "label": "500 Internal Server Error", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.500", + "id": "c8c0f542-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f542-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f544-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f544-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f543-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#FEB6DB", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f531-b94d-11e9-8899-f736e404b0e7", + "label": "403 Forbidden", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.403", + "id": "c8c0f532-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f532-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f534-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f534-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f533-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#E6C220", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f535-b94d-11e9-8899-f736e404b0e7", + "label": "404 Not Found", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.404", + "id": "c8c0f536-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f536-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f538-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f538-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f537-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f525-b94d-11e9-8899-f736e404b0e7", + "label": "202 Accepted", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.202", + "id": "c8c0f526-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f526-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f528-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f528-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f527-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#BFA180", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f539-b94d-11e9-8899-f736e404b0e7", + "label": "405 Method Not Allowed", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.405", + "id": "c8c0f53a-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f53a-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f53c-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f53c-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f53b-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#F98510", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f53d-b94d-11e9-8899-f736e404b0e7", + "label": "409 Conflict", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.409", + "id": "c8c0f53e-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f53e-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f540-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f540-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f53f-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#920000", + "fill": "0.2", + "formatter": "number", + "id": "c8c0f545-b94d-11e9-8899-f736e404b0e7", + "label": "201 Created", + "line_width": "1", + "metrics": [ + { + "field": "couchdb.server.httpd_status_codes.201", + "id": "c8c0f546-b94d-11e9-8899-f736e404b0e7", + "type": "max" + }, + { + "field": "c8c0f546-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f548-b94d-11e9-8899-f736e404b0e7", + "type": "derivative", + "unit": "1s" + }, + { + "field": "c8c0f548-b94d-11e9-8899-f736e404b0e7", + "id": "c8c0f547-b94d-11e9-8899-f736e404b0e7", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HTTP Status Codes [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "8e15ece0-b94e-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/abfaf130-b951-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/abfaf130-b951-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..9c0fe240005 --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/abfaf130-b951-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Auth Cache Hit/Miss [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "couchdb" + }, + "id": "7ccd9c50-b951-11e9-8e1d-17d2519ede48", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(179,101,87,1)", + "fill": 0, + "formatter": "number", + "id": "7ccd9c51-b951-11e9-8e1d-17d2519ede48", + "label": "auth_cache_misses", + "line_width": 2, + "metrics": [ + { + "field": "couchdb.server.couchdb.auth_cache_misses", + "id": "7ccd9c52-b951-11e9-8e1d-17d2519ede48", + "type": "max" + }, + { + "field": "7ccd9c52-b951-11e9-8e1d-17d2519ede48", + "id": "7ccd9c54-b951-11e9-8e1d-17d2519ede48", + "type": "derivative", + "unit": "1s" + }, + { + "field": "7ccd9c54-b951-11e9-8e1d-17d2519ede48", + "id": "7ccd9c53-b951-11e9-8e1d-17d2519ede48", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(129,169,80,1)", + "fill": 0, + "formatter": "number", + "id": "7ccd9c55-b951-11e9-8e1d-17d2519ede48", + "label": "auth_cache_hits", + "line_width": 2, + "metrics": [ + { + "field": "couchdb.server.couchdb.auth_cache_hits", + "id": "7ccd9c56-b951-11e9-8e1d-17d2519ede48", + "type": "max" + }, + { + "field": "7ccd9c56-b951-11e9-8e1d-17d2519ede48", + "id": "7ccd9c58-b951-11e9-8e1d-17d2519ede48", + "type": "derivative", + "unit": "1s" + }, + { + "field": "7ccd9c58-b951-11e9-8e1d-17d2519ede48", + "id": "7ccd9c57-b951-11e9-8e1d-17d2519ede48", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Auth Cache Hit/Miss [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "abfaf130-b951-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/kibana/visualization/f8c29f10-b94f-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/f8c29f10-b94f-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..44db3924f9c --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/kibana/visualization/f8c29f10-b94f-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Open Databases [Metrics CouchDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "couchdb" + }, + "gauge_color_rules": [ + { + "id": "ef4c9800-b94f-11e9-bce6-47447dde021d" + } + ], + "gauge_inner_color": null, + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "71dd6340-b94f-11e9-9f6f-832b64f4a79f", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(12,121,125,1)", + "fill": "0.1", + "formatter": "number", + "id": "71dd8a50-b94f-11e9-9f6f-832b64f4a79f", + "label": "Open Databases", + "line_width": 2, + "metrics": [ + { + "field": "couchdb.server.couchdb.open_databases", + "id": "71dd8a51-b94f-11e9-9f6f-832b64f4a79f", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Open Databases [Metrics CouchDB] ECS", + "type": "metrics" + } + }, + "id": "f8c29f10-b94f-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/couchdb/0.0.1/manifest.yml b/dev/packages/beats/couchdb/0.0.1/manifest.yml new file mode 100644 index 00000000000..53d0a5cfc2c --- /dev/null +++ b/dev/packages/beats/couchdb/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: couchdb +title: CouchDB +version: 0.0.1 +license: basic +description: CouchDB Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-couchdb-overview.png + title: metricbeat couchdb overview + size: 4986x2672 + type: image/png +icons: +- src: /img/couchdb.svg + title: couchdb + size: 289x293 + type: image/svg+xml +datasources: +- name: couchdb + title: CouchDB metrics + description: Collect metrics from CouchDB instances + inputs: + - type: couchdb/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5984 + title: Collect metrics from CouchDB instances + description: Collecting CouchDB server metrics diff --git a/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/log.yml.hbs b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..28df5aca78c --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/log.yml.hbs @@ -0,0 +1,16 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +# Crowdstrike Falcon SIEM connector logs are multiline JSON by default +multiline.pattern: '^{' +multiline.negate: true +multiline.match: after +multiline.max_lines: 5000 +multiline.timeout: 10 +processors: +- script: + lang: javascript + id: crowdstrike_falcon + file: ${path.home}/module/crowdstrike/falcon/config/pipeline.js \ No newline at end of file diff --git a/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/pipeline.js b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/pipeline.js new file mode 100644 index 00000000000..6ef77376175 --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/agent/stream/pipeline.js @@ -0,0 +1,187 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var crowdstrikeFalcon = (function() { + var processor = require("processor"); + + var convertUnderscore = function(text) { + return text.split(/(?=[A-Z])/).join('_').toLowerCase(); + }; + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "crowdstrike", + process_array: true, + max_depth: 8 + }); + + var dropFields = function(evt) { + evt.Delete("message"); + evt.Delete("host.name"); + }; + + var setFields = function (evt) { + evt.Put("agent.name", "falcon"); + }; + + var convertFields = new processor.Convert({ + fields: [ + // DetectionSummaryEvent + { from: "crowdstrike.event.LocalIP", to: "source.ip", type: "ip" }, + { from: "crowdstrike.event.ProcessId", to: "process.pid" }, + // UserActivityAuditEvent and AuthActivityAuditEvent + { from: "crowdstrike.event.UserIp", to: "source.ip", type: "ip" }, + ], + mode: "copy", + ignore_missing: true, + ignore_failure: true + }); + + var parseTimestamp = new processor.Timestamp({ + field: "crowdstrike.metadata.eventCreationTime", + target_field: "@timestamp", + timezone: "UTC", + layouts: ["UNIX_MS"], + ignore_missing: false, + }); + + var processEvent = function(evt) { + var eventType = evt.Get("crowdstrike.metadata.eventType") + var outcome = evt.Get("crowdstrike.event.Success") + + evt.Put("event.kind", "event") + + if (outcome === true) { + evt.Put("event.outcome", "success") + } + else if (outcome === false) { + evt.Put("event.outcome", "failure") + } + else { + evt.Put("event.outcome", "unknown") + } + + switch (eventType) { + case "DetectionSummaryEvent": + var tactic = evt.Get("crowdstrike.event.Tactic").toLowerCase() + var technique = evt.Get("crowdstrike.event.Technique").toLowerCase() + evt.Put("threat.technique.name", technique) + evt.Put("threat.tactic.name", tactic) + + evt.Put("event.action", evt.Get("crowdstrike.event.PatternDispositionDescription")) + evt.Put("event.kind", "alert") + evt.Put("event.type", ["info"]) + evt.Put("event.category", ["malware"]) + evt.Put("event.url", evt.Get("crowdstrike.event.FalconHostLink")) + evt.Put("event.dataset", "crowdstrike.falcon_endpoint") + + evt.Put("event.severity", evt.Get("crowdstrike.event.Severity")) + evt.Put("message", evt.Get("crowdstrike.event.DetectDescription")) + evt.Put("process.name", evt.Get("crowdstrike.event.FileName")) + + var command_line = evt.Get("crowdstrike.event.CommandLine") + var args = command_line.split(' ') + var executable = args[0] + + evt.Put("process.command_line", command_line) + evt.Put("process.args", args) + evt.Put("process.executable", executable) + + evt.Put("user.name", evt.Get("crowdstrike.event.UserName")) + evt.Put("user.domain", evt.Get("crowdstrike.event.MachineDomain")) + evt.Put("agent.id", evt.Get("crowdstrike.event.SensorId")) + evt.Put("host.name", evt.Get("crowdstrike.event.ComputerName")) + evt.Put("agent.type", "falcon") + evt.Put("file.hash.sha256", evt.Get("crowdstrike.event.SHA256String")) + evt.Put("file.hash.md5", evt.Get("crowdstrike.event.MD5String")) + evt.Put("rule.name", evt.Get("crowdstrike.event.DetectName")) + evt.Put("rule.description", evt.Get("crowdstrike.event.DetectDescription")) + + break; + + case "IncidentSummaryEvent": + evt.Put("event.kind", "alert") + evt.Put("event.type", ["info"]) + evt.Put("event.category", ["malware"]) + evt.Put("event.action", "incident") + evt.Put("event.url", evt.Get("crowdstrike.event.FalconHostLink")) + evt.Put("event.dataset", "crowdstrike.falcon_endpoint") + + evt.Put("message", "Incident score " + evt.Get("crowdstrike.event.FineScore")) + + break; + + case "UserActivityAuditEvent": + var userid = evt.Get("crowdstrike.event.UserId") + evt.Put("user.name", userid) + if (userid.split('@').length == 2) { + evt.Put("user.email", userid) + } + + evt.Put("message", evt.Get("crowdstrike.event.OperationName")) + evt.Put("event.action", convertUnderscore(eventType)) + evt.Put("event.type", ["change"]) + evt.Put("event.category", ["iam"]) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + break; + + case "AuthActivityAuditEvent": + var userid = evt.Get("crowdstrike.event.UserId") + evt.Put("user.name", userid) + if (userid.split('@').length == 2) { + evt.Put("user.email", userid) + } + + evt.Put("message", evt.Get("crowdstrike.event.ServiceName")) + evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.event.OperationName"))) + evt.Put("event.type", ["change"]) + evt.Put("event.category", ["authentication"]) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + break; + + case "RemoteResponseSessionStartEvent": + case "RemoteResponseSessionEndEvent": + var username = evt.Get("crowdstrike.event.UserName") + evt.Put("user.name", username) + if (username.split('@').length == 2) { + evt.Put("user.email", username) + } + + evt.Put("host.name", evt.Get("crowdstrike.event.HostnameField")) + evt.Put("event.action", convertUnderscore(eventType)) + evt.Put("event.dataset", "crowdstrike.falcon_audit") + + if (eventType == "RemoteResponseSessionStartEvent") { + evt.Put("event.type", ["start"]) + evt.Put("message", "Remote response session started") + } else { + evt.Put("event.type", ["end"]) + evt.Put("message", "Remote response session ended") + } + + break; + + default: + break; + } + } + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(dropFields) + .Add(convertFields) + .Add(processEvent) + .Build(); + + return { + process: pipeline.Run, + }; +})(); + +function process(evt) { + crowdstrikeFalcon.process(evt); +} diff --git a/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/fields.yml b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/fields.yml new file mode 100644 index 00000000000..265f1ac6c1f --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/fields.yml @@ -0,0 +1,196 @@ +- name: crowdstrike.metadata + title: Metadata fields + type: group + fields: + - name: eventType + type: keyword + description: | + DetectionSummaryEvent, IncidentSummaryEvent, RemoteResponseSessionStartEvent, RemoteResponseSessionEndEvent, AuthActivityAuditEvent, or UserActivityAuditEvent + - name: eventCreationTime + type: date + description: | + The time this event occurred on the endpoint in UTC UNIX_MS format. + - name: offset + type: integer + description: | + Offset number that tracks the location of the event in stream. This is used to identify unique detection events. + - name: customerIDString + type: keyword + description: | + Customer identifier + - name: version + type: keyword + description: | + Schema version +- name: crowdstrike.event + title: Event fields + type: group + fields: + - name: ProcessStartTime + type: date + description: | + The process start time in UTC UNIX_MS format. + - name: ProcessEndTime + type: date + description: | + The process termination time in UTC UNIX_MS format. + - name: ProcessId + type: integer + description: | + Process ID related to the detection. + - name: ParentProcessId + type: integer + description: | + Parent process ID related to the detection. + - name: ComputerName + type: keyword + description: | + Name of the computer where the detection occurred. + - name: UserName + type: keyword + description: | + User name associated with the detection. + - name: DetectName + type: keyword + description: | + Name of the detection. + - name: DetectDescription + type: keyword + description: | + Description of the detection. + - name: Severity + type: integer + description: | + Severity score of the detection. + - name: SeverityName + type: keyword + description: | + Severity score text. + - name: FileName + type: keyword + description: | + File name of the associated process for the detection. + - name: FilePath + type: keyword + description: | + Path of the executable associated with the detection. + - name: CommandLine + type: keyword + description: | + Executable path with command line arguments. + - name: SHA256String + type: keyword + description: | + SHA256 sum of the executable associated with the detection. + - name: MD5String + type: keyword + description: | + MD5 sum of the executable associated with the detection. + - name: MachineDomain + type: keyword + description: | + Domain for the machine associated with the detection. + - name: FalconHostLink + type: keyword + description: | + URL to view the detection in Falcon. + - name: SensorId + type: keyword + description: | + Unique ID associated with the Falcon sensor. + - name: DetectId + type: keyword + description: | + Unique ID associated with the detection. + - name: LocalIP + type: keyword + description: | + IP address of the host associated with the detection. + - name: MACAddress + type: keyword + description: | + MAC address of the host associated with the detection. + - name: Tactic + type: keyword + description: | + MITRE tactic category of the detection. + - name: Technique + type: keyword + description: | + MITRE technique category of the detection. + - name: Objective + type: keyword + description: | + Method of detection. + - name: PatternDispositionDescription + type: keyword + description: | + Action taken by Falcon. + - name: PatternDispositionValue + type: integer + description: | + Unique ID associated with action taken. + - name: PatternDispositionFlags + type: object + description: | + Flags indicating actions taken. + - name: State + type: keyword + description: | + Whether the incident summary is open and ongoing or closed. + - name: IncidentStartTime + type: date + description: | + Start time for the incident in UTC UNIX format. + - name: IncidentEndTime + type: date + description: | + End time for the incident in UTC UNIX format. + - name: FineScore + type: float + description: | + Score for incident. + - name: UserId + type: keyword + description: | + Email address or user ID associated with the event. + - name: UserIp + type: keyword + description: | + IP address associated with the user. + - name: OperationName + type: keyword + description: | + Event subtype. + - name: ServiceName + type: keyword + description: | + Service associated with this event. + - name: Success + type: boolean + description: | + Indicator of whether or not this event was successful. + - name: UTCTimestamp + type: date + description: | + Timestamp associated with this event in UTC UNIX format. + - name: AuditKeyValues + type: nested + description: | + Fields that were changed in this event. + - name: SessionId + type: keyword + description: | + Session ID of the remote response session. + - name: HostnameField + type: keyword + description: | + Host name of the machine for the remote session. + - name: StartTimestamp + type: date + description: | + Start time for the remote session in UTC UNIX format. + - name: EndTimestamp + type: date + description: | + End time for the remote session in UTC UNIX format. diff --git a/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/package-fields.yml b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/package-fields.yml new file mode 100644 index 00000000000..7b4331e306a --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: crowdstrike + type: group diff --git a/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/manifest.yml b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/manifest.yml new file mode 100644 index 00000000000..bb0f254c50e --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/dataset/falcon/manifest.yml @@ -0,0 +1,17 @@ +title: Crowdstrike falcon logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/crowdstrike/falconhoseclient/output + template_path: log.yml.hbs + title: Crowdstrike falcon logs (log) + description: Collect Crowdstrike falcon logs using log input diff --git a/dev/packages/beats/crowdstrike/0.0.1/docs/README.md b/dev/packages/beats/crowdstrike/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/crowdstrike/0.0.1/img/siem-alerts-cs.jpg b/dev/packages/beats/crowdstrike/0.0.1/img/siem-alerts-cs.jpg new file mode 100644 index 00000000000..b74edfe2293 Binary files /dev/null and b/dev/packages/beats/crowdstrike/0.0.1/img/siem-alerts-cs.jpg differ diff --git a/dev/packages/beats/crowdstrike/0.0.1/img/siem-events-cs.jpg b/dev/packages/beats/crowdstrike/0.0.1/img/siem-events-cs.jpg new file mode 100644 index 00000000000..9839f738213 Binary files /dev/null and b/dev/packages/beats/crowdstrike/0.0.1/img/siem-events-cs.jpg differ diff --git a/dev/packages/beats/crowdstrike/0.0.1/manifest.yml b/dev/packages/beats/crowdstrike/0.0.1/manifest.yml new file mode 100644 index 00000000000..8690553f7ac --- /dev/null +++ b/dev/packages/beats/crowdstrike/0.0.1/manifest.yml @@ -0,0 +1,31 @@ +format_version: 1.0.0 +name: crowdstrike +title: Crowdstrike +version: 0.0.1 +license: basic +description: Crowdstrike Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +screenshots: +- src: /img/siem-alerts-cs.jpg + title: siem alerts cs + size: 3360x1776 + type: image/jpg +- src: /img/siem-events-cs.jpg + title: siem events cs + size: 3360x1776 + type: image/jpg +datasources: +- name: crowdstrike + title: Crowdstrike logs + description: Collect logs from Crowdstrike instances + inputs: + - type: logs + title: Collect logs from Crowdstrike instances + description: Collecting Crowdstrike falcon logs diff --git a/dev/packages/beats/docker/0.0.1/dataset/container/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/container/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..8c3f8f463e7 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/container/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["container"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 00000000000..6a8410c9682 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,35 @@ +- name: docker.container + type: group + release: ga + fields: + - name: command + type: keyword + description: | + Command that was executed in the Docker container. + - name: created + type: date + description: | + Date when the container was created. + - name: status + type: keyword + description: | + Container status. + - name: ip_addresses + type: ip + description: | + Container IP addresses. + - name: size + type: group + fields: + - name: root_fs + type: long + description: | + Total size of all the files in the container. + - name: rw + type: long + description: | + Size of the files that have been created or changed since creation. + - name: tags + type: keyword + description: | + Image tags. diff --git a/dev/packages/beats/docker/0.0.1/dataset/container/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/container/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/container/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/container/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/container/manifest.yml new file mode 100644 index 00000000000..5f7f0a03f18 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/container/manifest.yml @@ -0,0 +1,23 @@ +title: Docker container metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker container metrics + description: Collect Docker container metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..eeac3e6f876 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["cpu"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/fields.yml new file mode 100644 index 00000000000..c675ad14e50 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/fields.yml @@ -0,0 +1,70 @@ +- name: docker.cpu + type: group + release: ga + fields: + - name: kernel.pct + type: scaled_float + format: percent + description: | + Percentage of time in kernel space. + - name: kernel.norm.pct + type: scaled_float + format: percent + description: | + Percentage of time in kernel space normalized by the number of CPU cores. + - name: kernel.ticks + type: long + description: | + CPU ticks in kernel space. + - name: system.pct + type: scaled_float + format: percent + description: | + Percentage of total CPU time in the system. + - name: system.norm.pct + type: scaled_float + format: percent + description: | + Percentage of total CPU time in the system normalized by the number of CPU cores. + - name: system.ticks + type: long + description: | + CPU system ticks. + - name: user.pct + type: scaled_float + format: percent + description: | + Percentage of time in user space. + - name: user.norm.pct + type: scaled_float + format: percent + description: | + Percentage of time in user space normalized by the number of CPU cores. + - name: user.ticks + type: long + description: | + CPU ticks in user space. + - name: total.pct + type: scaled_float + format: percent + description: | + Total CPU usage. + - name: total.norm.pct + type: scaled_float + format: percent + description: | + Total CPU usage normalized by the number of CPU cores. + - name: core.*.pct + type: object + format: percent + description: | + Percentage of CPU time in this core. + - name: core.*.norm.pct + type: object + format: percent + description: | + Percentage of CPU time in this core, normalized by the number of CPU cores. + - name: core.*.ticks + type: object + description: | + Number of CPU ticks in this core. diff --git a/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/cpu/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/cpu/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/cpu/manifest.yml new file mode 100644 index 00000000000..9f3a671dae3 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/cpu/manifest.yml @@ -0,0 +1,23 @@ +title: Docker cpu metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker cpu metrics + description: Collect Docker cpu metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..db8c1eeac2d --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["diskio"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/fields.yml new file mode 100644 index 00000000000..0ec2fa8d4df --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/fields.yml @@ -0,0 +1,100 @@ +- name: docker.diskio + type: group + release: ga + fields: + - name: read + type: group + fields: + - name: ops + type: long + description: | + Number of reads during the life of the container + - name: bytes + type: long + format: bytes + description: | + Bytes read during the life of the container + - name: rate + type: long + description: | + Number of current reads per second + - name: service_time + type: long + description: | + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: | + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: | + Total number of queued requests + - name: reads + type: scaled_float + description: | + Number of current reads per second + - name: write + type: group + fields: + - name: ops + type: long + description: | + Number of writes during the life of the container + - name: bytes + type: long + format: bytes + description: | + Bytes written during the life of the container + - name: rate + type: long + description: | + Number of current writes per second + - name: service_time + type: long + description: | + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: | + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: | + Total number of queued requests + - name: writes + type: scaled_float + description: | + Number of current writes per second + - name: summary + type: group + fields: + - name: ops + type: long + description: | + Number of I/O operations during the life of the container + - name: bytes + type: long + format: bytes + description: | + Bytes read and written during the life of the container + - name: rate + type: long + description: | + Number of current operations per second + - name: service_time + type: long + description: | + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: | + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: | + Total number of queued requests + - name: total + type: scaled_float + description: | + Number of reads and writes per second diff --git a/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/diskio/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/diskio/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/diskio/manifest.yml new file mode 100644 index 00000000000..eae8affbc0a --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/diskio/manifest.yml @@ -0,0 +1,23 @@ +title: Docker diskio metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker diskio metrics + description: Collect Docker diskio metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/event/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/event/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..789ae75548d --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/event/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["event"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/event/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/event/fields/fields.yml new file mode 100644 index 00000000000..077cae2dc2a --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/event/fields/fields.yml @@ -0,0 +1,35 @@ +- name: docker.event + type: group + release: ga + fields: + - name: status + type: keyword + description: | + Event status + - name: id + type: keyword + description: | + Event id when available + - name: from + type: keyword + description: | + Event source + - name: type + type: keyword + description: | + The type of object emitting the event + - name: action + type: keyword + description: | + The type of event + - name: actor + type: group + fields: + - name: id + type: keyword + description: | + The ID of the object emitting the event + - name: attributes + type: object + description: | + Various key/value attributes of the object, depending on its type diff --git a/dev/packages/beats/docker/0.0.1/dataset/event/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/event/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/event/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/event/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/event/manifest.yml new file mode 100644 index 00000000000..6b6596d60fe --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/event/manifest.yml @@ -0,0 +1,23 @@ +title: Docker event metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker event metrics + description: Collect Docker event metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/healthcheck/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9be0767a644 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["healthcheck"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/fields.yml new file mode 100644 index 00000000000..672d4151ec7 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/fields.yml @@ -0,0 +1,31 @@ +- name: docker.healthcheck + type: group + release: ga + fields: + - name: failingstreak + type: integer + description: | + concurent failed check + - name: status + type: keyword + description: | + Healthcheck status code + - name: event + type: group + fields: + - name: end_date + type: date + description: | + Healthcheck end date + - name: start_date + type: date + description: | + Healthcheck start date + - name: output + type: keyword + description: | + Healthcheck output + - name: exit_code + type: integer + description: | + Healthcheck status code diff --git a/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/healthcheck/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/manifest.yml new file mode 100644 index 00000000000..bd6a731dfa4 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/healthcheck/manifest.yml @@ -0,0 +1,23 @@ +title: Docker healthcheck metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker healthcheck metrics + description: Collect Docker healthcheck metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/image/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/image/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1b65ed5245a --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/image/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["image"] diff --git a/dev/packages/beats/docker/0.0.1/dataset/image/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/image/fields/fields.yml new file mode 100644 index 00000000000..ef7bb423eaa --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/image/fields/fields.yml @@ -0,0 +1,38 @@ +- name: docker.image + type: group + release: ga + fields: + - name: id + type: group + fields: + - name: current + type: keyword + description: | + Unique image identifier given upon its creation. + - name: parent + type: keyword + description: | + Identifier of the image, if it exists, from which the current image directly descends. + - name: created + type: date + description: | + Date and time when the image was created. + - name: size + type: group + fields: + - name: virtual + type: long + description: | + Size of the image. + - name: regular + type: long + description: | + Total size of the all cached images associated to the current image. + - name: labels + type: object + description: | + Image labels. + - name: tags + type: keyword + description: | + Image tags. diff --git a/dev/packages/beats/docker/0.0.1/dataset/image/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/image/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/image/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/image/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/image/manifest.yml new file mode 100644 index 00000000000..e23f69b4bd9 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/image/manifest.yml @@ -0,0 +1,7 @@ +title: Docker image metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + title: Docker image metrics + description: Collect Docker image metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/info/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/info/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0753a615246 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/info/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["info"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 00000000000..14958039942 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,31 @@ +- name: docker.info + type: group + release: ga + fields: + - name: containers + type: group + fields: + - name: paused + type: long + description: | + Total number of paused containers. + - name: running + type: long + description: | + Total number of running containers. + - name: stopped + type: long + description: | + Total number of stopped containers. + - name: total + type: long + description: | + Total number of existing containers. + - name: id + type: keyword + description: | + Unique Docker host identifier. + - name: images + type: long + description: | + Total number of existing images. diff --git a/dev/packages/beats/docker/0.0.1/dataset/info/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/info/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/info/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/info/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/info/manifest.yml new file mode 100644 index 00000000000..a199af4e47f --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/info/manifest.yml @@ -0,0 +1,23 @@ +title: Docker info metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker info metrics + description: Collect Docker info metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/memory/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/memory/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d8d8d45d6ec --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/memory/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["memory"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 00000000000..ad1850be8ce --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,66 @@ +- name: docker.memory + type: group + release: ga + fields: + - name: stats.* + type: object + description: | + Raw memory stats from the cgroups memory.stat interface + - name: commit + type: group + fields: + - name: total + type: long + format: bytes + description: | + Total bytes + - name: peak + type: long + format: bytes + description: | + Peak committed bytes on Windows + - name: private_working_set.total + type: long + format: bytes + description: | + private working sets on Windows + - name: fail.count + type: scaled_float + description: | + Fail counter. + - name: limit + type: long + format: bytes + description: | + Memory limit. + - name: rss + type: group + fields: + - name: total + type: long + format: bytes + description: | + Total memory resident set size. + - name: pct + type: scaled_float + format: percent + description: | + Memory resident set size percentage. + - name: usage + type: group + fields: + - name: max + type: long + format: bytes + description: | + Max memory usage. + - name: pct + type: scaled_float + format: percent + description: | + Memory usage percentage. + - name: total + type: long + format: bytes + description: | + Total memory usage. diff --git a/dev/packages/beats/docker/0.0.1/dataset/memory/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/memory/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/memory/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/memory/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/memory/manifest.yml new file mode 100644 index 00000000000..47c6e978d93 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/memory/manifest.yml @@ -0,0 +1,23 @@ +title: Docker memory metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker memory metrics + description: Collect Docker memory metrics diff --git a/dev/packages/beats/docker/0.0.1/dataset/network/agent/stream/stream.yml.hbs b/dev/packages/beats/docker/0.0.1/dataset/network/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..62da6e1cd81 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/network/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["network"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/docker/0.0.1/dataset/network/fields/fields.yml b/dev/packages/beats/docker/0.0.1/dataset/network/fields/fields.yml new file mode 100644 index 00000000000..f2f5e13e15d --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/network/fields/fields.yml @@ -0,0 +1,88 @@ +- name: docker.network + type: group + release: ga + fields: + - name: interface + type: keyword + description: | + Network interface name. + - name: in + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total number of incoming bytes. + - name: dropped + type: scaled_float + description: | + Total number of dropped incoming packets. + - name: errors + type: long + description: | + Total errors on incoming packets. + - name: packets + type: long + description: | + Total number of incoming packets. + - name: out + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total number of outgoing bytes. + - name: dropped + type: scaled_float + description: | + Total number of dropped outgoing packets. + - name: errors + type: long + description: | + Total errors on outgoing packets. + - name: packets + type: long + description: | + Total number of outgoing packets. + - name: inbound + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total number of incoming bytes. + - name: dropped + type: long + description: | + Total number of dropped incoming packets. + - name: errors + type: long + description: | + Total errors on incoming packets. + - name: packets + type: long + description: | + Total number of incoming packets. + - name: outbound + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total number of outgoing bytes. + - name: dropped + type: long + description: | + Total number of dropped outgoing packets. + - name: errors + type: long + description: | + Total errors on outgoing packets. + - name: packets + type: long + description: | + Total number of outgoing packets. diff --git a/dev/packages/beats/docker/0.0.1/dataset/network/fields/package-fields.yml b/dev/packages/beats/docker/0.0.1/dataset/network/fields/package-fields.yml new file mode 100644 index 00000000000..13a94c1660b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/network/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: docker + type: group diff --git a/dev/packages/beats/docker/0.0.1/dataset/network/manifest.yml b/dev/packages/beats/docker/0.0.1/dataset/network/manifest.yml new file mode 100644 index 00000000000..0970b3c8003 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/dataset/network/manifest.yml @@ -0,0 +1,23 @@ +title: Docker network metrics +release: experimental +type: metrics +streams: +- input: docker/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/docker.sock + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Docker network metrics + description: Collect Docker network metrics diff --git a/dev/packages/beats/docker/0.0.1/docs/README.md b/dev/packages/beats/docker/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/img/logo_docker.svg b/dev/packages/beats/docker/0.0.1/img/logo_docker.svg new file mode 100644 index 00000000000..b61583f95d7 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/img/logo_docker.svg @@ -0,0 +1 @@ + diff --git a/dev/packages/beats/docker/0.0.1/kibana/dashboard/AV4REOpp5NkDleZmzKkE-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/dashboard/AV4REOpp5NkDleZmzKkE-ecs.json new file mode 100644 index 00000000000..0bdd1de2f4d --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/dashboard/AV4REOpp5NkDleZmzKkE-ecs.json @@ -0,0 +1,182 @@ +{ + "attributes": { + "description": "Overview of docker containers", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "asc" + } + } + } + }, + "gridData": { + "h": 20, + "i": "1", + "w": 28, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 8, + "x": 28, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 36, + "y": 8 + }, + "panelIndex": "7", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Docker] Overview ECS", + "version": 1 + }, + "id": "AV4REOpp5NkDleZmzKkE-ecs", + "references": [ + { + "id": "Docker-containers-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Docker-Number-of-Containers-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Docker-containers-per-host-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Docker-images-and-names-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "Docker-CPU-usage-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "Docker-memory-usage-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "Docker-Network-IO-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/search/Metricbeat-Docker-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/search/Metricbeat-Docker-ecs.json new file mode 100644 index 00000000000..37d14043586 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/search/Metricbeat-Docker-ecs.json @@ -0,0 +1,49 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:docker.container OR stream.dataset:docker.cpu OR stream.dataset:docker.diskio OR stream.dataset:docker.event OR stream.dataset:docker.healthcheck OR stream.dataset:docker.image OR stream.dataset:docker.info OR stream.dataset:docker.memory OR stream.dataset:docker.network)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Metrics Docker ECS", + "version": 1 + }, + "id": "Metrics-Docker-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-CPU-usage-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-CPU-usage-ecs.json new file mode 100644 index 00000000000..169b948f4f2 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-CPU-usage-ecs.json @@ -0,0 +1,161 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:docker.cpu" + } + } + }, + "title": "CPU usage [Metrics Docker] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total CPU time", + "field": "docker.cpu.total.pct", + "percents": [ + 75 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Container name", + "field": "container.name", + "order": "desc", + "orderBy": "1.75", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "top", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "CPU usage [Metrics Docker] ECS", + "type": "area" + } + }, + "id": "Docker-CPU-usage-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Network-IO-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Network-IO-ecs.json new file mode 100644 index 00000000000..17d9320d883 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Network-IO-ecs.json @@ -0,0 +1,168 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:docker.network" + } + } + }, + "title": "Network IO [Metrics Docker] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "IN bytes", + "field": "docker.network.in.bytes" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Container name", + "field": "container.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "OUT bytes", + "field": "docker.network.out.bytes" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "top", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Network IO [Metrics Docker] ECS", + "type": "area" + } + }, + "id": "Docker-Network-IO-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Number-of-Containers-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Number-of-Containers-ecs.json new file mode 100644 index 00000000000..9215bf50c40 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-Number-of-Containers-ecs.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Number of Containers [Metrics Docker] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Running", + "field": "docker.info.containers.running" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Paused", + "field": "docker.info.containers.paused" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Stopped", + "field": "docker.info.containers.stopped" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "36", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Number of Containers [Metrics Docker] ECS", + "type": "metric" + } + }, + "id": "Docker-Number-of-Containers-ecs", + "references": [ + { + "id": "Metrics-Docker-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-ecs.json new file mode 100644 index 00000000000..427db2b8fc0 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-ecs.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Docker containers [Metrics Docker] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "asc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Name", + "field": "container.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "CPU usage (%)", + "field": "docker.cpu.total.pct" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "DiskIO", + "field": "docker.diskio.total" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Mem (%)", + "field": "docker.memory.usage.pct" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Mem RSS", + "field": "docker.memory.rss.total" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of Containers", + "field": "container.id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "perPage": 8, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Docker containers [Metrics Docker] ECS", + "type": "table" + } + }, + "id": "Docker-containers-ecs", + "references": [ + { + "id": "Metrics-Docker-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-per-host-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-per-host-ecs.json new file mode 100644 index 00000000000..11263d39b9b --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-containers-per-host-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Docker containers per host [Metrics Docker] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of containers", + "field": "container.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Hosts", + "field": "agent.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Docker containers per host [Metrics Docker] ECS", + "type": "pie" + } + }, + "id": "Docker-containers-per-host-ecs", + "references": [ + { + "id": "Metrics-Docker-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-images-and-names-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-images-and-names-ecs.json new file mode 100644 index 00000000000..f68e6f900ee --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-images-and-names-ecs.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Docker images and names [Metrics Docker] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "container.image.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "container.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Docker images and names [Metrics Docker] ECS", + "type": "pie" + } + }, + "id": "Docker-images-and-names-ecs", + "references": [ + { + "id": "Metrics-Docker-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-memory-usage-ecs.json b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-memory-usage-ecs.json new file mode 100644 index 00000000000..3dc647fadd2 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/kibana/visualization/Docker-memory-usage-ecs.json @@ -0,0 +1,158 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:docker.memory" + } + } + }, + "title": "Memory usage [Metrics Docker] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Memory", + "field": "docker.memory.usage.total" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Container name", + "field": "container.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "top", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Memory usage [Metrics Docker] ECS", + "type": "area" + } + }, + "id": "Docker-memory-usage-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/docker/0.0.1/manifest.yml b/dev/packages/beats/docker/0.0.1/manifest.yml new file mode 100644 index 00000000000..e9411e70bd0 --- /dev/null +++ b/dev/packages/beats/docker/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: docker +title: Docker +version: 0.0.1 +license: basic +description: Docker Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +icons: +- src: /img/logo_docker.svg + title: logo docker + size: 32x32 + type: image/svg+xml +datasources: +- name: docker + title: Docker metrics + description: Collect metrics from Docker instances + inputs: + - type: docker/metrics + title: Collect metrics from Docker instances + description: Collecting Docker container, cpu, diskio, event, healthcheck, image, + info, memory and network metrics diff --git a/dev/packages/beats/dropwizard/0.0.1/dataset/collector/agent/stream/stream.yml.hbs b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1202326557d --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/agent/stream/stream.yml.hbs @@ -0,0 +1,12 @@ +metricsets: ["collector"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if metrics_path}} +metrics_path: {{metrics_path}} +{{/if}} +{{#if namespace}} +namespace: {{namespace}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/fields.yml b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/fields.yml new file mode 100644 index 00000000000..23f74941915 --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/fields.yml @@ -0,0 +1,3 @@ +- name: dropwizard. + type: keyword + release: ga diff --git a/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/package-fields.yml b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/package-fields.yml new file mode 100644 index 00000000000..ffa09614a2c --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: dropwizard + type: group diff --git a/dev/packages/beats/dropwizard/0.0.1/dataset/collector/manifest.yml b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/manifest.yml new file mode 100644 index 00000000000..a105fa0a25d --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/dataset/collector/manifest.yml @@ -0,0 +1,15 @@ +title: Dropwizard collector metrics +release: experimental +type: metrics +streams: +- input: dropwizard/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Dropwizard collector metrics + description: Collect Dropwizard collector metrics diff --git a/dev/packages/beats/dropwizard/0.0.1/docs/README.md b/dev/packages/beats/dropwizard/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/dropwizard/0.0.1/img/logo_dropwizard.svg b/dev/packages/beats/dropwizard/0.0.1/img/logo_dropwizard.svg new file mode 100644 index 00000000000..c62372fa8e8 --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/img/logo_dropwizard.svg @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/dropwizard/0.0.1/manifest.yml b/dev/packages/beats/dropwizard/0.0.1/manifest.yml new file mode 100644 index 00000000000..335fc4cc133 --- /dev/null +++ b/dev/packages/beats/dropwizard/0.0.1/manifest.yml @@ -0,0 +1,50 @@ +format_version: 1.0.0 +name: dropwizard +title: Dropwizard +version: 0.0.1 +license: basic +description: Dropwizard Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/logo_dropwizard.svg + title: logo dropwizard + size: 32x32 + type: image/svg+xml +datasources: +- name: dropwizard + title: Dropwizard metrics + description: Collect metrics from Dropwizard instances + inputs: + - type: dropwizard/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8080 + - name: metrics_path + type: text + title: Metrics Path + multi: false + required: true + show_user: true + default: /metrics/metrics + - name: namespace + type: text + title: Namespace + multi: false + required: true + show_user: true + default: example + title: Collect metrics from Dropwizard instances + description: Collecting Dropwizard collector metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/agent/stream/log.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ed4036fef5b --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f5d59b5c7ba --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,67 @@ +--- +description: Pipeline for parsing elasticsearch audit logs +processors: +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{CHAR:first_char} + pattern_definitions: + CHAR: . +- pipeline: + if: ctx.first_char != '{' + name: '{{ IngestPipeline "pipeline-plaintext" }}' +- pipeline: + if: ctx.first_char == '{' + name: '{{ IngestPipeline "pipeline-json" }}' +- set: + field: event.kind + value: event +- set: + field: event.category + value: database +- set: + if: "ctx?.elasticsearch?.audit?.event_type != null" + field: event.type + value: access +- script: + lang: painless + source: >- + def successEvents = ['authentication_success', 'access_granted', 'run_as_granted', 'connection_granted']; + if (ctx?.elasticsearch?.audit?.event_type != null && successEvents.contains(ctx.elasticsearch.audit.event_type)) { + ctx.event.outcome = 'success'; + } else { + ctx.event.outcome = 'failure'; + } + if (ctx?.event.action != null && successEvents.contains(ctx.event.action)) { + ctx.event.outcome = 'success'; + } else { + ctx.event.outcome = 'failure'; + } + +- lowercase: + field: http.request.method + ignore_missing: true +- set: + field: host.id + value: "{{elasticsearch.node.id}}" + if: "ctx?.elasticsearch?.node?.id != null" +- set: + field: host.name + value: "{{elasticsearch.node.name}}" + if: "ctx?.elasticsearch?.node?.name != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- remove: + field: elasticsearch.audit.@timestamp +- remove: + field: + - first_char +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-json.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-json.yml new file mode 100644 index 00000000000..1bad9388325 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-json.yml @@ -0,0 +1,126 @@ +--- +description: Pipeline for parsing elasticsearch audit logs in JSON format +processors: +- json: + field: message + target_field: elasticsearch.audit +- drop: + if: ctx.elasticsearch.audit?.type != null && ctx.elasticsearch.audit.type != 'audit' +- remove: + field: elasticsearch.audit.type + ignore_missing: true +- date: + if: ctx.elasticsearch.audit['@timestamp'] != null && ctx.event.timezone != null + field: elasticsearch.audit.@timestamp + target_field: elasticsearch.audit.@timestamp + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + - yyyy-MM-dd'T'HH:mm:ss,SSSZ + timezone: '{{ event.timezone }}' +- remove: + if: ctx.elasticsearch.audit['@timestamp'] == null && ctx.event.timezone != null + field: event.timezone +- rename: + field: elasticsearch.audit.timestamp + target_field: elasticsearch.audit.@timestamp + ignore_missing: true +- dot_expander: + field: event.action + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.event.action + target_field: event.action + ignore_missing: true +- dot_expander: + field: event.type + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.event.type + target_field: elasticsearch.audit.layer + ignore_missing: true +- dot_expander: + field: origin.address + path: elasticsearch.audit +- grok: + field: elasticsearch.audit.origin.address + patterns: + - \[%{IPORHOST:source.ip}\]:%{INT:source.port:int} + - '%{IPORHOST:source.ip}:%{INT:source.port:int}' + ignore_missing: true +- rename: + field: elasticsearch.audit.origin.address + target_field: source.address + ignore_missing: true +- dot_expander: + field: url.path + path: elasticsearch.audit +- dot_expander: + field: url.query + path: elasticsearch.audit +- set: + if: ctx.elasticsearch.audit?.url?.path != null && ctx.elasticsearch.audit?.url?.query + == null + field: url.original + value: '{{elasticsearch.audit.url.path}}' +- set: + if: ctx.elasticsearch.audit?.url?.path != null && ctx.elasticsearch.audit?.url?.query + != null + field: url.original + value: '{{elasticsearch.audit.url.path}}?{{elasticsearch.audit.url.query}}' +- remove: + if: ctx.elasticsearch.audit?.url?.path != null + field: elasticsearch.audit.url.path +- remove: + if: ctx.elasticsearch.audit?.url?.query != null + field: elasticsearch.audit.url.query +- dot_expander: + field: node.id + path: elasticsearch.audit +- dot_expander: + field: node.name + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.node + target_field: elasticsearch.node +- dot_expander: + field: user.name + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.user.name + target_field: user.name + ignore_missing: true +- dot_expander: + field: request.method + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.request.method + target_field: http.request.method + ignore_missing: true +- dot_expander: + field: request.body + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.request.body + target_field: http.request.body.content + ignore_missing: true +- dot_expander: + field: cluster.name + path: elasticsearch.audit +- rename: + field: elasticsearch.audit.cluster.name + target_field: elasticsearch.cluster.name + ignore_missing: true +- rename: + field: elasticsearch.audit.level + target_field: log.level + ignore_missing: true +- date: + field: elasticsearch.audit.@timestamp + target_field: '@timestamp' + formats: + - ISO8601 + ignore_failure: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-plaintext.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-plaintext.yml new file mode 100644 index 00000000000..79d47602a33 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/pipeline-plaintext.yml @@ -0,0 +1,63 @@ +--- +description: Pipeline for parsing elasticsearch audit logs in plaintext format +processors: +- grok: + field: message + pattern_definitions: + ES_TIMESTAMP: \[%{TIMESTAMP_ISO8601:elasticsearch.audit.@timestamp}\] + ES_NODE_NAME: (\[%{DATA:elasticsearch.node.name}\])? + ES_AUDIT_LAYER: \[%{WORD:elasticsearch.audit.layer}\] + ES_AUDIT_EVENT_TYPE: \[%{WORD:elasticsearch.audit.event_type}\] + ES_AUDIT_ORIGIN_TYPE: (origin_type\=\[%{WORD:elasticsearch.audit.origin.type}\])? + ES_AUDIT_ORIGIN_ADDRESS: (origin_address\=\[%{IPORHOST:source.ip}\])? + ES_AUDIT_PRINCIPAL: (principal\=\[%{DATA:user.name}\])? + ES_AUDIT_REALM: (realm\=\[%{WORD:elasticsearch.audit.realm}\])? + ES_AUDIT_ROLES: (roles\=\[%{DATA:elasticsearch.audit.user.roles}\])? + ES_AUDIT_ACTION: (action\=\[%{DATA:elasticsearch.audit.action}(\[%{DATA:elasticsearch.audit.sub_action}\])?\])? + ES_AUDIT_URI: (uri=\[%{DATA:url.original}\])? + ES_AUDIT_URI_PARAMS: (params=\[%{DATA:elasticsearch.audit.url.params}\])? + ES_AUDIT_INDICES: (indices\=\[%{DATA:elasticsearch.audit.indices}\])? + ES_AUDIT_REQUEST: (request\=\[%{WORD:elasticsearch.audit.request.name}\])? + ES_AUDIT_REQUEST_BODY: (request_body\=\[%{DATA:http.request.body.content}\])? + patterns: + - '%{ES_TIMESTAMP}\s*%{ES_NODE_NAME}\s*%{ES_AUDIT_LAYER}\s*%{ES_AUDIT_EVENT_TYPE}\s*%{ES_AUDIT_ORIGIN_TYPE},?\s*%{ES_AUDIT_ORIGIN_ADDRESS},?\s*%{ES_AUDIT_PRINCIPAL},?\s*%{ES_AUDIT_REALM},?\s*%{ES_AUDIT_ROLES},?\s*%{ES_AUDIT_ACTION},?\s*%{ES_AUDIT_INDICES},?\s*%{ES_AUDIT_URI},?\s*%{ES_AUDIT_URI_PARAMS},?\s*%{ES_AUDIT_REQUEST},?\s*%{ES_AUDIT_REQUEST_BODY},?' +- split: + field: elasticsearch.audit.user.roles + separator: ',' + ignore_missing: true +- split: + field: elasticsearch.audit.indices + separator: ',' + ignore_missing: true +- script: + lang: painless + source: if (ctx.elasticsearch.audit.sub_action != null) { ctx.elasticsearch.audit.action + += '[' + ctx.elasticsearch.audit.sub_action + ']' } +- remove: + field: elasticsearch.audit.sub_action + ignore_missing: true +- date: + if: ctx.event.timezone == null + field: elasticsearch.audit.@timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: elasticsearch.audit.@timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/ecs.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/ecs.yml new file mode 100644 index 00000000000..571099d4f8d --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/ecs.yml @@ -0,0 +1,57 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.body.content + level: extended + type: keyword + description: The full HTTP request body. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: source + title: Source + group: 2 + type: group + fields: + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 00000000000..9d11c690333 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,42 @@ +- name: elasticsearch.audit + type: group + fields: + - name: layer + type: keyword + description: 'The layer from which this event originated: rest, transport or ip_filter' + - name: event_type + type: keyword + description: 'The type of event that occurred: anonymous_access_denied, authentication_failed, + access_denied, access_granted, connection_granted, connection_denied, tampered_request, + run_as_granted, run_as_denied' + - name: origin.type + type: keyword + description: 'Where the request originated: rest (request originated from a REST + API request), transport (request was received on the transport channel), local_node + (the local node issued the request)' + - name: realm + type: keyword + description: The authentication realm the authentication was validated against + - name: user.realm + type: keyword + description: The user's authentication realm, if authenticated + - name: user.roles + type: keyword + description: Roles to which the principal belongs + - name: action + type: keyword + description: The name of the action that was executed + - name: url.params + type: keyword + description: REST URI parameters + - name: indices + type: keyword + description: Indices accessed by action + - name: request.id + type: keyword + description: Unique ID of request + - name: request.name + type: keyword + description: The type of request that was executed + - name: message + type: text diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/package-fields.yml new file mode 100644 index 00000000000..547bb2b0a55 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/fields/package-fields.yml @@ -0,0 +1,27 @@ +- name: elasticsearch + type: group + fields: + - name: component + type: keyword + description: Elasticsearch component from where the log event originated + - name: cluster.uuid + type: keyword + description: UUID of the cluster + - name: cluster.name + type: keyword + description: Name of the cluster + - name: node.id + type: keyword + description: ID of the node + - name: node.name + type: keyword + description: Name of the node + - name: index.name + type: keyword + description: Index name + - name: index.id + type: keyword + description: Index id + - name: shard.id + type: keyword + description: Id of the shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/manifest.yml new file mode 100644 index 00000000000..2cde4071024 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/audit/manifest.yml @@ -0,0 +1,30 @@ +title: elasticsearch audit logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/elasticsearch/*_access.log + - /var/log/elasticsearch/*_audit.log + - /var/log/elasticsearch/*_audit.json + os: + darwin: + default: + - /usr/local/var/lib/elasticsearch/*_access.log + - /usr/local/var/lib/elasticsearch/*_audit.log + - /usr/local/var/lib/elasticsearch/*_audit.json + windows: + default: + - c:/ProgramData/Elastic/Elasticsearch/logs/*_access.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_audit.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_audit.json + template_path: log.yml.hbs + title: elasticsearch audit logs (log) + description: Collect elasticsearch audit logs using log input diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b2e9a5030b6 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["ccr"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/fields.yml new file mode 100644 index 00000000000..c5f248750db --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/fields.yml @@ -0,0 +1,38 @@ +- name: elasticsearch.ccr + type: group + release: ga + fields: + - name: leader + type: group + fields: + - name: index + type: keyword + description: | + Name of leader index + - name: max_seq_no + type: long + description: | + Maximum sequence number of operation on the leader shard + - name: follower + type: group + fields: + - name: index + type: keyword + description: | + Name of follower index + - name: shard.number + type: long + description: | + Number of the shard within the index + - name: operations_written + type: long + description: | + Number of operations indexed (replicated) into the follower shard from the leader shard + - name: time_since_last_read.ms + type: long + description: | + Time, in ms, since the follower last fetched from the leader + - name: global_checkpoint + type: long + description: | + Global checkpoint value on follower shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/manifest.yml new file mode 100644 index 00000000000..501313a0220 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ccr/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch ccr metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch ccr metrics + description: Collect Elasticsearch ccr metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c131b14caa9 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["cluster_stats"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/fields.yml new file mode 100644 index 00000000000..41d050910ca --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/fields.yml @@ -0,0 +1,45 @@ +- name: elasticsearch.cluster.stats + type: group + release: ga + fields: + - name: status + type: keyword + description: | + Cluster status (green, yellow, red). + - name: nodes + type: group + fields: + - name: count + type: long + description: | + Total number of nodes in cluster. + - name: master + type: long + description: | + Number of master-eligible nodes in cluster. + - name: data + type: long + description: | + Number of data nodes in cluster. + - name: indices + type: group + fields: + - name: count + type: long + description: | + Total number of indices in cluster. + - name: shards + type: group + fields: + - name: count + type: long + description: | + Total number of shards in cluster. + - name: primaries + type: long + description: | + Total number of primary shards in cluster. + - name: fielddata.memory.bytes + type: long + description: | + Memory used for fielddata. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/manifest.yml new file mode 100644 index 00000000000..82153f4db10 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/cluster_stats/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch cluster_stats metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch cluster_stats metrics + description: Collect Elasticsearch cluster_stats metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/agent/stream/log.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e2e3ad1d7f6 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$","_slowlog.log$","_access.log$"] +multiline: + pattern: '^(\[[0-9]{4}-[0-9]{2}-[0-9]{2}|{)' + negate: true + match: after +processors: +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..ff2a4fbcd44 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,47 @@ +--- +description: Pipeline for parsing elasticsearch deprecation logs +processors: +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{CHAR:first_char} + pattern_definitions: + CHAR: . +- pipeline: + if: ctx.first_char != '{' + name: '{{ IngestPipeline "pipeline-plaintext" }}' +- pipeline: + if: ctx.first_char == '{' + name: '{{ IngestPipeline "pipeline-json" }}' +- set: + field: event.kind + value: event +- set: + field: event.category + value: database +- set: + field: event.type + value: info +- set: + field: host.id + value: "{{elasticsearch.node.id}}" + if: "ctx?.elasticsearch?.node?.id != null" +- set: + field: host.name + value: "{{elasticsearch.node.name}}" + if: "ctx?.elasticsearch?.node?.name != null" +- remove: + field: + - elasticsearch.deprecation.timestamp + - elasticsearch.deprecation.@timestamp + ignore_missing: true +- remove: + field: + - first_char +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-json.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-json.yml new file mode 100644 index 00000000000..6220bfcc7c1 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-json.yml @@ -0,0 +1,95 @@ +--- +description: Pipeline for parsing the Elasticsearch deprecation log file in JSON format. +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- json: + field: message + target_field: elasticsearch.deprecation +- drop: + if: ctx.elasticsearch.deprecation.type != 'deprecation' +- remove: + field: elasticsearch.deprecation.type +- dot_expander: + field: service.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.service.name + target_field: service.name + ignore_missing: true +- rename: + field: elasticsearch.deprecation.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.level + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.log.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.logger + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.log.logger + target_field: log.logger + ignore_missing: true +- dot_expander: + field: process.thread.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.process.thread.name + target_field: process.thread.name + ignore_missing: true +- rename: + field: elasticsearch.deprecation.component + target_field: elasticsearch.component + ignore_missing: true +- dot_expander: + field: cluster.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.cluster.name + target_field: elasticsearch.cluster.name +- dot_expander: + field: node.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.node.name + target_field: elasticsearch.node.name +- dot_expander: + field: cluster.uuid + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.cluster.uuid + target_field: elasticsearch.cluster.uuid + ignore_missing: true +- dot_expander: + field: node.id + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.node.id + target_field: elasticsearch.node.id + ignore_missing: true +- remove: + field: message +- rename: + field: elasticsearch.deprecation.message + target_field: message +- rename: + field: elasticsearch.deprecation.@timestamp + target_field: '@timestamp' + ignore_missing: true +- rename: + field: elasticsearch.deprecation.timestamp + target_field: '@timestamp' + ignore_missing: true +- date: + field: '@timestamp' + target_field: '@timestamp' + formats: + - ISO8601 + ignore_failure: true diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-plaintext.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-plaintext.yml new file mode 100644 index 00000000000..60adb002d89 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/elasticsearch/ingest-pipeline/pipeline-plaintext.yml @@ -0,0 +1,38 @@ +--- +description: Pipeline for parsing the Elasticsearch deprecation log file in plaintext + format. +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- grok: + field: message + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + patterns: + - \[%{TIMESTAMP_ISO8601:elasticsearch.deprecation.timestamp}\]\[%{LOGLEVEL:log.level}%{SPACE}\]\[%{DATA:elasticsearch.component}%{SPACE}\] + %{GREEDYMULTILINE:message} +- date: + if: ctx.event.timezone == null + field: elasticsearch.deprecation.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: elasticsearch.deprecation.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/fields.yml new file mode 100644 index 00000000000..dfe88fe875d --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/fields.yml @@ -0,0 +1,2 @@ +- name: elasticsearch.deprecation + type: group diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/package-fields.yml new file mode 100644 index 00000000000..547bb2b0a55 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/fields/package-fields.yml @@ -0,0 +1,27 @@ +- name: elasticsearch + type: group + fields: + - name: component + type: keyword + description: Elasticsearch component from where the log event originated + - name: cluster.uuid + type: keyword + description: UUID of the cluster + - name: cluster.name + type: keyword + description: Name of the cluster + - name: node.id + type: keyword + description: ID of the node + - name: node.name + type: keyword + description: Name of the node + - name: index.name + type: keyword + description: Index name + - name: index.id + type: keyword + description: Index id + - name: shard.id + type: keyword + description: Id of the shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/manifest.yml new file mode 100644 index 00000000000..3af3b63474a --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/deprecation/manifest.yml @@ -0,0 +1,27 @@ +title: elasticsearch deprecation logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/elasticsearch/*_deprecation.log + - /var/log/elasticsearch/*_deprecation.json + os: + darwin: + default: + - /usr/local/var/lib/elasticsearch/*_deprecation.log + - /usr/local/var/lib/elasticsearch/*_deprecation.json + windows: + default: + - c:/ProgramData/Elastic/Elasticsearch/logs/*_deprecation.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_deprecation.json + template_path: log.yml.hbs + title: elasticsearch deprecation logs (log) + description: Collect elasticsearch deprecation logs using log input diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e06d32e8364 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["enrich"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/fields.yml new file mode 100644 index 00000000000..612723ee1a4 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch.enrich + type: group + release: ga + fields: + - name: queue.size + type: long + description: | + Number of search requests in the queue. + - name: remote_requests + type: group + fields: + - name: current + type: long + description: | + Current number of outstanding remote requests. + - name: total + type: long + description: | + Number of outstanding remote requests executed since node startup. + - name: executed_searches.total + type: long + description: | + Number of search requests that enrich processors have executed since node startup. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/manifest.yml new file mode 100644 index 00000000000..bba152ce721 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/enrich/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch enrich metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch enrich metrics + description: Collect Elasticsearch enrich metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/agent/stream/log.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..20745b28233 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/agent/stream/log.yml.hbs @@ -0,0 +1,10 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +exclude_lines: ["^(OpenJDK|Java HotSpot).* Server VM ", "^CommandLine flags: ", "^Memory: ", "^{"] # exclude JVM8 banner and JSON +multiline: + pattern: '^(\[?[0-9]{4}-[0-9]{2}-[0-9]{2}|{)' + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..23f578a6609 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,63 @@ +--- +description: Pipeline for parsing Elasticsearch JVM garbage collection logs +processors: +- grok: + field: message + patterns: + - '(?:%{JVM8HEADER}|%{JVM9HEADER}) Total time for which application threads were + stopped: %{BASE10NUM:elasticsearch.gc.threads_total_stop_time_sec} seconds, + Stopping threads took: %{BASE10NUM:elasticsearch.gc.stopping_threads_time_sec} + seconds' + - '(?:%{JVM8HEADER}) \[GC \(%{DATA:elasticsearch.gc.phase.name}\) \[YG occupancy: + %{BASE10NUM:elasticsearch.gc.young_gen.used_kb} K \(%{BASE10NUM:elasticsearch.gc.young_gen.size_kb} + K\)\]%{BASE10NUM}: \[Rescan \(parallel\) , %{BASE10NUM:elasticsearch.gc.phase.parallel_rescan_time_sec} + secs\]%{BASE10NUM}: \[weak refs processing, %{BASE10NUM:elasticsearch.gc.phase.weak_refs_processing_time_sec} + secs\]%{BASE10NUM}: \[class unloading, %{BASE10NUM:elasticsearch.gc.phase.class_unload_time_sec} + secs\]%{BASE10NUM}: \[scrub symbol table, %{BASE10NUM:elasticsearch.gc.phase.scrub_symbol_table_time_sec} + secs\]%{BASE10NUM}: \[scrub string table, %{BASE10NUM:elasticsearch.gc.phase.scrub_string_table_time_sec} + secs\]\[1 CMS-remark: %{BASE10NUM:elasticsearch.gc.old_gen.used_kb}K\(%{BASE10NUM:elasticsearch.gc.old_gen.size_kb}K\)\] + %{BASE10NUM:elasticsearch.gc.heap.used_kb}K\(%{BASE10NUM:elasticsearch.gc.heap.size_kb}K\), + %{BASE10NUM:elasticsearch.gc.phase.duration_sec} secs\] %{PROCTIME}' + - '(?:%{JVM8HEADER}) \[GC \(%{DATA:elasticsearch.gc.phase.name}\) \[%{BASE10NUM} + CMS-initial-mark: %{BASE10NUM:elasticsearch.gc.old_gen.used_kb}K\(%{BASE10NUM:elasticsearch.gc.old_gen.size_kb}K\)\] + %{BASE10NUM:elasticsearch.gc.heap.used_kb}K\(%{BASE10NUM:elasticsearch.gc.heap.size_kb}K\), + %{BASE10NUM:elasticsearch.gc.phase.duration_sec} secs\] %{PROCTIME}' + - '%{JVM9HEADER} GC\(%{BASE10NUM}\) ParNew: %{BASE10NUM}K-\>%{BASE10NUM:elasticsearch.gc.young_gen.used_kb}K\(%{BASE10NUM:elasticsearch.gc.young_gen.size_kb}K\)' + - '%{JVM9HEADER} GC\(%{BASE10NUM}\) Old: %{BASE10NUM}K-\>%{BASE10NUM:elasticsearch.gc.old_gen.used_kb}K\(%{BASE10NUM:elasticsearch.gc.old_gen.size_kb}K\)' + - (?:%{JVM8HEADER}|%{JVM9HEADER}) %{GREEDYMULTILINE:message} + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + JVM8HEADER: '%{TIMESTAMP_ISO8601:timestamp}: %{BASE10NUM:elasticsearch.gc.jvm_runtime_sec}:' + JVM9HEADER: \[%{TIMESTAMP_ISO8601:timestamp}\]\[%{POSINT:process.pid}\]\[%{DATA:elasticsearch.gc.tags}%{SPACE}\] + PROCTIME: '\[Times: user=%{BASE10NUM:elasticsearch.gc.phase.cpu_time.user_sec} + sys=%{BASE10NUM:elasticsearch.gc.phase.cpu_time.sys_sec}, real=%{BASE10NUM:elasticsearch.gc.phase.cpu_time.real_sec} + secs\]' +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: timestamp + target_field: '@timestamp' + formats: + - ISO8601 +- remove: + field: timestamp +- set: + field: event.kind + value: metric +- set: + field: event.category + value: database +- set: + field: event.type + value: info +- split: + field: elasticsearch.gc.tags + separator: ',' + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/fields.yml new file mode 100644 index 00000000000..63688cbce6b --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/fields.yml @@ -0,0 +1,97 @@ +- name: elasticsearch.gc + type: group + fields: + - name: phase + type: group + fields: + - name: name + type: keyword + description: | + Name of the GC collection phase. + - name: duration_sec + type: float + description: | + Collection phase duration according to the Java virtual machine. + - name: scrub_symbol_table_time_sec + type: float + description: | + Pause time in seconds cleaning up symbol tables. + - name: scrub_string_table_time_sec + type: float + description: | + Pause time in seconds cleaning up string tables. + - name: weak_refs_processing_time_sec + type: float + description: | + Time spent processing weak references in seconds. + - name: parallel_rescan_time_sec + type: float + description: | + Time spent in seconds marking live objects while application is stopped. + - name: class_unload_time_sec + type: float + description: | + Time spent unloading unused classes in seconds. + - name: cpu_time + type: group + fields: + - name: user_sec + type: float + description: | + CPU time spent outside the kernel. + - name: sys_sec + type: float + description: "CPU time spent inside the kernel. \n" + - name: real_sec + type: float + description: | + Total elapsed CPU time spent to complete the collection from start to finish. + - name: jvm_runtime_sec + type: float + description: | + The time from JVM start up in seconds, as a floating point number. + - name: threads_total_stop_time_sec + type: float + description: | + Garbage collection threads total stop time seconds. + - name: stopping_threads_time_sec + type: float + description: | + Time took to stop threads seconds. + - name: tags + type: keyword + description: | + GC logging tags. + - name: heap + type: group + fields: + - name: size_kb + type: integer + description: | + Total heap size in kilobytes. + - name: used_kb + type: integer + description: | + Used heap in kilobytes. + - name: old_gen + type: group + fields: + - name: size_kb + type: integer + description: | + Total size of old generation in kilobytes. + - name: used_kb + type: integer + description: | + Old generation occupancy in kilobytes. + - name: young_gen + type: group + fields: + - name: size_kb + type: integer + description: | + Total size of young generation in kilobytes. + - name: used_kb + type: integer + description: | + Young generation occupancy in kilobytes. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/package-fields.yml new file mode 100644 index 00000000000..547bb2b0a55 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/fields/package-fields.yml @@ -0,0 +1,27 @@ +- name: elasticsearch + type: group + fields: + - name: component + type: keyword + description: Elasticsearch component from where the log event originated + - name: cluster.uuid + type: keyword + description: UUID of the cluster + - name: cluster.name + type: keyword + description: Name of the cluster + - name: node.id + type: keyword + description: ID of the node + - name: node.name + type: keyword + description: Name of the node + - name: index.name + type: keyword + description: Index name + - name: index.id + type: keyword + description: Index id + - name: shard.id + type: keyword + description: Id of the shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/manifest.yml new file mode 100644 index 00000000000..5403a219402 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/gc/manifest.yml @@ -0,0 +1,27 @@ +title: elasticsearch gc logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/elasticsearch/gc.log.[0-9]* + - /var/log/elasticsearch/gc.log + os: + darwin: + default: + - /usr/local/var/lib/elasticsearch/gc.log.[0-9]* + - /usr/local/var/lib/elasticsearch/gc.log + windows: + default: + - c:/ProgramData/Elastic/Elasticsearch/logs/gc.log.* + - c:/ProgramData/Elastic/Elasticsearch/logs/gc.log + template_path: log.yml.hbs + title: elasticsearch gc logs (log) + description: Collect elasticsearch gc logs using log input diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d7ff19defa5 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["index"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/fields.yml new file mode 100644 index 00000000000..8184e993160 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/fields.yml @@ -0,0 +1,33 @@ +- name: elasticsearch.index + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Index name. + - name: total + type: group + fields: + - name: docs.count + type: long + description: | + Total number of documents in the index. + - name: docs.deleted + type: long + description: | + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: | + Total size of the index in bytes. + - name: segments.count + type: long + description: | + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: | + Total number of memory used by the segments in bytes. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/manifest.yml new file mode 100644 index 00000000000..2762fde1795 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch index metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch index metrics + description: Collect Elasticsearch index metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e8d8e6a6df8 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["index_recovery"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/fields.yml new file mode 100644 index 00000000000..6c236133a6c --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/fields.yml @@ -0,0 +1,44 @@ +- name: elasticsearch.index.recovery + type: group + release: ga + fields: + - name: id + type: long + description: | + Shard recovery id. + - name: type + type: keyword + description: | + Shard recovery type. + - name: primary + type: boolean + description: | + True if primary shard. + - name: stage + type: keyword + description: | + Recovery stage. + - name: target.id + type: keyword + description: | + Target node id. + - name: target.host + type: keyword + description: | + Target node host address (could be IP address or hostname). + - name: target.name + type: keyword + description: | + Target node name. + - name: source.id + type: keyword + description: | + Source node id. + - name: source.host + type: keyword + description: | + Source node host address (could be IP address or hostname). + - name: source.name + type: keyword + description: | + Source node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/manifest.yml new file mode 100644 index 00000000000..55abbc638b0 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_recovery/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch index_recovery metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch index_recovery metrics + description: Collect Elasticsearch index_recovery metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c17846f6df7 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["index_summary"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/fields.yml new file mode 100644 index 00000000000..fae93a325cf --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/fields.yml @@ -0,0 +1,54 @@ +- name: elasticsearch.index.summary + type: group + release: ga + fields: + - name: primaries + type: group + fields: + - name: docs.count + type: long + description: | + Total number of documents in the index. + - name: docs.deleted + type: long + description: | + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: | + Total size of the index in bytes. + - name: segments.count + type: long + description: | + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: | + Total number of memory used by the segments in bytes. + - name: total + type: group + fields: + - name: docs.count + type: long + description: | + Total number of documents in the index. + - name: docs.deleted + type: long + description: | + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: | + Total size of the index in bytes. + - name: segments.count + type: long + description: | + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: | + Total number of memory used by the segments in bytes. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/manifest.yml new file mode 100644 index 00000000000..990e764c66f --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/index_summary/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch index_summary metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch index_summary metrics + description: Collect Elasticsearch index_summary metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..bfe03275970 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["ml_job"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/fields.yml new file mode 100644 index 00000000000..811d4156619 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/fields.yml @@ -0,0 +1,20 @@ +- name: elasticsearch.ml.job + type: group + release: ga + fields: + - name: id + type: keyword + description: | + Unique ml job id. + - name: state + type: keyword + description: | + Job state. + - name: data_counts.processed_record_count + type: long + description: | + Processed data events. + - name: data_counts.invalid_date_count + type: long + description: | + The number of records with either a missing date field or a date that could not be parsed. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/manifest.yml new file mode 100644 index 00000000000..44881f06792 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/ml_job/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch ml_job metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch ml_job metrics + description: Collect Elasticsearch ml_job metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..8280d288b0c --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,39 @@ +- name: elasticsearch.node + type: group + release: ga + fields: + - name: version + type: keyword + description: | + Node version. + - name: jvm + type: group + fields: + - name: version + type: keyword + description: | + JVM version. + - name: memory.heap.init.bytes + type: long + format: bytes + description: | + Heap init used by the JVM in bytes. + - name: memory.heap.max.bytes + type: long + format: bytes + description: | + Heap max used by the JVM in bytes. + - name: memory.nonheap.init.bytes + type: long + format: bytes + description: | + Non-Heap init used by the JVM in bytes. + - name: memory.nonheap.max.bytes + type: long + format: bytes + description: | + Non-Heap max used by the JVM in bytes. + - name: process.mlockall + type: boolean + description: | + If process locked in memory. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..05c10cc695d --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,23 @@ +title: Elasticsearch node metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://localhost:9200 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Elasticsearch node metrics + description: Collect Elasticsearch node metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..7ae7fc933eb --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node_stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/fields.yml new file mode 100644 index 00000000000..0694cd86380 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/fields.yml @@ -0,0 +1,117 @@ +- name: elasticsearch.node.stats + type: group + release: ga + fields: + - name: indices + type: group + fields: + - name: docs.count + type: long + description: | + Total number of existing documents. + - name: docs.deleted + type: long + description: | + Total number of deleted documents. + - name: segments.count + type: long + description: | + Total number of segments. + - name: segments.memory.bytes + type: long + format: bytes + description: | + Total size of segments in bytes. + - name: store.size.bytes + type: long + description: | + Total size of the store in bytes. + - name: jvm.mem.pools + type: group + fields: + - name: old + type: group + fields: + - name: max.bytes + type: long + format: bytes + description: Max bytes. + - name: peak.bytes + type: long + format: bytes + description: Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: Used bytes. + - name: young + type: group + fields: + - name: max.bytes + type: long + format: bytes + description: Max bytes. + - name: peak.bytes + type: long + format: bytes + description: Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: Used bytes. + - name: survivor + type: group + fields: + - name: max.bytes + type: long + format: bytes + description: Max bytes. + - name: peak.bytes + type: long + format: bytes + description: Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: Used bytes. + - name: jvm.gc.collectors + type: group + fields: + - name: old.collection + type: group + fields: + - name: count + type: long + - name: ms + type: long + - name: young.collection + type: group + fields: + - name: count + type: long + - name: ms + type: long + - name: fs.summary + type: group + fields: + - name: total.bytes + type: long + format: bytes + - name: free.bytes + type: long + format: bytes + - name: available.bytes + type: long + format: bytes diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/manifest.yml new file mode 100644 index 00000000000..4238643b5bd --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/node_stats/manifest.yml @@ -0,0 +1,23 @@ +title: Elasticsearch node_stats metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://localhost:9200 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Elasticsearch node_stats metrics + description: Collect Elasticsearch node_stats metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..fa672357585 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["pending_tasks"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/fields.yml new file mode 100644 index 00000000000..222dd883721 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/fields.yml @@ -0,0 +1,20 @@ +- name: elasticsearch.cluster.pending_task + type: group + release: ga + fields: + - name: insert_order + type: long + description: | + Insert order + - name: priority + type: long + description: | + Priority + - name: source + type: keyword + description: | + Source. For example: put-mapping + - name: time_in_queue.ms + type: long + description: | + Time in queue diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/manifest.yml new file mode 100644 index 00000000000..a02d82dd756 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/pending_tasks/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch pending_tasks metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch pending_tasks metrics + description: Collect Elasticsearch pending_tasks metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/agent/stream/log.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..4edfb28a04e --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$","_slowlog.log$","_access.log$","_deprecation.log$"] +multiline: + pattern: '^(\[[0-9]{4}-[0-9]{2}-[0-9]{2}|{)' + negate: true + match: after +processors: +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f9457cbe8b9 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,94 @@ +--- +description: Pipeline for parsing elasticsearch server logs +processors: +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{CHAR:first_char} + pattern_definitions: + CHAR: . +- pipeline: + if: ctx.first_char != '{' + name: '{{ IngestPipeline "pipeline-plaintext" }}' +- pipeline: + if: ctx.first_char == '{' + name: '{{ IngestPipeline "pipeline-json" }}' +- script: + lang: painless + source: >- + if (ctx.elasticsearch.server.gc != null && ctx.elasticsearch.server.gc.observation_duration != null) { + if (ctx.elasticsearch.server.gc.observation_duration.unit == params.seconds_unit) { + ctx.elasticsearch.server.gc.observation_duration.ms = ctx.elasticsearch.server.gc.observation_duration.time * params.ms_in_one_s; + } + if (ctx.elasticsearch.server.gc.observation_duration.unit == params.milliseconds_unit) { + ctx.elasticsearch.server.gc.observation_duration.ms = ctx.elasticsearch.server.gc.observation_duration.time; + } + if (ctx.elasticsearch.server.gc.observation_duration.unit == params.minutes_unit) { + ctx.elasticsearch.server.gc.observation_duration.ms = ctx.elasticsearch.server.gc.observation_duration.time * params.ms_in_one_m; + } + } + if (ctx.elasticsearch.server.gc != null && ctx.elasticsearch.server.gc.collection_duration != null) { + if (ctx.elasticsearch.server.gc.collection_duration.unit == params.seconds_unit) { + ctx.elasticsearch.server.gc.collection_duration.ms = ctx.elasticsearch.server.gc.collection_duration.time * params.ms_in_one_s; + } + if (ctx.elasticsearch.server.gc.collection_duration.unit == params.milliseconds_unit) { + ctx.elasticsearch.server.gc.collection_duration.ms = ctx.elasticsearch.server.gc.collection_duration.time; + } + if (ctx.elasticsearch.server.gc.collection_duration.unit == params.minutes_unit) { + ctx.elasticsearch.server.gc.collection_duration.ms = ctx.elasticsearch.server.gc.collection_duration.time * params.ms_in_one_m; + } + } + params: + minutes_unit: m + seconds_unit: s + milliseconds_unit: ms + ms_in_one_s: 1000 + ms_in_one_m: 60000 + +- set: + field: event.kind + value: event +- set: + field: event.category + value: database +- script: + lang: painless + source: >- + def errorLevels = ['FATAL', 'ERROR']; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = 'error'; + } else { + ctx.event.type = 'info'; + } + } +- set: + field: host.name + value: "{{elasticsearch.node.name}}" + if: "ctx?.elasticsearch?.node?.name != null" +- set: + field: host.id + value: "{{elasticsearch.node.id}}" + if: "ctx?.elasticsearch?.node?.id != null" +- remove: + field: + - elasticsearch.server.gc.collection_duration.time + - elasticsearch.server.gc.collection_duration.unit + - elasticsearch.server.gc.observation_duration.time + - elasticsearch.server.gc.observation_duration.unit + ignore_missing: true +- remove: + field: + - elasticsearch.server.timestamp + - elasticsearch.server.@timestamp + ignore_missing: true +- remove: + field: + - first_char +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-json.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-json.yml new file mode 100644 index 00000000000..a16101065c0 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-json.yml @@ -0,0 +1,107 @@ +--- +description: Pipeline for parsing the Elasticsearch server log file in JSON format. +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- json: + field: message + target_field: elasticsearch.server +- drop: + if: ctx.elasticsearch.server.type != 'server' +- remove: + field: elasticsearch.server.type +- dot_expander: + field: service.name + path: elasticsearch.server +- rename: + field: elasticsearch.server.service.name + target_field: service.name + ignore_missing: true +- rename: + field: elasticsearch.server.component + target_field: elasticsearch.component + ignore_missing: true +- dot_expander: + field: cluster.name + path: elasticsearch.server +- rename: + field: elasticsearch.server.cluster.name + target_field: elasticsearch.cluster.name +- dot_expander: + field: node.name + path: elasticsearch.server +- rename: + field: elasticsearch.server.node.name + target_field: elasticsearch.node.name +- dot_expander: + field: cluster.uuid + path: elasticsearch.server +- rename: + field: elasticsearch.server.cluster.uuid + target_field: elasticsearch.cluster.uuid + ignore_missing: true +- dot_expander: + field: node.id + path: elasticsearch.server +- rename: + field: elasticsearch.server.node.id + target_field: elasticsearch.node.id + ignore_missing: true +- rename: + field: elasticsearch.server.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.level + path: elasticsearch.server +- rename: + field: elasticsearch.server.log.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.logger + path: elasticsearch.server +- rename: + field: elasticsearch.server.log.logger + target_field: log.logger + ignore_missing: true +- dot_expander: + field: process.thread.name + path: elasticsearch.server +- rename: + field: elasticsearch.server.process.thread.name + target_field: process.thread.name + ignore_missing: true +- grok: + field: elasticsearch.server.message + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + INDEXNAME: '[a-zA-Z0-9_.-]*' + GC_ALL: \[gc\]\[%{NUMBER:elasticsearch.server.gc.overhead_seq}\] overhead, spent + \[%{NUMBER:elasticsearch.server.gc.collection_duration.time:float}%{DATA:elasticsearch.server.gc.collection_duration.unit}\] + collecting in the last \[%{NUMBER:elasticsearch.server.gc.observation_duration.time:float}%{DATA:elasticsearch.server.gc.observation_duration.unit}\] + GC_YOUNG: \[gc\]\[young\]\[%{NUMBER:elasticsearch.server.gc.young.one}\]\[%{NUMBER:elasticsearch.server.gc.young.two}\]%{SPACE}%{GREEDYMULTILINE:message} + patterns: + - '%{GC_ALL}' + - '%{GC_YOUNG}' + - ((\[%{INDEXNAME:elasticsearch.index.name}\]|\[%{INDEXNAME:elasticsearch.index.name}\/%{DATA:elasticsearch.index.id}\]))?%{SPACE}%{GREEDYMULTILINE:message} +- remove: + field: elasticsearch.server.message +- rename: + field: elasticsearch.server.@timestamp + target_field: '@timestamp' + ignore_missing: true +- rename: + field: elasticsearch.server.timestamp + target_field: '@timestamp' + ignore_missing: true +- date: + field: '@timestamp' + target_field: '@timestamp' + formats: + - ISO8601 + ignore_failure: true diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-plaintext.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-plaintext.yml new file mode 100644 index 00000000000..94af807a9eb --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/elasticsearch/ingest-pipeline/pipeline-plaintext.yml @@ -0,0 +1,44 @@ +--- +description: Pipeline for parsing the Elasticsearch server log file in plaintext format. +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- grok: + field: message + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + INDEXNAME: '[a-zA-Z0-9_.-]*' + GC_ALL: \[gc\]\[%{NUMBER:elasticsearch.server.gc.overhead_seq}\] overhead, spent + \[%{NUMBER:elasticsearch.server.gc.collection_duration.time:float}%{DATA:elasticsearch.server.gc.collection_duration.unit}\] + collecting in the last \[%{NUMBER:elasticsearch.server.gc.observation_duration.time:float}%{DATA:elasticsearch.server.gc.observation_duration.unit}\] + GC_YOUNG: \[gc\]\[young\]\[%{NUMBER:elasticsearch.server.gc.young.one}\]\[%{NUMBER:elasticsearch.server.gc.young.two}\]%{SPACE}%{GREEDYMULTILINE:message} + LOG_HEADER: \[%{TIMESTAMP_ISO8601:elasticsearch.server.timestamp}\]\[%{LOGLEVEL:log.level}%{SPACE}\]\[%{DATA:elasticsearch.component}%{SPACE}\](%{SPACE})?(\[%{DATA:elasticsearch.node.name}\])?(%{SPACE})? + patterns: + - '%{LOG_HEADER}%{GC_ALL}' + - '%{LOG_HEADER}%{GC_YOUNG}' + - '%{LOG_HEADER}%{SPACE}((\[%{INDEXNAME:elasticsearch.index.name}\]|\[%{INDEXNAME:elasticsearch.index.name}\/%{DATA:elasticsearch.index.id}\]))?%{SPACE}%{GREEDYMULTILINE:message}' +- date: + if: ctx.event.timezone == null + field: elasticsearch.server.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: elasticsearch.server.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..ae80a7cd32d --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,24 @@ +- name: elasticsearch.server + type: group + fields: + - name: stacktrace + type: keyword + - name: gc + type: group + fields: + - name: young + type: group + fields: + - name: one + type: long + - name: two + type: long + - name: overhead_seq + type: long + description: Sequence number + - name: collection_duration.ms + type: float + description: Time spent in GC, in milliseconds + - name: observation_duration.ms + type: float + description: Total time over which collection was observed, in milliseconds diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..547bb2b0a55 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,27 @@ +- name: elasticsearch + type: group + fields: + - name: component + type: keyword + description: Elasticsearch component from where the log event originated + - name: cluster.uuid + type: keyword + description: UUID of the cluster + - name: cluster.name + type: keyword + description: Name of the cluster + - name: node.id + type: keyword + description: ID of the node + - name: node.name + type: keyword + description: Name of the node + - name: index.name + type: keyword + description: Index name + - name: index.id + type: keyword + description: Index id + - name: shard.id + type: keyword + description: Id of the shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..4c6c98b910d --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,27 @@ +title: elasticsearch server logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/elasticsearch/*.log + - /var/log/elasticsearch/*_server.json + os: + darwin: + default: + - /usr/local/var/lib/elasticsearch/*.log + - /usr/local/var/lib/elasticsearch/*_server.json + windows: + default: + - c:/ProgramData/Elastic/Elasticsearch/logs/*.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_server.json + template_path: log.yml.hbs + title: elasticsearch server logs (log) + description: Collect elasticsearch server logs using log input diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/agent/stream/stream.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d8c261078d7 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["shard"] diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/fields.yml new file mode 100644 index 00000000000..83bac6d7a22 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/fields.yml @@ -0,0 +1,20 @@ +- name: elasticsearch.shard + type: group + release: ga + fields: + - name: primary + type: boolean + description: | + True if this is the primary shard. + - name: number + type: long + description: | + The number of this shard. + - name: state + type: keyword + description: | + The state of this shard. + - name: relocating_node.name + type: keyword + description: | + The node the shard was relocated from. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/package-fields.yml new file mode 100644 index 00000000000..561ad75e5aa --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/fields/package-fields.yml @@ -0,0 +1,23 @@ +- name: elasticsearch + type: group + fields: + - name: cluster.name + type: keyword + description: | + Elasticsearch cluster name. + - name: cluster.id + type: keyword + description: | + Elasticsearch cluster id. + - name: cluster.state.id + type: keyword + description: | + Elasticsearch state id. + - name: node.id + type: keyword + description: | + Node ID + - name: node.name + type: keyword + description: | + Node name. diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/manifest.yml new file mode 100644 index 00000000000..b575b6b9823 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/shard/manifest.yml @@ -0,0 +1,7 @@ +title: Elasticsearch shard metrics +release: experimental +type: metrics +streams: +- input: elasticsearch/metrics + title: Elasticsearch shard metrics + description: Collect Elasticsearch shard metrics diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..41f2eeb5b48 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^(\[?[0-9]{4}-[0-9]{2}-[0-9]{2}|{)' + negate: true + match: after +processors: +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f8092a3fc36 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,64 @@ +--- +description: Pipeline for parsing elasticsearch slow logs. +processors: +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{CHAR:first_char} + pattern_definitions: + CHAR: . +- pipeline: + if: ctx.first_char != '{' + name: '{{ IngestPipeline "pipeline-plaintext" }}' +- pipeline: + if: ctx.first_char == '{' + name: '{{ IngestPipeline "pipeline-json" }}' +- remove: + field: + - elasticsearch.slowlog.timestamp + - elasticsearch.server.@timestamp + ignore_missing: true +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.elasticsearch.slowlog.duration * params.scale) + params: + scale: 1000000 + if: ctx.elasticsearch.slowlog?.duration != null +- remove: + field: elasticsearch.slowlog.duration + ignore_missing: true +- set: + field: event.kind + value: event +- set: + field: event.category + value: database +- script: + lang: painless + source: >- + def errorLevels = ['FATAL', 'ERROR']; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = 'error'; + } else { + ctx.event.type = 'info'; + } + } +- set: + field: host.name + value: "{{elasticsearch.node.name}}" + if: "ctx?.elasticsearch?.node?.name != null" +- set: + field: host.id + value: "{{elasticsearch.node.id}}" + if: "ctx?.elasticsearch?.node?.id != null" +- remove: + field: + - first_char +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-json.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-json.yml new file mode 100644 index 00000000000..5ae4e5bdaa8 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-json.yml @@ -0,0 +1,115 @@ +--- +description: Pipeline for parsing the Elasticsearch slow logs in JSON format. +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- json: + field: message + target_field: elasticsearch.slowlog +- drop: + if: ctx.elasticsearch.slowlog.type != 'index_indexing_slowlog' && ctx.elasticsearch.slowlog.type + != 'index_search_slowlog' +- remove: + field: elasticsearch.slowlog.type +- dot_expander: + field: service.name + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.service.name + target_field: service.name + ignore_missing: true +- rename: + field: elasticsearch.slowlog.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.level + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.log.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.logger + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.log.logger + target_field: log.logger + ignore_missing: true +- dot_expander: + field: process.thread.name + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.process.thread.name + target_field: process.thread.name + ignore_missing: true +- rename: + field: elasticsearch.slowlog.component + target_field: elasticsearch.component + ignore_missing: true +- dot_expander: + field: cluster.name + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.cluster.name + target_field: elasticsearch.cluster.name +- dot_expander: + field: node.name + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.node.name + target_field: elasticsearch.node.name +- dot_expander: + field: cluster.uuid + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.cluster.uuid + target_field: elasticsearch.cluster.uuid + ignore_missing: true +- dot_expander: + field: node.id + path: elasticsearch.slowlog +- rename: + field: elasticsearch.slowlog.node.id + target_field: elasticsearch.node.id + ignore_missing: true +- rename: + field: elasticsearch.slowlog.doc_type + target_field: elasticsearch.slowlog.types + ignore_missing: true +- convert: + field: elasticsearch.slowlog.took_millis + type: float + ignore_missing: true +- rename: + field: elasticsearch.slowlog.took_millis + target_field: elasticsearch.slowlog.duration + ignore_missing: true +- grok: + field: elasticsearch.slowlog.message + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + INDEXNAME: '[a-zA-Z0-9_.-]*' + patterns: + - (\[%{INDEXNAME:elasticsearch.index.name}\]\[%{NUMBER:elasticsearch.shard.id}\])?(%{SPACE})(\[%{INDEXNAME:elasticsearch.index.name}\/%{DATA:elasticsearch.index.id}\])?(%{SPACE})%{SPACE}(took\[%{DATA:elasticsearch.slowlog.took}\],)?%{SPACE}(took_millis\[%{NUMBER:elasticsearch.slowlog.duration:long}\],)?%{SPACE}(type\[%{DATA:elasticsearch.slowlog.type}\],)?%{SPACE}(id\[%{DATA:elasticsearch.slowlog.id}\],)?%{SPACE}(routing\[%{DATA:elasticsearch.slowlog.routing}\],)?%{SPACE}(total_hits\[%{NUMBER:elasticsearch.slowlog.total_hits:int}\],)?%{SPACE}(types\[%{DATA:elasticsearch.slowlog.types}\],)?%{SPACE}(stats\[%{DATA:elasticsearch.slowlog.stats}\],)?%{SPACE}(search_type\[%{DATA:elasticsearch.slowlog.search_type}\],)?%{SPACE}(total_shards\[%{NUMBER:elasticsearch.slowlog.total_shards:int}\],)?%{SPACE}(source\[%{GREEDYMULTILINE:elasticsearch.slowlog.source_query}\])?,?%{SPACE}(extra_source\[%{DATA:elasticsearch.slowlog.extra_source}\])?,? + - \[%{INDEXNAME:elasticsearch.index.name}\]\[%{NUMBER:elasticsearch.shard.id}\] +- remove: + field: elasticsearch.slowlog.message +- rename: + field: elasticsearch.slowlog.@timestamp + target_field: '@timestamp' + ignore_missing: true +- rename: + field: elasticsearch.slowlog.timestamp + target_field: '@timestamp' + ignore_missing: true +- date: + field: '@timestamp' + target_field: '@timestamp' + formats: + - ISO8601 + ignore_failure: true diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-plaintext.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-plaintext.yml new file mode 100644 index 00000000000..3c76160e06b --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/pipeline-plaintext.yml @@ -0,0 +1,42 @@ +--- +description: Pipeline for parsing elasticsearch slow logs in plaintext format. +processors: +- grok: + field: message + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* + INDEXNAME: '[a-zA-Z0-9_.-]*' + patterns: + - \[%{TIMESTAMP_ISO8601:elasticsearch.slowlog.timestamp}\]\[%{WORD:log.level}(%{SPACE})\]\[%{DATA:elasticsearch.slowlog.logger}\]%{SPACE}\[%{DATA:elasticsearch.node.name}\](%{SPACE})?(\[%{INDEXNAME:elasticsearch.index.name}\]\[%{NUMBER:elasticsearch.shard.id}\])?(%{SPACE})?(\[%{INDEXNAME:elasticsearch.index.name}\/%{DATA:elasticsearch.index.id}\])?(%{SPACE})?%{SPACE}(took\[%{DATA:elasticsearch.slowlog.took}\],)?%{SPACE}(took_millis\[%{NUMBER:elasticsearch.slowlog.duration:long}\],)?%{SPACE}(type\[%{DATA:elasticsearch.slowlog.type}\],)?%{SPACE}(id\[%{DATA:elasticsearch.slowlog.id}\],)?%{SPACE}(routing\[%{DATA:elasticsearch.slowlog.routing}\],)?%{SPACE}(total_hits\[%{NUMBER:elasticsearch.slowlog.total_hits:int}\],)?%{SPACE}(types\[%{DATA:elasticsearch.slowlog.types}\],)?%{SPACE}(stats\[%{DATA:elasticsearch.slowlog.stats}\],)?%{SPACE}(search_type\[%{DATA:elasticsearch.slowlog.search_type}\],)?%{SPACE}(total_shards\[%{NUMBER:elasticsearch.slowlog.total_shards:int}\],)?%{SPACE}(source\[%{GREEDYMULTILINE:elasticsearch.slowlog.source_query}\])?,?%{SPACE}(extra_source\[%{DATA:elasticsearch.slowlog.extra_source}\])?,? +- split: + if: ctx.elasticsearch.slowlog?.stats != '' + field: elasticsearch.slowlog.stats + separator: ',' + ignore_missing: true +- date: + if: ctx.event.timezone == null + field: elasticsearch.slowlog.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: elasticsearch.slowlog.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 00000000000..7e403aca32f --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,42 @@ +- name: elasticsearch.slowlog + type: group + fields: + - name: logger + type: keyword + description: Logger name + - name: took + type: keyword + description: Time it took to execute the query + - name: types + type: keyword + description: Types + - name: stats + type: keyword + description: Stats groups + - name: search_type + type: keyword + description: Search type + - name: source_query + type: keyword + description: Slow query + - name: extra_source + type: keyword + description: Extra source information + - name: total_hits + type: keyword + description: Total hits + - name: total_shards + type: keyword + description: Total queried shards + - name: routing + type: keyword + description: Routing + - name: id + type: keyword + description: Id + - name: type + type: keyword + description: Type + - name: source + type: keyword + description: Source of document that was indexed diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/package-fields.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/package-fields.yml new file mode 100644 index 00000000000..547bb2b0a55 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/fields/package-fields.yml @@ -0,0 +1,27 @@ +- name: elasticsearch + type: group + fields: + - name: component + type: keyword + description: Elasticsearch component from where the log event originated + - name: cluster.uuid + type: keyword + description: UUID of the cluster + - name: cluster.name + type: keyword + description: Name of the cluster + - name: node.id + type: keyword + description: ID of the node + - name: node.name + type: keyword + description: Name of the node + - name: index.name + type: keyword + description: Index name + - name: index.id + type: keyword + description: Index id + - name: shard.id + type: keyword + description: Id of the shard diff --git a/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/manifest.yml new file mode 100644 index 00000000000..5e8bb1fecb2 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/dataset/slowlog/manifest.yml @@ -0,0 +1,33 @@ +title: elasticsearch slowlog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/elasticsearch/*_index_search_slowlog.log + - /var/log/elasticsearch/*_index_indexing_slowlog.log + - /var/log/elasticsearch/*_index_search_slowlog.json + - /var/log/elasticsearch/*_index_indexing_slowlog.json + os: + darwin: + default: + - /usr/local/var/lib/elasticsearch/*_index_search_slowlog.log + - /usr/local/var/lib/elasticsearch/*_index_indexing_slowlog.log + - /usr/local/var/lib/elasticsearch/*_index_search_slowlog.json + - /usr/local/var/lib/elasticsearch/*_index_indexing_slowlog.json + windows: + default: + - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_search_slowlog.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_indexing_slowlog.log + - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_search_slowlog.json + - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_indexing_slowlog.json + template_path: log.yml.hbs + title: elasticsearch slowlog logs (log) + description: Collect elasticsearch slowlog logs using log input diff --git a/dev/packages/beats/elasticsearch/0.0.1/docs/README.md b/dev/packages/beats/elasticsearch/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/elasticsearch/0.0.1/img/logo_elasticsearch.svg b/dev/packages/beats/elasticsearch/0.0.1/img/logo_elasticsearch.svg new file mode 100644 index 00000000000..20a620d1629 --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/img/logo_elasticsearch.svg @@ -0,0 +1,7 @@ + + + + + + + diff --git a/dev/packages/beats/elasticsearch/0.0.1/manifest.yml b/dev/packages/beats/elasticsearch/0.0.1/manifest.yml new file mode 100644 index 00000000000..5cd9b4b393f --- /dev/null +++ b/dev/packages/beats/elasticsearch/0.0.1/manifest.yml @@ -0,0 +1,34 @@ +format_version: 1.0.0 +name: elasticsearch +title: Elasticsearch +version: 0.0.1 +license: basic +description: Elasticsearch Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: + versions: '>7.0.1' +icons: +- src: /img/logo_elasticsearch.svg + title: logo elasticsearch + size: 32x32 + type: image/svg+xml +datasources: +- name: elasticsearch + title: Elasticsearch logs and metrics + description: Collect logs and metrics from Elasticsearch instances + inputs: + - type: logs + title: Collect logs from Elasticsearch instances + description: Collecting Elasticsearch audit, deprecation, gc, server and slowlog + logs + - type: elasticsearch/metrics + title: Collect metrics from Elasticsearch instances + description: Collecting Elasticsearch ccr, cluster_stats, enrich, index, index_recovery, + index_summary, ml_job, node, node_stats, pending_tasks and shard metrics diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..7a80cff0521 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,6 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: {{tags}} +processors: \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..26296ee3194 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing envoyproxy logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.charAt(0) != (char)(\"{\")", + "name": "{{ IngestPipeline 'pipeline-plaintext' }}" + } + }, + { + "pipeline": { + "if": "ctx.message.charAt(0) == (char)(\"{\")", + "name": "{{ IngestPipeline 'pipeline-json' }}" + } + }, + { + "pipeline": { + "name": "{{ IngestPipeline 'pipeline-geo-as' }}" + } + }, + { + "set": { + "field": "event.created", + "value": "{{@timestamp}}" + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{timestamp}}", + "if": "ctx.timestamp != null" + } + }, + { + "remove": { + "field": ["timestamp"], + "ignore_failure": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-entry: {{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-geo-as.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-geo-as.yml new file mode 100644 index 00000000000..5a25da5d5db --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-geo-as.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for adding geolocation and autonomous system info. + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-http.json b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-http.json new file mode 100644 index 00000000000..e38875cfeca --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-http.json @@ -0,0 +1,94 @@ +{ + "description": "Pipeline for normalizing envoy HTTP ACCESS logs", + "processors": [ + { + "script": { + "lang": "painless", + "source": "ctx['http'] = new HashMap(); def p = ctx.proto.indexOf ('/'); def l = ctx.proto.length(); ctx.http.version = ctx.proto.substring(p+1, l);", + "ignore_failure" : true + } + }, + { + "rename": { + "field": "method", + "target_field": "http.request.method" + } + }, + { + "rename": { + "field": "path", + "target_field": "url.path" + } + }, + { + "convert" : { + "field" : "response_code", + "type": "long" + } + }, + { + "rename": { + "field": "response_code", + "target_field": "http.response.status_code" + } + }, + { + "rename": { + "field": "bytes_received", + "target_field": "http.response.body.bytes" + } + }, + { + "convert" : { + "field" : "http.response.body.bytes", + "type": "long" + } + }, + { + "rename": { + "field": "bytes_sent", + "target_field": "http.request.body.bytes" + } + }, + { + "convert" : { + "field" : "http.request.body.bytes", + "type": "long" + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.envoyproxy.upstream_service_time = Math.round(Double.parseDouble(ctx.upstream_service_time) * params.scale)", + "params": { + "scale": 1000000 + }, + "if": "ctx.upstream_service_time != null && ctx.upstream_service_time != '-'" + } + }, + { + "set": { + "field": "envoyproxy.proxy_type", + "value": "http" + } + }, + { + "set": { + "field": "url.domain", + "value": "{{envoyproxy.authority}}" + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-http: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.json b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.json new file mode 100644 index 00000000000..7081e74cf75 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-json.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing envoyproxy access logs", + "processors": [ + { + "json" : { + "field" : "message", + "target_field" : "json" + } + }, + { + "remove": { + "field": ["message"], + "ignore_failure" : true + } + }, + { + "rename": { + "field": "json.message", + "target_field": "message", + "ignore_failure" : true + } + }, + { + "rename": { + "field": "json.kubernetes", + "target_field": "kubernetes", + "ignore_failure" : true + } + }, + { + "remove": { + "field": ["json"] + } + }, + { + "pipeline": { + "name": "{{ IngestPipeline 'pipeline-plaintext' }}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-json: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.json b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.json new file mode 100644 index 00000000000..b071039755c --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-plaintext.json @@ -0,0 +1,117 @@ +{ + "description": "Pipeline for normalizing envoy access logs", + "processors": [ + { + "script": { + "lang": "painless", + "source": "if (ctx.message.charAt(0) == (char)(\"[\")) { ctx.temp_message = \"ACCESS \" + ctx.message;} else if (ctx.message.substring(0, 7) == \"ACCESS \") { ctx.temp_message = ctx.message;} else { throw new Exception(\"Not a valid envoyproxy access log\");}" + } + }, + { + "dissect": { + "field": "temp_message", + "pattern": "%{envoyproxy.log_type} [%{timestamp}] \"%{method} %{path} %{proto}\" %{response_code} %{envoyproxy.response_flags} %{bytes_received} %{bytes_sent} %{duration} %{upstream_service_time} \"%{source.address}\" \"%{user_agent.original}\" \"%{envoyproxy.request_id}\" \"%{envoyproxy.authority}\" \"%{dest}\"", + "on_failure" : [{ + "script": { + "lang": "painless", + "source": "ctx.remove('temp_message'); throw new Exception(\"Dissect error: Not a valid envoyproxy access log\");" + } + }] + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.dest == \"-\") { ctx.remove('dest');} else { ctx['destination'] = new HashMap(); def p = ctx.dest.indexOf (':'); def l = ctx.dest.length(); ctx.destination.address = ctx.dest.substring(0, p); ctx.destination.port = ctx.dest.substring(p+1, l);} ctx.remove('dest');", + "if": "ctx.dest != null" + } + }, + { + "convert" : { + "field" : "destination.port", + "type": "integer", + "if": "ctx.destination?.port != null" + } + }, + { + "convert" : { + "field" : "duration", + "type": "double", + "if": "ctx.duration != null" + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = Math.round(ctx.duration * params.scale)", + "params": { + "scale": 1000000 + }, + "if": "ctx.duration != null" + } + }, + { + "remove": { + "field": ["json", "duration", "time", "temp_message"], + "ignore_missing": true + } + }, + { + "pipeline": { + "if": "ctx.proto.charAt(0) != (char)(\"-\")", + "name": "{{ IngestPipeline 'pipeline-http' }}" + } + }, + { + "pipeline": { + "if": "ctx.proto.charAt(0) == (char)(\"-\")", + "name": "{{ IngestPipeline 'pipeline-tcp' }}" + } + }, + { + "remove": { + "field": ["proto", "upstream_service_time"], + "ignore_failure": true + } + }, + { + "remove": { + "field": "source.address", + "if": "ctx.source.address == '-'" + } + }, + { + "remove": { + "field": "envoyproxy.response_flags", + "if": "ctx.envoyproxy.response_flags == '-'" + } + }, + { + "split": { + "field": "envoyproxy.response_flags", + "separator": "," , + "if": "ctx.envoyproxy.response_flags != null" + } + }, + { + "set" : { + "field" : "destination.ip", + "value" : "{{destination.address}}", + "if": "ctx.destination?.address != null" + } + }, + { + "set" : { + "field" : "source.ip", + "value" : "{{source.address}}", + "if": "ctx.source?.address != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-plaintext: {{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-tcp.json b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-tcp.json new file mode 100644 index 00000000000..8a84954dc23 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/pipeline-tcp.json @@ -0,0 +1,46 @@ +{ + "description": "Pipeline for normalizing envoy TCP ACCESS logs", + "processors": [ + { + "remove": { + "field": ["upstream_service_time", "method", "user_agent", "path", "response_code"] + } + }, + { + "rename": { + "field": "bytes_received", + "target_field": "destination.bytes" + } + }, + { + "convert" : { + "field" : "destination.bytes", + "type": "long" + } + }, + { + "rename": { + "field": "bytes_sent", + "target_field": "source.bytes" + } + }, + { + "convert" : { + "field" : "source.bytes", + "type": "long" + } + }, + { + "set": { + "field": "envoyproxy.proxy_type", + "value": "tcp" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "pipeline-tcp: {{ _ingest.on_failure_message }}" + } + }] +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..a02558ae62f --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,28 @@ +- name: envoyproxy + type: group + fields: + - name: log_type + type: keyword + description: | + Envoy log type, normally ACCESS + - name: response_flags + type: keyword + description: | + Response flags + - name: upstream_service_time + type: long + format: duration + description: | + Upstream service time in nanoseconds + - name: request_id + type: keyword + description: | + ID of the request + - name: authority + type: keyword + description: | + Envoy proxy authority field + - name: proxy_type + type: keyword + description: | + Envoy proxy type, tcp or http diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..d5e6373df6b --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,17 @@ +title: Envoyproxy log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/envoy.log + template_path: log.yml.hbs + title: Envoyproxy log logs (log) + description: Collect Envoyproxy log logs using log input diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5d7188e3802 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["server"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..d495be2d79c --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,245 @@ +- name: envoyproxy.server + type: group + release: ga + fields: + - name: cluster_manager + type: group + fields: + - name: active_clusters + type: integer + description: | + Number of currently active (warmed) clusters + - name: cluster_added + type: integer + description: | + Total clusters added (either via static config or CDS) + - name: cluster_modified + type: integer + description: | + Total clusters modified (via CDS) + - name: cluster_removed + type: integer + description: | + Total clusters removed (via CDS) + - name: warming_clusters + type: integer + description: | + Number of currently warming (not active) clusters + - name: cluster_updated + type: integer + description: | + Total cluster updates + - name: cluster_updated_via_merge + type: integer + description: | + Total cluster updates applied as merged updates + - name: update_merge_cancelled + type: integer + description: | + Total merged updates that got cancelled and delivered early + - name: update_out_of_merge_window + type: integer + description: | + Total updates which arrived out of a merge window + - name: filesystem + type: group + fields: + - name: flushed_by_timer + type: integer + description: | + Total number of times internal flush buffers are written to a file due to flush timeout + - name: reopen_failed + type: integer + description: | + Total number of times a file was failed to be opened + - name: write_buffered + type: integer + description: | + Total number of times file data is moved to Envoys internal flush buffer + - name: write_completed + type: integer + description: | + Total number of times a file was written + - name: write_total_buffered + type: integer + description: | + Current total size of internal flush buffer in bytes + - name: write_failed + type: integer + description: | + Total number of times an error occurred during a file write operation + - name: runtime + type: group + fields: + - name: load_error + type: integer + description: | + Total number of load attempts that resulted in an error in any layer + - name: load_success + type: integer + description: | + Total number of load attempts that were successful at all layers + - name: num_keys + type: integer + description: | + Number of keys currently loaded + - name: override_dir_exists + type: integer + description: | + Total number of loads that did use an override directory + - name: override_dir_not_exists + type: integer + description: | + Total number of loads that did not use an override directory + - name: admin_overrides_active + type: integer + description: | + 1 if any admin overrides are active otherwise 0 + - name: deprecated_feature_use + type: integer + description: | + Total number of times deprecated features were used. + - name: num_layers + type: integer + description: | + Number of layers currently active (without loading errors) + - name: listener_manager + type: group + fields: + - name: listener_added + type: integer + description: | + Total listeners added (either via static config or LDS) + - name: listener_create_failure + type: integer + description: | + Total failed listener object additions to workers + - name: listener_create_success + type: integer + description: | + Total listener objects successfully added to workers + - name: listener_modified + type: integer + description: | + Total listeners modified (via LDS) + - name: listener_removed + type: integer + description: | + Total listeners removed (via LDS) + - name: total_listeners_active + type: integer + description: | + Number of currently active listeners + - name: total_listeners_draining + type: integer + description: | + Number of currently draining listeners + - name: total_listeners_warming + type: integer + description: | + Number of currently warming listeners + - name: listener_stopped + type: integer + description: | + Total listeners stopped + - name: stats + type: group + fields: + - name: overflow + type: integer + description: | + Total number of times Envoy cannot allocate a statistic due to a shortage of shared memory + - name: server + type: group + fields: + - name: days_until_first_cert_expiring + type: integer + description: | + Number of days until the next certificate being managed will expire + - name: live + type: integer + description: | + 1 if the server is not currently draining, 0 otherwise + - name: memory_allocated + type: integer + description: | + Current amount of allocated memory in bytes + - name: memory_heap_size + type: integer + description: | + Current reserved heap size in bytes + - name: parent_connections + type: integer + description: | + Total connections of the old Envoy process on hot restart + - name: total_connections + type: integer + description: | + Total connections of both new and old Envoy processes + - name: uptime + type: integer + description: | + Current server uptime in seconds + - name: version + type: integer + description: | + Integer represented version number based on SCM revision + - name: watchdog_mega_miss + type: integer + - name: watchdog_miss + type: integer + - name: hot_restart_epoch + type: integer + description: | + Current hot restart epoch + - name: concurrency + type: integer + description: | + Number of worker threads + - name: debug_assertion_failures + type: integer + - name: dynamic_unknown_fields + type: integer + description: | + Number of messages in dynamic configuration with unknown fields + - name: state + type: integer + description: | + Current state of the Server + - name: static_unknown_fields + type: integer + description: | + Number of messages in static configuration with unknown fields + - name: stats_recent_lookups + type: integer + - name: http2 + type: group + fields: + - name: header_overflow + type: integer + description: | + Total number of connections reset due to the headers being larger than Envoy::Http::Http2::ConnectionImpl::StreamImpl::MAX_HEADER_SIZE (63k) + - name: headers_cb_no_stream + type: integer + description: | + Total number of errors where a header callback is called without an associated stream. This tracks an unexpected occurrence due to an as yet undiagnosed bug + - name: rx_messaging_error + type: integer + description: | + Total number of invalid received frames that violated section 8 of the HTTP/2 spec. This will result in a tx_reset + - name: rx_reset + type: integer + description: | + Total number of reset stream frames received by Envoy + - name: too_many_header_frames + type: integer + description: | + Total number of times an HTTP2 connection is reset due to receiving too many headers frames. Envoy currently supports proxying at most one header frame for 100-Continue one non-100 response code header frame and one frame with trailers + - name: trailers + type: integer + description: | + Total number of trailers seen on requests coming from downstream + - name: tx_reset + type: integer + description: | + Total number of reset stream frames transmitted by Envoy diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..3f96a8fb2fc --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: envoyproxy + type: group diff --git a/dev/packages/beats/envoyproxy/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..836e0af67b5 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,15 @@ +title: envoyproxy server metrics +release: experimental +type: metrics +streams: +- input: envoyproxy/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: envoyproxy server metrics + description: Collect envoyproxy server metrics diff --git a/dev/packages/beats/envoyproxy/0.0.1/docs/README.md b/dev/packages/beats/envoyproxy/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/img/envoyproxy.svg b/dev/packages/beats/envoyproxy/0.0.1/img/envoyproxy.svg new file mode 100644 index 00000000000..a22132d415c --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/img/envoyproxy.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/img/kibana-envoyproxy.jpg b/dev/packages/beats/envoyproxy/0.0.1/img/kibana-envoyproxy.jpg new file mode 100644 index 00000000000..ebdee56b99e Binary files /dev/null and b/dev/packages/beats/envoyproxy/0.0.1/img/kibana-envoyproxy.jpg differ diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/dashboard/0c610510-5cbd-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/dashboard/0c610510-5cbd-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..c18ddbea736 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/dashboard/0c610510-5cbd-11e9-8477-077ec9664dbd.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "Logs Envoyproxy Overview Dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "1", + "w": 22, + "x": 22, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "2", + "w": 22, + "x": 22, + "y": 7 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "3", + "w": 22, + "x": 0, + "y": 7 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "4", + "w": 22, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5", + "w": 22, + "x": 0, + "y": 17 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 22, + "x": 22, + "y": 17 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Envoyproxy] Overview", + "version": 1 + }, + "id": "0c610510-5cbd-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "36f872a0-5c03-11e9-85b4-19d0072eb4f2", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "80844540-5c97-11e9-8477-077ec9664dbd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "38f96190-5c99-11e9-8477-077ec9664dbd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "7e4084e0-5c99-11e9-8477-077ec9664dbd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0a994af0-5c9d-11e9-8477-077ec9664dbd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ab48c3f0-5ca6-11e9-8477-077ec9664dbd", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/0a994af0-5c9d-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/0a994af0-5c9d-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..ab53e38af19 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/0a994af0-5c9d-11e9-8477-077ec9664dbd.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Top User Agents [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top User Agents [Logs Envoyproxy]", + "type": "pie" + } + }, + "id": "0a994af0-5c9d-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/36f872a0-5c03-11e9-85b4-19d0072eb4f2.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/36f872a0-5c03-11e9-85b4-19d0072eb4f2.json new file mode 100644 index 00000000000..02a8b645882 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/36f872a0-5c03-11e9-85b4-19d0072eb4f2.json @@ -0,0 +1,115 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top HTTP Response Codes [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "maxFontSize": 72, + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + }, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Top HTTP Response Codes [Logs Envoyproxy]", + "type": "tagcloud" + } + }, + "id": "36f872a0-5c03-11e9-85b4-19d0072eb4f2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/38f96190-5c99-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/38f96190-5c99-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..d85c48b4442 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/38f96190-5c99-11e9-8477-077ec9664dbd.json @@ -0,0 +1,165 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Requests per Source [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Requests per Source [Logs Envoyproxy]", + "type": "histogram" + } + }, + "id": "38f96190-5c99-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/7e4084e0-5c99-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/7e4084e0-5c99-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..0babbbad07c --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/7e4084e0-5c99-11e9-8477-077ec9664dbd.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unique Domains [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "url.domain" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "bucket": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ], + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Unique Domains [Logs Envoyproxy]", + "type": "metric" + } + }, + "id": "7e4084e0-5c99-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/80844540-5c97-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/80844540-5c97-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..7124088a509 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/80844540-5c97-11e9-8477-077ec9664dbd.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Domains [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top Domains [Logs Envoyproxy]", + "type": "pie" + } + }, + "id": "80844540-5c97-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/ab48c3f0-5ca6-11e9-8477-077ec9664dbd.json b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/ab48c3f0-5ca6-11e9-8477-077ec9664dbd.json new file mode 100644 index 00000000000..3ccd3038121 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/kibana/visualization/ab48c3f0-5ca6-11e9-8477-077ec9664dbd.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "envoyproxy.log" + }, + "type": "phrase", + "value": "envoyproxy.log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "envoyproxy.log", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:envoyproxy.log" + } + } + }, + "title": "Proxy Request Distribution [Logs Envoyproxy]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "envoyproxy.proxy_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Proxy Request Distribution [Logs Envoyproxy] ", + "type": "pie" + } + }, + "id": "ab48c3f0-5ca6-11e9-8477-077ec9664dbd", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/envoyproxy/0.0.1/manifest.yml b/dev/packages/beats/envoyproxy/0.0.1/manifest.yml new file mode 100644 index 00000000000..aa52bcb2eb4 --- /dev/null +++ b/dev/packages/beats/envoyproxy/0.0.1/manifest.yml @@ -0,0 +1,56 @@ +format_version: 1.0.0 +name: envoyproxy +title: envoyproxy +version: 0.0.1 +license: basic +description: envoyproxy Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-envoyproxy.jpg + title: kibana envoyproxy + size: 3340x1882 + type: image/jpg +icons: +- src: /img/envoyproxy.svg + title: envoyproxy + size: 300x300 + type: image/svg+xml +datasources: +- name: envoyproxy + title: envoyproxy logs and metrics + description: Collect logs and metrics from envoyproxy instances + inputs: + - type: logs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - envoyproxy + title: Collect logs from envoyproxy instances + description: Collecting envoyproxy log logs + - type: envoyproxy/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:9901 + title: Collect metrics from envoyproxy instances + description: Collecting envoyproxy server metrics diff --git a/dev/packages/beats/etcd/0.0.1/dataset/leader/agent/stream/stream.yml.hbs b/dev/packages/beats/etcd/0.0.1/dataset/leader/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..261c1714df6 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/leader/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["leader"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/fields.yml new file mode 100644 index 00000000000..88f774bed35 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/fields.yml @@ -0,0 +1,29 @@ +- name: etcd.leader + type: group + release: ga + fields: + - name: followers.counts + type: group + fields: + - name: followers.counts.success + type: integer + description: successful Raft RPC requests + - name: followers.counts.fail + type: integer + description: failed Raft RPC requests + - name: followers.latency + type: group + fields: + - name: followers.latency.average + type: scaled_float + - name: followers.latency.current + type: scaled_float + - name: followers.latency.maximum + type: scaled_float + - name: followers.latency.minimum + type: integer + - name: follower.latency.standardDeviation + type: scaled_float + - name: leader + type: keyword + description: ID of actual leader diff --git a/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/package-fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/package-fields.yml new file mode 100644 index 00000000000..e179f02286d --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/leader/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: etcd + type: group + fields: + - name: api_version + type: keyword + description: | + Etcd API version for metrics retrieval diff --git a/dev/packages/beats/etcd/0.0.1/dataset/leader/manifest.yml b/dev/packages/beats/etcd/0.0.1/dataset/leader/manifest.yml new file mode 100644 index 00000000000..2e3e02263f1 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/leader/manifest.yml @@ -0,0 +1,23 @@ +title: Etcd leader metrics +release: experimental +type: metrics +streams: +- input: etcd/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:2379 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Etcd leader metrics + description: Collect Etcd leader metrics diff --git a/dev/packages/beats/etcd/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs b/dev/packages/beats/etcd/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..29618d021fd --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["metrics"] diff --git a/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/fields.yml new file mode 100644 index 00000000000..7d8a12dfc6a --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/fields.yml @@ -0,0 +1,87 @@ +- name: etcd.server + type: group + release: beta + fields: + - name: has_leader + type: byte + description: | + Whether a leader exists in the cluster + - name: leader_changes.count + type: long + description: | + Number of leader changes seen at the cluster + - name: proposals_committed.count + type: long + description: | + Number of consensus proposals commited + - name: proposals_pending.count + type: long + description: | + Number of consensus proposals pending + - name: proposals_failed.count + type: long + description: | + Number of consensus proposals failed + - name: grpc_started.count + type: long + description: | + Number of sent gRPC requests + - name: grpc_handled.count + type: long + description: | + Number of received gRPC requests +- name: etcd.disk + type: group + release: beta + fields: + - name: mvcc_db_total_size.bytes + type: long + format: bytes + description: | + Size of stored data at MVCC + - name: wal_fsync_duration.ns.bucket.* + type: object + description: | + Latency for writing ahead logs to disk + - name: wal_fsync_duration.ns.count + type: long + description: | + Write ahead logs count + - name: wal_fsync_duration.ns.sum + type: long + description: | + Write ahead logs latency sum + - name: backend_commit_duration.ns.bucket.* + type: object + description: | + Latency for writing backend changes to disk + - name: backend_commit_duration.ns.count + type: long + description: | + Backend commits count + - name: backend_commit_duration.ns.sum + type: long + description: | + Backend commits latency sum +- name: etcd.memory + type: group + release: beta + fields: + - name: go_memstats_alloc.bytes + type: long + format: bytes + description: | + Memory allocated bytes as of MemStats Go +- name: etcd.network + type: group + release: beta + fields: + - name: client_grpc_sent.bytes + type: long + format: bytes + description: | + gRPC sent bytes total + - name: client_grpc_received.bytes + type: long + format: bytes + description: gRPC received bytes total diff --git a/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/package-fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/package-fields.yml new file mode 100644 index 00000000000..e179f02286d --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/metrics/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: etcd + type: group + fields: + - name: api_version + type: keyword + description: | + Etcd API version for metrics retrieval diff --git a/dev/packages/beats/etcd/0.0.1/dataset/metrics/manifest.yml b/dev/packages/beats/etcd/0.0.1/dataset/metrics/manifest.yml new file mode 100644 index 00000000000..ccaeda4ef1f --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/metrics/manifest.yml @@ -0,0 +1,7 @@ +title: Etcd metrics metrics +release: experimental +type: metrics +streams: +- input: etcd/metrics + title: Etcd metrics metrics + description: Collect Etcd metrics metrics diff --git a/dev/packages/beats/etcd/0.0.1/dataset/self/agent/stream/stream.yml.hbs b/dev/packages/beats/etcd/0.0.1/dataset/self/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1f3dbd4d354 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/self/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["self"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/etcd/0.0.1/dataset/self/fields/fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/self/fields/fields.yml new file mode 100644 index 00000000000..30cda5f1b3d --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/self/fields/fields.yml @@ -0,0 +1,56 @@ +- name: etcd.self + type: group + release: ga + fields: + - name: id + type: keyword + description: | + the unique identifier for the member + - name: leaderinfo.leader + type: keyword + description: | + id of the current leader member + - name: leaderinfo.starttime + type: keyword + description: | + the time when this node was started + - name: leaderinfo.uptime + type: keyword + description: | + amount of time the leader has been leader + - name: name + type: keyword + description: | + this member's name + - name: recv.appendrequest.count + type: integer + description: | + number of append requests this node has processed + - name: recv.bandwidthrate + type: scaled_float + description: | + number of bytes per second this node is receiving (follower only) + - name: recv.pkgrate + type: scaled_float + description: | + number of requests per second this node is receiving (follower only) + - name: send.appendrequest.count + type: integer + description: | + number of requests that this node has sent + - name: send.bandwidthrate + type: scaled_float + description: | + number of bytes per second this node is sending (leader only). This value is undefined on single member clusters. + - name: send.pkgrate + type: scaled_float + description: | + number of requests per second this node is sending (leader only). This value is undefined on single member clusters. + - name: starttime + type: keyword + description: | + the time when this node was started + - name: state + type: keyword + description: | + either leader or follower diff --git a/dev/packages/beats/etcd/0.0.1/dataset/self/fields/package-fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/self/fields/package-fields.yml new file mode 100644 index 00000000000..e179f02286d --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/self/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: etcd + type: group + fields: + - name: api_version + type: keyword + description: | + Etcd API version for metrics retrieval diff --git a/dev/packages/beats/etcd/0.0.1/dataset/self/manifest.yml b/dev/packages/beats/etcd/0.0.1/dataset/self/manifest.yml new file mode 100644 index 00000000000..b0e3edcb6bb --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/self/manifest.yml @@ -0,0 +1,23 @@ +title: Etcd self metrics +release: experimental +type: metrics +streams: +- input: etcd/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:2379 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Etcd self metrics + description: Collect Etcd self metrics diff --git a/dev/packages/beats/etcd/0.0.1/dataset/store/agent/stream/stream.yml.hbs b/dev/packages/beats/etcd/0.0.1/dataset/store/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1e1a537890b --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/store/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["store"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/etcd/0.0.1/dataset/store/fields/fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/store/fields/fields.yml new file mode 100644 index 00000000000..ff10519e3fc --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/store/fields/fields.yml @@ -0,0 +1,36 @@ +- name: etcd.store + type: group + release: ga + fields: + - name: gets.success + type: integer + - name: gets.fail + type: integer + - name: sets.success + type: integer + - name: sets.fail + type: integer + - name: delete.success + type: integer + - name: delete.fail + type: integer + - name: update.success + type: integer + - name: update.fail + type: integer + - name: create.success + type: integer + - name: create.fail + type: integer + - name: compareandswap.success + type: integer + - name: compareandswap.fail + type: integer + - name: compareanddelete.success + type: integer + - name: compareanddelete.fail + type: integer + - name: expire.count + type: integer + - name: watchers + type: integer diff --git a/dev/packages/beats/etcd/0.0.1/dataset/store/fields/package-fields.yml b/dev/packages/beats/etcd/0.0.1/dataset/store/fields/package-fields.yml new file mode 100644 index 00000000000..e179f02286d --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/store/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: etcd + type: group + fields: + - name: api_version + type: keyword + description: | + Etcd API version for metrics retrieval diff --git a/dev/packages/beats/etcd/0.0.1/dataset/store/manifest.yml b/dev/packages/beats/etcd/0.0.1/dataset/store/manifest.yml new file mode 100644 index 00000000000..a3c0d4fd356 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/dataset/store/manifest.yml @@ -0,0 +1,23 @@ +title: Etcd store metrics +release: experimental +type: metrics +streams: +- input: etcd/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:2379 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Etcd store metrics + description: Collect Etcd store metrics diff --git a/dev/packages/beats/etcd/0.0.1/docs/README.md b/dev/packages/beats/etcd/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/etcd/0.0.1/img/logo_etcd.svg b/dev/packages/beats/etcd/0.0.1/img/logo_etcd.svg new file mode 100644 index 00000000000..e6a317c68b6 --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/img/logo_etcd.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/dev/packages/beats/etcd/0.0.1/manifest.yml b/dev/packages/beats/etcd/0.0.1/manifest.yml new file mode 100644 index 00000000000..673c0a0f5de --- /dev/null +++ b/dev/packages/beats/etcd/0.0.1/manifest.yml @@ -0,0 +1,27 @@ +format_version: 1.0.0 +name: etcd +title: Etcd +version: 0.0.1 +license: basic +description: Etcd Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/logo_etcd.svg + title: logo etcd + size: 32x32 + type: image/svg+xml +datasources: +- name: etcd + title: Etcd metrics + description: Collect metrics from Etcd instances + inputs: + - type: etcd/metrics + title: Collect metrics from Etcd instances + description: Collecting Etcd leader, metrics, self and store metrics diff --git a/dev/packages/beats/golang/0.0.1/dataset/expvar/agent/stream/stream.yml.hbs b/dev/packages/beats/golang/0.0.1/dataset/expvar/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5abeabc4384 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/expvar/agent/stream/stream.yml.hbs @@ -0,0 +1,7 @@ +metricsets: ["expvar"] +{{#if expvar.namespace}} +expvar.namespace: {{expvar.namespace}} +{{/if}} +{{#if expvar.path}} +expvar.path: {{expvar.path}} +{{/if}} diff --git a/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/fields.yml b/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/fields.yml new file mode 100644 index 00000000000..51e768437ad --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/fields.yml @@ -0,0 +1,8 @@ +- name: golang.expvar + type: group + release: ga + fields: + - name: cmdline + type: keyword + description: | + The cmdline of this Go program start with. diff --git a/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/package-fields.yml b/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/package-fields.yml new file mode 100644 index 00000000000..90f51214aed --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/expvar/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: golang + type: group diff --git a/dev/packages/beats/golang/0.0.1/dataset/expvar/manifest.yml b/dev/packages/beats/golang/0.0.1/dataset/expvar/manifest.yml new file mode 100644 index 00000000000..6bf30949770 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/expvar/manifest.yml @@ -0,0 +1,22 @@ +title: Golang expvar metrics +release: experimental +type: metrics +streams: +- input: golang/metrics + vars: + - name: expvar.namespace + type: text + title: Expvar Namespace + multi: false + required: true + show_user: true + default: example + - name: expvar.path + type: text + title: Expvar Path + multi: false + required: true + show_user: true + default: /debug/vars + title: Golang expvar metrics + description: Collect Golang expvar metrics diff --git a/dev/packages/beats/golang/0.0.1/dataset/heap/agent/stream/stream.yml.hbs b/dev/packages/beats/golang/0.0.1/dataset/heap/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6a491ba8860 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/heap/agent/stream/stream.yml.hbs @@ -0,0 +1,4 @@ +metricsets: ["heap"] +{{#if heap.path}} +heap.path: {{heap.path}} +{{/if}} diff --git a/dev/packages/beats/golang/0.0.1/dataset/heap/fields/fields.yml b/dev/packages/beats/golang/0.0.1/dataset/heap/fields/fields.yml new file mode 100644 index 00000000000..2ce8132e9df --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/heap/fields/fields.yml @@ -0,0 +1,117 @@ +- name: golang.heap + type: group + release: ga + fields: + - name: cmdline + type: keyword + description: | + The cmdline of this Go program start with. + - name: gc + type: group + fields: + - name: total_pause + type: group + fields: + - name: ns + type: long + description: | + Duration in Ns. + - name: total_count + type: long + description: | + Total number of GC was happened. + - name: next_gc_limit + type: long + format: bytes + description: | + Next collection will happen when HeapAlloc > this amount. + - name: cpu_fraction + type: float + description: | + Fraction of CPU time used by GC. + - name: pause + type: group + fields: + - name: count + type: long + description: | + Count of GC pause duration during this collect period. + - name: sum + type: group + fields: + - name: ns + type: long + description: | + Duration in Ns. + - name: max + type: group + fields: + - name: ns + type: long + description: | + Duration in Ns. + - name: avg + type: group + fields: + - name: ns + type: long + description: | + Duration in Ns. + - name: system + type: group + fields: + - name: total + type: long + format: bytes + description: | + Total bytes obtained from system (sum of XxxSys below). + - name: obtained + type: long + format: bytes + description: | + Via HeapSys, bytes obtained from system. heap_sys = heap_idle + heap_inuse. + - name: stack + type: long + format: bytes + description: | + Bytes used by stack allocator, and these bytes was obtained from system. + - name: released + type: long + format: bytes + description: | + Bytes released to the OS. + - name: allocations + type: group + fields: + - name: mallocs + type: long + description: | + Number of mallocs. + - name: frees + type: long + description: | + Number of frees. + - name: objects + type: long + description: | + Total number of allocated objects. + - name: total + type: long + format: bytes + description: | + Bytes allocated (even if freed) throughout the lifetime. + - name: allocated + type: long + format: bytes + description: | + Bytes allocated and not yet freed (same as Alloc above). + - name: idle + type: long + format: bytes + description: | + Bytes in idle spans. + - name: active + type: long + format: bytes + description: | + Bytes in non-idle span. diff --git a/dev/packages/beats/golang/0.0.1/dataset/heap/fields/package-fields.yml b/dev/packages/beats/golang/0.0.1/dataset/heap/fields/package-fields.yml new file mode 100644 index 00000000000..90f51214aed --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/heap/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: golang + type: group diff --git a/dev/packages/beats/golang/0.0.1/dataset/heap/manifest.yml b/dev/packages/beats/golang/0.0.1/dataset/heap/manifest.yml new file mode 100644 index 00000000000..ac02e9becd5 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/dataset/heap/manifest.yml @@ -0,0 +1,15 @@ +title: Golang heap metrics +release: experimental +type: metrics +streams: +- input: golang/metrics + vars: + - name: heap.path + type: text + title: Heap Path + multi: false + required: true + show_user: true + default: /debug/vars + title: Golang heap metrics + description: Collect Golang heap metrics diff --git a/dev/packages/beats/golang/0.0.1/docs/README.md b/dev/packages/beats/golang/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/img/logo_golang.svg b/dev/packages/beats/golang/0.0.1/img/logo_golang.svg new file mode 100644 index 00000000000..b01bcbc32d2 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/img/logo_golang.svg @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/golang/0.0.1/kibana/dashboard/f2dc7320-f519-11e6-a3c9-9d1f7c42b045-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/dashboard/f2dc7320-f519-11e6-a3c9-9d1f7c42b045-ecs.json new file mode 100644 index 00000000000..ecc6acbc58f --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/dashboard/f2dc7320-f519-11e6-a3c9-9d1f7c42b045-ecs.json @@ -0,0 +1,137 @@ +{ + "attributes": { + "description": "Overview of Go profiling information", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "9", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "10", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "10", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "11", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "11", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "12", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "13", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Golang] Overview ECS", + "version": 1 + }, + "id": "f2dc7320-f519-11e6-a3c9-9d1f7c42b045-ecs", + "references": [ + { + "id": "58000780-f529-11e6-844d-b170e2f0a07e-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "95388680-f52a-11e6-969c-518c48c913e4-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "b59a5200-f52a-11e6-969c-518c48c913e4-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9a9a8bf0-f52a-11e6-969c-518c48c913e4-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b046cb80-f52a-11e6-969c-518c48c913e4-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ab226b50-f52a-11e6-969c-518c48c913e4-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/58000780-f529-11e6-844d-b170e2f0a07e-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/58000780-f529-11e6-844d-b170e2f0a07e-ecs.json new file mode 100644 index 00000000000..e6f753c0da9 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/58000780-f529-11e6-844d-b170e2f0a07e-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Heap Summary [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"avg:golang.heap.system.total\").label(\"System Total Memory\").yaxis(label=\"Bytes\",units=bytes),.es(index=\"metrics*\",metric=\"min:golang.heap.allocations.allocated\").label(\"Bytes Allocated(min)\").movingaverage(30),.es(index=\"metrics*\",metric=\"max:golang.heap.allocations.allocated\").label(\"Bytes Allocated(max)\").movingaverage(30),.es(index=\"metrics*\",metric=\"avg:golang.heap.gc.next_gc_limit\").label(\"GC Limit\"),.es(index=\"metrics*\",metric=\"avg:golang.heap.gc.pause.count\").condition(lt,1, null).points().label(\"GC Cycles(count)\").yaxis(2,label=\"Count\")", + "interval": "10s" + }, + "title": "Heap Summary [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "58000780-f529-11e6-844d-b170e2f0a07e-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/95388680-f52a-11e6-969c-518c48c913e4-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/95388680-f52a-11e6-969c-518c48c913e4-ecs.json new file mode 100644 index 00000000000..eb3e84fdae5 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/95388680-f52a-11e6-969c-518c48c913e4-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Heap [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"avg:golang.heap.allocations.total\").label(\"Heap Total\").derivative().movingaverage(30).yaxis(label=\"Bytes\",units=bytes),.es(index=\"metrics*\",metric=\"avg:golang.heap.allocations.active\").label(\"Heap Inuse\").movingaverage(30),.es(index=\"metrics*\",metric=\"avg:golang.heap.allocations.allocated\").label(\"Heap Allocated\").movingaverage(30),.es(index=\"metrics*\",metric=\"avg:golang.heap.allocations.idle\").label(\"Heap Idle\").movingaverage(30)", + "interval": "10s" + }, + "title": "Heap [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "95388680-f52a-11e6-969c-518c48c913e4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/9a9a8bf0-f52a-11e6-969c-518c48c913e4-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/9a9a8bf0-f52a-11e6-969c-518c48c913e4-ecs.json new file mode 100644 index 00000000000..59f3db8f795 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/9a9a8bf0-f52a-11e6-969c-518c48c913e4-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "System [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"avg:golang.heap.system.total\").label(\"System Total\").yaxis(label=\"Bytes\",units=bytes),.es(index=\"metrics*\",metric=\"avg:golang.heap.system.obtained\").label(\"System Obtained\"),.es(index=\"metrics*\",metric=\"avg:golang.heap.system.stack\").label(\"System Stack\"),.es(index=\"metrics*\",metric=\"avg:golang.heap.system.released\").label(\"System Released\")", + "interval": "10s" + }, + "title": "System [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "9a9a8bf0-f52a-11e6-969c-518c48c913e4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/ab226b50-f52a-11e6-969c-518c48c913e4-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/ab226b50-f52a-11e6-969c-518c48c913e4-ecs.json new file mode 100644 index 00000000000..c6aa6edb2dc --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/ab226b50-f52a-11e6-969c-518c48c913e4-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "GC durations [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"max:golang.heap.gc.pause.sum.ns\").bars().label(\"sum of GC Pause durations(ns)\").yaxis(label=\"Durations(ns)\"),.es(index=\"metrics*\",metric=\"max:golang.heap.gc.total_pause.ns\").derivative().movingaverage(30).label(\"Total GC Pause(ns) Rate\"),.es(index=\"metrics*\",metric=\"max:golang.heap.gc.pause.max.ns\").label(\"Max GC Pause(ns)\").movingaverage(30),.es(index=\"metrics*\",metric=\"avg:golang.heap.gc.pause.avg.ns\").label(\"Avg GC Pause(ns)\").movingaverage(30),.es(index=\"metrics*\",metric=\"max:golang.heap.gc.pause.count\").condition(lt,1, null).label(\"GC Pause count\").points().yaxis(2,label=\"Count\")", + "interval": "10s" + }, + "title": "GC durations [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "ab226b50-f52a-11e6-969c-518c48c913e4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/b046cb80-f52a-11e6-969c-518c48c913e4-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/b046cb80-f52a-11e6-969c-518c48c913e4-ecs.json new file mode 100644 index 00000000000..0d011eb55d6 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/b046cb80-f52a-11e6-969c-518c48c913e4-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "GC count [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"max:golang.heap.gc.pause.count\").label(\"GC Count\").bars().yaxis(label=\"Count\"),.es(index=\"metrics*\",metric=\"max:golang.heap.gc.total_count\").label(\"GC Rate\").derivative().movingaverage(30),.es(index=\"metrics*\",metric=\"max:golang.heap.gc.cpu_fraction\").label(\"CPU Fraction\").yaxis(2,label=\"Fraction\")", + "interval": "10s" + }, + "title": "GC count [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "b046cb80-f52a-11e6-969c-518c48c913e4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/kibana/visualization/b59a5200-f52a-11e6-969c-518c48c913e4-ecs.json b/dev/packages/beats/golang/0.0.1/kibana/visualization/b59a5200-f52a-11e6-969c-518c48c913e4-ecs.json new file mode 100644 index 00000000000..51e33b48588 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/kibana/visualization/b59a5200-f52a-11e6-969c-518c48c913e4-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Objects [Metrics Golang] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(index=\"metrics*\",metric=\"max:golang.heap.allocations.objects\").label(\"Object Count(avg)\").yaxis(1,label=\"Count\").movingaverage(30),.es(index=\"metrics*\",metric=\"max:golang.heap.allocations.total\").derivative().label(\"Allocation Rate\").yaxis(2,label=\"Rate\").movingaverage(30)", + "interval": "10s" + }, + "title": "Objects [Metrics Golang] ECS", + "type": "timelion" + } + }, + "id": "b59a5200-f52a-11e6-969c-518c48c913e4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/golang/0.0.1/manifest.yml b/dev/packages/beats/golang/0.0.1/manifest.yml new file mode 100644 index 00000000000..049231340b4 --- /dev/null +++ b/dev/packages/beats/golang/0.0.1/manifest.yml @@ -0,0 +1,28 @@ +format_version: 1.0.0 +name: golang +title: Golang +version: 0.0.1 +license: basic +description: Golang Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +icons: +- src: /img/logo_golang.svg + title: logo golang + size: 32x32 + type: image/svg+xml +datasources: +- name: golang + title: Golang metrics + description: Collect metrics from Golang instances + inputs: + - type: golang/metrics + title: Collect metrics from Golang instances + description: Collecting Golang expvar and heap metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/google-pubsub.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/google-pubsub.yml.hbs new file mode 100644 index 00000000000..99bcbfb7517 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/google-pubsub.yml.hbs @@ -0,0 +1,16 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +processors: + - script: + lang: javascript + id: googlecloud_audit_script + file: ${path.home}/module/googlecloud/audit/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/log.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..71c465067cb --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - script: + lang: javascript + id: googlecloud_audit_script + file: ${path.home}/module/googlecloud/audit/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/pipeline.js b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/pipeline.js new file mode 100644 index 00000000000..ac151fae7d8 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/agent/stream/pipeline.js @@ -0,0 +1,180 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function Audit(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + }; + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + var setCloudMetadata = new processor.Convert({ + fields: [ + {from: "json.resource.labels.project_id", to: "cloud.project.id"}, + ], + ignore_missing: true + }); + + // The log includes a protoPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.protoPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's protoPayload is moved to the json field. The protoPayload + // contains the structured audit log fields. + var convertProtoPayload = new processor.Convert({ + fields: [ + {from: "json.@type", to: "json.type"}, + + {from: "json.authenticationInfo.principalEmail", to: "json.authenticationInfo.principal_email"}, + {from: "json.authenticationInfo.authoritySelector", to: "json.authenticationInfo.authority_selector"}, + {from: "json.authenticationInfo", to: "json.authentication_info"}, + + {from: "json.authorizationInfo", to: "json.authorization_info"}, + + {from: "json.methodName", to: "json.method_name"}, + + {from: "json.numResponseItems", to: "json.num_response_items", type: "long"}, + + {from: "json.request.@type", to: "json.request.proto_name"}, + {from: "json.request.filter", to: "json.request.filter"}, + {from: "json.request.name", to: "json.request.name"}, + {from: "json.request.resourceName", to: "json.request.resource_name"}, + + {from: "json.requestMetadata.callerIp", to: "json.requestMetadata.caller_ip", type: "ip"}, + {from: "json.requestMetadata.callerSuppliedUserAgent", to: "json.requestMetadata.caller_supplied_user_agent"}, + {from: "json.requestMetadata", to: "json.request_metadata"}, + + {from: "json.resourceName", to: "json.resource_name"}, + + {from: "json.resourceLocation.currentLocations", to: "json.resourceLocation.current_locations"}, + {from: "json.resourceLocation", to: "json.resource_location"}, + + {from: "json.serviceName", to: "json.service_name"}, + + {from: "json", to: "googlecloud.audit"}, + ], + mode: "rename", + ignore_missing: true, + }); + + // Copy some fields + var copyFields = new processor.Convert({ + fields: [ + {from: "googlecloud.audit.request_metadata.caller_ip", to: "source.ip"}, + {from: "googlecloud.audit.authentication_info.principal_email", to: "user.email"}, + {from: "googlecloud.audit.service_name", to: "service.name"}, + {from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original"}, + {from: "googlecloud.audit.method_name", to: "event.action"}, + ], + fail_on_error: false, + }); + + // Drop extra fields + var dropExtraFields = function(evt) { + evt.Delete("json"); + evt.Delete("googlecloud.audit.request_metadata.requestAttributes"); + evt.Delete("googlecloud.audit.request_metadata.destinationAttributes"); + }; + + // Rename nested fields + var RenameNestedFields = function(evt) { + var arr = evt.Get("googlecloud.audit.authorization_info"); + for (var i = 0; i < arr.length; i++) { + arr[i].resource_attributes = arr[i].resourceAttributes; + delete arr[i].resourceAttributes; + } + }; + + // Set ECS categorization fields. + var setECSCategorization = function(evt) { + if (evt.Get("googlecloud.audit.status.code") == null) { + var authorization_info = evt.Get("googlecloud.audit.authorization_info"); + if (authorization_info.length === 1) { + if (authorization_info[0].granted == null) { + evt.Put("event.outcome", "unknown"); + } else if (authorization_info[0].granted === true) { + evt.Put("event.outcome", "success"); + } else { + evt.Put("event.outcome", "failure"); + } + } else { + evt.Put("event.outcome", "unknown"); + } + } else if (evt.Get("googlecloud.audit.status.code") === 0) { + evt.Put("event.outcome", "success"); + } else { + evt.Put("event.outcome", "failure"); + } + evt.Put("event.kind", "event"); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(saveMetadata) + .Add(setCloudMetadata) + .Add(convertLogEntry) + .Add(convertProtoPayload) + .Add(copyFields) + .Add(dropExtraFields) + .Add(RenameNestedFields) + .Add(setECSCategorization) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var audit; + +// Register params from configuration. +function register(params) { + audit = new Audit(params.keep_original_message); +} + +function process(evt) { + return audit.process(evt); +} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..5756f59aad2 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,34 @@ +--- +description: Pipeline for Google Cloud audit logs + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 00000000000..e8896c68ef8 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,107 @@ +- name: googlecloud.audit + type: group + fields: + - name: type + type: keyword + description: | + Type property. + - name: authentication_info + type: group + fields: + - name: principal_email + type: keyword + description: "The email address of the authenticated user making the request. + \n" + - name: authority_selector + type: keyword + description: "The authority selector specified by the requestor, if any. It + is not guaranteed that the principal was allowed to use this authority. \n" + - name: authorization_info + type: array + description: | + Authorization information for the operation. + fields: + - name: permission + type: keyword + description: "The required IAM permission. \n" + - name: granted + type: boolean + description: "Whether or not authorization for resource and permission was granted. + \n" + - name: resource_attributes + type: group + fields: + - name: service + type: keyword + description: | + The name of the service. + - name: name + type: keyword + description: | + The name of the resource. + - name: type + type: keyword + description: | + The type of the resource. + - name: method_name + type: keyword + description: | + The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. + - name: num_response_items + type: long + description: | + The number of items returned from a List or Query API method, if applicable. + - name: request + type: group + fields: + - name: proto_name + type: keyword + description: | + Type property of the request. + - name: filter + type: keyword + description: | + Filter of the request. + - name: name + type: keyword + description: "Name of the request. \n" + - name: resource_name + type: keyword + description: "Name of the request resource. \n" + - name: request_metadata + type: group + fields: + - name: caller_ip + type: ip + description: "The IP address of the caller. \n" + - name: caller_supplied_user_agent + type: keyword + description: | + The user agent of the caller. This information is not authenticated and should be treated accordingly. + - name: resource_name + type: keyword + description: | + The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. + - name: resource_location + type: group + fields: + - name: current_locations + type: keyword + description: | + Current locations of the resource. + - name: service_name + type: keyword + description: | + The name of the API service performing the operation. For example, datastore.googleapis.com. + - name: status + type: group + fields: + - name: code + type: integer + description: "The status code, which should be an enum value of google.rpc.Code. + \n" + - name: message + type: keyword + description: "A developer-facing error message, which should be in English. + Any user-facing error message should be localized and sent in the google.rpc.Status.details + \ field, or localized by the client. \n" diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/package-fields.yml new file mode 100644 index 00000000000..53365cd7f12 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: googlecloud + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/audit/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/manifest.yml new file mode 100644 index 00000000000..ca4abc323c9 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/audit/manifest.yml @@ -0,0 +1,35 @@ +title: Google Cloud audit logs +release: experimental +type: logs +streams: +- input: google-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-audit + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-googlecloud-audit + template_path: google-pubsub.yml.hbs + title: Google Cloud audit logs (google-pubsub) + description: Collect Google Cloud audit logs using google-pubsub input +- input: logs + vars: + - name: keep_original_message + type: bool + title: Keep Original Message + multi: false + required: true + show_user: true + default: false + template_path: log.yml.hbs + title: Google Cloud audit logs (log) + description: Collect Google Cloud audit logs using log input diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/compute/agent/stream/stream.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f47ab0416e5 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["compute"] +{{#if credentials_file_path}} +credentials_file_path: {{credentials_file_path}} +{{/if}} +{{#if exclude_labels}} +exclude_labels: {{exclude_labels}} +{{/if}} +period: {{period}} +{{#if project_id}} +project_id: {{project_id}} +{{/if}} +{{#if region}} +region: {{region}} +{{/if}} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/fields.yml new file mode 100644 index 00000000000..166c819000c --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/fields.yml @@ -0,0 +1,62 @@ +- name: googlecloud.compute + type: group + release: beta + fields: + - name: instance + type: group + fields: + - name: firewall + type: group + fields: + - name: dropped_bytes_count.value + type: long + description: Incoming bytes dropped by the firewall + - name: dropped_packets_count.value + type: long + description: Incoming packets dropped by the firewall + - name: cpu + type: group + fields: + - name: reserved_cores.value + type: double + description: Number of cores reserved on the host of the instance + - name: utilization.value + type: double + description: The fraction of the allocated CPU that is currently in use on + the instance + - name: usage_time.value + type: double + description: Usage for all cores in seconds + - name: disk + type: group + fields: + - name: read_bytes_count.value + type: long + description: Count of bytes read from disk + - name: read_ops_count.value + type: long + description: Count of disk read IO operations + - name: write_bytes_count.value + type: long + description: Count of bytes written to disk + - name: write_ops_count.value + type: long + description: Count of disk write IO operations + - name: uptime.value + type: long + description: How long the VM has been running, in seconds + - name: network + type: group + fields: + - name: received_bytes_count.value + type: long + description: Count of bytes received from the network + - name: received_packets_count.value + type: long + description: Count of packets received from the network + - name: sent_bytes_count.value + type: long + description: Count of bytes sent over the network + - name: sent_packets_count.value + type: long + description: Count of packets sent over the network diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/package-fields.yml new file mode 100644 index 00000000000..ede4f2cb160 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/fields/package-fields.yml @@ -0,0 +1,18 @@ +- name: googlecloud + type: group + fields: + - name: labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: stackdriver.*.*.*.* + type: object + description: | + Metrics that returned from StackDriver API query. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/compute/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/manifest.yml new file mode 100644 index 00000000000..dca9d607bb9 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/compute/manifest.yml @@ -0,0 +1,43 @@ +title: Google Cloud Platform compute metrics +release: experimental +type: metrics +streams: +- input: googlecloud/metrics + vars: + - name: credentials_file_path + type: text + title: Credentials File Path + multi: false + required: true + show_user: true + default: your JSON credentials file path + - name: exclude_labels + type: bool + title: Exclude Labels + multi: false + required: true + show_user: true + default: false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + - name: project_id + type: text + title: Project Id + multi: false + required: true + show_user: true + default: your project id + - name: region + type: text + title: Region + multi: false + required: true + show_user: true + default: us-central1 + title: Google Cloud Platform compute metrics + description: Collect Google Cloud Platform compute metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/google-pubsub.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/google-pubsub.yml.hbs new file mode 100644 index 00000000000..c3ab15cdd6f --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/google-pubsub.yml.hbs @@ -0,0 +1,17 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +processors: + - script: + lang: javascript + id: googlecloud_firewall_script + params: + debug: {{debug}} + keep_original_message: {{keep_original_message}} + file: ${path.home}/module/googlecloud/firewall/config/pipeline.js \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/log.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ef1213526d0 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/log.yml.hbs @@ -0,0 +1,13 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - script: + lang: javascript + id: googlecloud_firewall_script + params: + debug: {{debug}} + keep_original_message: {{keep_original_message}} + file: ${path.home}/module/googlecloud/firewall/config/pipeline.js \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/pipeline.js b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/pipeline.js new file mode 100644 index 00000000000..ef184bc8620 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/agent/stream/pipeline.js @@ -0,0 +1,331 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets _to_ field from a mapping of _from_ field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function FirewallProcessor(keep_original_message, debug) { + var builder = new PipelineBuilder("firewall", debug); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + builder.Add("decodeJson", new processor.DecodeJSONFields({ + fields: ["message"], + target: "json" + })); + + // Set @timestamp to the LogEntry's timestamp. + builder.Add("parseTimestamp", new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true + })); + + if (keep_original_message) { + builder.Add("saveOriginalMessage", new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + })); + } + + builder.Add("dropPubSubFields", function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }); + + builder.Add("categorizeEvent", new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + action: "firewall-rule" + }, + })); + + builder.Add("saveMetadata", new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.resource.labels.subnetwork_name", to: "network.name"}, + {from: "json.insertId", to: "event.id"} + ], + ignore_missing: true + })); + + // Firewall logs are structured so the LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + builder.Add("convertLogEntry", new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename" + })); + + builder.Add("addType", function(evt) { + var disp = evt.Get("json.disposition"); + if (disp != null) { + evt.AppendTo("event.type", disp.toLowerCase()); + } + }); + + builder.Add("addDirection", makeMapper({ + from: "json.rule_details.direction", + to: "network.direction", + mappings: { + INGRESS: "inbound", + EGRESS: "outbound" + }, + default: "unknown" + })); + + builder.Add("conditionalRename", makeConditional({ + condition: function(evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.src_vpc"}, + {from: "json.instance", to: "json.src_instance"}, + {from: "json.location", to: "json.src_location"}, + {from: "json.remote_vpc", to: "json.dest_vpc"}, + {from: "json.remote_instance", to: "json.dest_instance"}, + {from: "json.remote_location", to: "json.dest_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }), + + INGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.dest_vpc"}, + {from: "json.instance", to: "json.dest_instance"}, + {from: "json.location", to: "json.dest_location"}, + {from: "json.remote_vpc", to: "json.src_vpc"}, + {from: "json.remote_instance", to: "json.src_instance"}, + {from: "json.remote_location", to: "json.src_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }) + })); + + // Set network.iana_number from connection.protocol, converting it to long + // and ignoring the failure if it's not numeric. + builder.Add("ianaNumber", new processor.Convert({ + fields: [{ + from: "json.connection.protocol", + to: "network.iana_number", + type: "long" + }], + fail_on_error: false + })); + + // Set network.transport from iana_number. GCP Firewall only supports + // logging of tcp and udp connections, added icmp just in case as it's the + // other protocol supported by firewall rules. + builder.Add("transportFromIANA", makeMapper({ + from: "network.iana_number", + to: "network.transport", + mappings: { + 1: "icmp", + 6: "tcp", + 17: "udp" + } + })); + + builder.Add("convertJsonPayload", new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.rule_details.reference", to: "rule.name"}, + {from: "json", to: "googlecloud.firewall"}, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false + })); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + builder.Add("dropEmptyObjects", function (evt) { + evt.Delete("googlecloud.firewall.connection"); + evt.Delete("googlecloud.firewall.dest_location"); + evt.Delete("googlecloud.firewall.disposition"); + evt.Delete("googlecloud.firewall.src_location"); + }); + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + builder.Add("copyAddressFields", new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"} + ], + fail_on_error: false + })); + + builder.Add("setCloudMetadata", makeConditional({ + condition: function (evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + ], + ignore_missing: true + }), + + INGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true + }) + })); + + builder.Add("communityId", new processor.CommunityID({ + fields: { + transport: "network.iana_number" + } + })); + + builder.Add("setInternalDirection", function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + if (srcInstance && destInstance) { + event.Put("network.direction", "internal"); + } + }); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }); + + builder.Add("setRelatedIP", function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + +var firewall; + +// Register params from configuration. +function register(params) { + firewall = new FirewallProcessor(params.keep_original_message, params.debug); +} + +function process(evt) { + return firewall.process(evt); +} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..3c1c8534755 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,51 @@ +--- +description: Pipeline for Google Cloud Firewall Logs + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/fields.yml new file mode 100644 index 00000000000..e4349e23f1b --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/fields.yml @@ -0,0 +1,44 @@ +- name: googlecloud.firewall + type: group + fields: + - name: rule_details + type: group + fields: + - name: priority + type: long + description: The priority for the firewall rule. + - name: action + type: keyword + description: Action that the rule performs on match. + - name: direction + type: keyword + description: Direction of traffic that matches this rule. + - name: reference + type: keyword + description: Reference to the firewall rule. + - name: source_range + type: keyword + description: List of source ranges that the firewall rule applies to. + - name: destination_range + type: keyword + description: List of destination ranges that the firewall applies to. + - name: source_tag + type: keyword + description: | + List of all the source tags that the firewall rule applies to. + - name: target_tag + type: keyword + description: | + List of all the target tags that the firewall rule applies to. + - name: ip_port_info + type: array + description: | + List of ip protocols and applicable port ranges for rules. + - name: source_service_account + type: keyword + description: | + List of all the source service accounts that the firewall rule applies to. + - name: target_service_account + type: keyword + description: | + List of all the target service accounts that the firewall rule applies to. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/package-fields.yml new file mode 100644 index 00000000000..53365cd7f12 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: googlecloud + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/manifest.yml new file mode 100644 index 00000000000..9efa5e89de1 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/firewall/manifest.yml @@ -0,0 +1,49 @@ +title: Google Cloud firewall logs +release: experimental +type: logs +streams: +- input: google-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-firewall + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-googlecloud-firewall + - name: debug + type: bool + title: Debug + multi: false + required: true + show_user: true + default: false + template_path: google-pubsub.yml.hbs + title: Google Cloud firewall logs (google-pubsub) + description: Collect Google Cloud firewall logs using google-pubsub input +- input: logs + vars: + - name: debug + type: bool + title: Debug + multi: false + required: true + show_user: true + default: false + - name: keep_original_message + type: bool + title: Keep Original Message + multi: false + required: true + show_user: true + default: false + template_path: log.yml.hbs + title: Google Cloud firewall logs (log) + description: Collect Google Cloud firewall logs using log input diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/agent/stream/stream.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6fedecc2bac --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["loadbalancing"] +{{#if credentials_file_path}} +credentials_file_path: {{credentials_file_path}} +{{/if}} +{{#if exclude_labels}} +exclude_labels: {{exclude_labels}} +{{/if}} +period: {{period}} +{{#if project_id}} +project_id: {{project_id}} +{{/if}} +{{#if zone}} +zone: {{zone}} +{{/if}} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/fields.yml new file mode 100644 index 00000000000..e879e43b496 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/fields.yml @@ -0,0 +1,246 @@ +- name: googlecloud.loadbalancing + type: group + release: beta + fields: + - name: https + type: group + fields: + - name: backend_latencies + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: backend_request_bytes_count.value + type: long + description: The number of bytes sent as requests from HTTP/S load balancer + to backends. + - name: backend_request_count.value + type: long + description: The number of requests served by backends of HTTP/S load balancer. + - name: backend_response_bytes_count.value + type: long + description: The number of bytes sent as responses from backends (or cache) + to HTTP/S load balancer. + - name: frontend_tcp_rtt + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: internal + type: group + fields: + - name: backend_latencies + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: request_bytes_count.value + type: long + description: The number of bytes sent as requests from clients to HTTP/S load + balancer. + - name: request_count.value + type: long + description: The number of requests served by HTTP/S load balancer. + - name: response_bytes_count.value + type: long + description: The number of bytes sent as responses from HTTP/S load balancer + to clients. + - name: total_latencies + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: request_bytes_count.value + type: long + description: The number of bytes sent as requests from clients to HTTP/S load + balancer. + - name: request_count.value + type: long + description: The number of requests served by HTTP/S load balancer. + - name: response_bytes_count.value + type: long + description: The number of bytes sent as responses from HTTP/S load balancer + to clients. + - name: total_latencies + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: l3.internal + type: group + fields: + - name: egress_bytes_count.value + type: long + description: The number of bytes sent from ILB backend to client (for TCP flows + it's counting bytes on application stream only). + - name: egress_packets_count.value + type: long + description: The number of packets sent from ILB backend to client of the flow. + - name: ingress_bytes_count.value + type: long + description: The number of bytes sent from client to ILB backend (for TCP flows + it's counting bytes on application stream only). + - name: ingress_packets_count.value + type: long + description: The number of packets sent from client to ILB backend. + - name: rtt_latencies + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: tcp_ssl_proxy + type: group + fields: + - name: closed_connections.value + type: long + description: Number of connections that were terminated over TCP/SSL proxy. + - name: egress_bytes_count.value + type: long + description: Number of bytes sent from VM to client using proxy. + - name: frontend_tcp_rtt + type: group + fields: + - name: count.value + type: long + - name: mean.value + type: long + - name: bucket_counts.value + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor.value + type: double + - name: scale.value + type: long + - name: num_finite_buckets.value + type: long + - name: ingress_bytes_count.value + type: long + description: Number of bytes sent from client to VM using proxy. + - name: new_connections.value + type: long + description: Number of connections that were created over TCP/SSL proxy. + - name: open_connections.value + type: long + description: Current number of outstanding connections through the TCP/SSL proxy. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/package-fields.yml new file mode 100644 index 00000000000..ede4f2cb160 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/fields/package-fields.yml @@ -0,0 +1,18 @@ +- name: googlecloud + type: group + fields: + - name: labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: stackdriver.*.*.*.* + type: object + description: | + Metrics that returned from StackDriver API query. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/manifest.yml new file mode 100644 index 00000000000..df2b5e15424 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/loadbalancing/manifest.yml @@ -0,0 +1,43 @@ +title: Google Cloud Platform loadbalancing metrics +release: experimental +type: metrics +streams: +- input: googlecloud/metrics + vars: + - name: credentials_file_path + type: text + title: Credentials File Path + multi: false + required: true + show_user: true + default: your JSON credentials file path + - name: exclude_labels + type: bool + title: Exclude Labels + multi: false + required: true + show_user: true + default: false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: project_id + type: text + title: Project Id + multi: false + required: true + show_user: true + default: your project id + - name: zone + type: text + title: Zone + multi: false + required: true + show_user: true + default: us-central1-a + title: Google Cloud Platform loadbalancing metrics + description: Collect Google Cloud Platform loadbalancing metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/agent/stream/stream.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..329415d2156 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["pubsub"] +{{#if credentials_file_path}} +credentials_file_path: {{credentials_file_path}} +{{/if}} +{{#if exclude_labels}} +exclude_labels: {{exclude_labels}} +{{/if}} +period: {{period}} +{{#if project_id}} +project_id: {{project_id}} +{{/if}} +{{#if zone}} +zone: {{zone}} +{{/if}} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/fields.yml new file mode 100644 index 00000000000..5f15e76bdb1 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/fields.yml @@ -0,0 +1,197 @@ +- name: googlecloud.pubsub + type: group + release: beta + fields: + - name: subscription + type: group + fields: + - name: ack_message_count.value + type: long + description: Cumulative count of messages acknowledged by Acknowledge requests, + grouped by delivery type. + - name: backlog_bytes.value + type: long + description: Total byte size of the unacknowledged messages (a.k.a. backlog + messages) in a subscription. + - name: num_outstanding_messages.value + type: long + description: Number of messages delivered to a subscription's push endpoint, + but not yet acknowledged. + - name: num_undelivered_messages.value + type: long + description: Number of unacknowledged messages (a.k.a. backlog messages) in + a subscription. + - name: oldest_unacked_message_age.value + type: long + description: Age (in seconds) of the oldest unacknowledged message (a.k.a. backlog + message) in a subscription. + - name: pull_ack_message_operation_count.value + type: long + description: Cumulative count of acknowledge message operations, grouped by + result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. + - name: pull_ack_request_count.value + type: long + description: Cumulative count of acknowledge requests, grouped by result. + - name: pull_message_operation_count.value + type: long + description: Cumulative count of pull message operations, grouped by result. + For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. + - name: pull_request_count.value + type: long + description: Cumulative count of pull requests, grouped by result. + - name: push_request_count.value + type: long + description: Cumulative count of push attempts, grouped by result. Unlike pulls, + the push server implementation does not batch user messages. So each request + only contains one user message. The push server retries on errors, so a given + user message can appear multiple times. + - name: push_request_latencies.value + type: long + description: Distribution of push request latencies (in microseconds), grouped + by result. + - name: sent_message_count.value + type: long + description: Cumulative count of messages sent by Cloud Pub/Sub to subscriber + clients, grouped by delivery type. + - name: streaming_pull_ack_message_operation_count.value + type: long + description: Cumulative count of StreamingPull acknowledge message operations, + grouped by result. For a definition of message operations, see Cloud Pub/Sub + metric subscription/mod_ack_deadline_message_operation_count. + - name: streaming_pull_ack_request_count.value + type: long + description: Cumulative count of streaming pull requests with non-empty acknowledge + ids, grouped by result. + - name: streaming_pull_message_operation_count.value + type: long + description: Cumulative count of streaming pull message operations, grouped + by result. For a definition of message operations, see Cloud Pub/Sub metric + subscription/mod_ack_deadline_message_operation_count + - name: streaming_pull_response_count.value + type: long + description: Cumulative count of streaming pull responses, grouped by result. + - name: dead_letter_message_count.value + type: long + description: Cumulative count of messages published to dead letter topic, grouped + by result. + - name: mod_ack_deadline_message_count.value + type: long + description: Cumulative count of messages whose deadline was updated by ModifyAckDeadline + requests, grouped by delivery type. + - name: mod_ack_deadline_message_operation_count.value + type: long + description: Cumulative count of ModifyAckDeadline message operations, grouped + by result. + - name: mod_ack_deadline_request_count.value + type: long + description: Cumulative count of ModifyAckDeadline requests, grouped by result. + - name: oldest_retained_acked_message_age.value + type: long + description: Age (in seconds) of the oldest acknowledged message retained in + a subscription. + - name: oldest_retained_acked_message_age_by_region.value + type: long + description: Age (in seconds) of the oldest acknowledged message retained in + a subscription, broken down by Cloud region. + - name: oldest_unacked_message_age_by_region.value + type: long + description: Age (in seconds) of the oldest unacknowledged message in a subscription, + broken down by Cloud region. + - name: retained_acked_bytes.value + type: long + description: Total byte size of the acknowledged messages retained in a subscription. + - name: retained_acked_bytes_by_region.value + type: long + description: Total byte size of the acknowledged messages retained in a subscription, + broken down by Cloud region. + - name: seek_request_count.value + type: long + description: Cumulative count of seek attempts, grouped by result. + - name: streaming_pull_mod_ack_deadline_message_operation_count.value + type: long + description: Cumulative count of StreamingPull ModifyAckDeadline operations, + grouped by result. + - name: streaming_pull_mod_ack_deadline_request_count.value + type: long + description: Cumulative count of streaming pull requests with non-empty ModifyAckDeadline + fields, grouped by result. + - name: byte_cost.value + type: long + description: Cumulative cost of operations, measured in bytes. This is used + to measure quota utilization. + - name: config_updates_count.value + type: long + description: Cumulative count of configuration changes for each subscription, + grouped by operation type and result. + - name: unacked_bytes_by_region.value + type: long + description: Total byte size of the unacknowledged messages in a subscription, + broken down by Cloud region. + - name: topic + type: group + fields: + - name: streaming_pull_response_count.value + type: long + description: Cumulative count of streaming pull responses, grouped by result. + - name: send_message_operation_count.value + type: long + description: Cumulative count of publish message operations, grouped by result. + For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. + - name: send_request_count.value + type: long + description: Cumulative count of publish requests, grouped by result. + - name: oldest_retained_acked_message_age_by_region.value + type: long + description: Age (in seconds) of the oldest acknowledged message retained in + a topic, broken down by Cloud region. + - name: oldest_unacked_message_age_by_region.value + type: long + description: Age (in seconds) of the oldest unacknowledged message in a topic, + broken down by Cloud region. + - name: retained_acked_bytes_by_region.value + type: long + description: Total byte size of the acknowledged messages retained in a topic, + broken down by Cloud region. + - name: byte_cost.value + type: long + description: Cost of operations, measured in bytes. This is used to measure + utilization for quotas. + - name: config_updates_count.value + type: long + description: Cumulative count of configuration changes, grouped by operation + type and result. + - name: message_sizes.value + type: long + description: Distribution of publish message sizes (in bytes) + - name: unacked_bytes_by_region.value + type: long + description: Total byte size of the unacknowledged messages in a topic, broken + down by Cloud region. + - name: snapshot + type: group + fields: + - name: oldest_message_age.value + type: long + description: Age (in seconds) of the oldest message retained in a snapshot. + - name: oldest_message_age_by_region.value + type: long + description: Age (in seconds) of the oldest message retained in a snapshot, + broken down by Cloud region. + - name: backlog_bytes.value + type: long + description: Total byte size of the messages retained in a snapshot. + - name: backlog_bytes_by_region.value + type: long + description: Total byte size of the messages retained in a snapshot, broken + down by Cloud region. + - name: num_messages.value + type: long + description: Number of messages retained in a snapshot. + - name: num_messages_by_region.value + type: long + description: Number of messages retained in a snapshot, broken down by Cloud + region. + - name: config_updates_count.value + type: long + description: Cumulative count of configuration changes, grouped by operation + type and result. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/package-fields.yml new file mode 100644 index 00000000000..ede4f2cb160 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/fields/package-fields.yml @@ -0,0 +1,18 @@ +- name: googlecloud + type: group + fields: + - name: labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: stackdriver.*.*.*.* + type: object + description: | + Metrics that returned from StackDriver API query. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/manifest.yml new file mode 100644 index 00000000000..6ba03dac866 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/pubsub/manifest.yml @@ -0,0 +1,43 @@ +title: Google Cloud Platform pubsub metrics +release: experimental +type: metrics +streams: +- input: googlecloud/metrics + vars: + - name: credentials_file_path + type: text + title: Credentials File Path + multi: false + required: true + show_user: true + default: your JSON credentials file path + - name: exclude_labels + type: bool + title: Exclude Labels + multi: false + required: true + show_user: true + default: false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + - name: project_id + type: text + title: Project Id + multi: false + required: true + show_user: true + default: your project id + - name: zone + type: text + title: Zone + multi: false + required: true + show_user: true + default: us-central1-a + title: Google Cloud Platform pubsub metrics + description: Collect Google Cloud Platform pubsub metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/agent/stream/stream.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..907979aa2c0 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["stackdriver"] diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/fields.yml new file mode 100644 index 00000000000..0705ac93452 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/fields.yml @@ -0,0 +1,4 @@ +- name: googlecloud. + key: stackdriver + type: group + release: beta diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/package-fields.yml new file mode 100644 index 00000000000..ede4f2cb160 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/fields/package-fields.yml @@ -0,0 +1,18 @@ +- name: googlecloud + type: group + fields: + - name: labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: stackdriver.*.*.*.* + type: object + description: | + Metrics that returned from StackDriver API query. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/manifest.yml new file mode 100644 index 00000000000..6aadea89024 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/stackdriver/manifest.yml @@ -0,0 +1,7 @@ +title: Google Cloud Platform stackdriver metrics +release: experimental +type: metrics +streams: +- input: googlecloud/metrics + title: Google Cloud Platform stackdriver metrics + description: Collect Google Cloud Platform stackdriver metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/storage/agent/stream/stream.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9c94cb3d22f --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/agent/stream/stream.yml.hbs @@ -0,0 +1,14 @@ +metricsets: ["storage"] +{{#if credentials_file_path}} +credentials_file_path: {{credentials_file_path}} +{{/if}} +{{#if exclude_labels}} +exclude_labels: {{exclude_labels}} +{{/if}} +period: {{period}} +{{#if project_id}} +project_id: {{project_id}} +{{/if}} +{{#if region}} +region: {{region}} +{{/if}} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/fields.yml new file mode 100644 index 00000000000..d427a986e61 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/fields.yml @@ -0,0 +1,52 @@ +- name: googlecloud.storage + type: group + release: beta + fields: + - name: api + type: group + fields: + - name: request_count.value + type: long + description: Delta count of API calls, grouped by the API method name and response + code. + - name: authz + type: group + fields: + - name: acl_based_object_access_count.value + type: long + description: Delta count of requests that result in an object being granted + access solely due to object ACLs. + - name: acl_operations_count.value + type: long + description: Usage of ACL operations broken down by type. + - name: object_specific_acl_mutation_count.value + type: long + description: Delta count of changes made to object specific ACLs. + - name: network + type: group + fields: + - name: received_bytes_count.value + type: long + description: Delta count of bytes received over the network, grouped by the + API method name and response code. + - name: sent_bytes_count.value + type: long + description: Delta count of bytes sent over the network, grouped by the API + method name and response code. + - name: storage + type: group + fields: + - name: object_count.value + type: long + description: Total number of objects per bucket, grouped by storage class. This + value is measured once per day, and the value is repeated at each sampling + interval throughout the day. + - name: total_byte_seconds.value + type: long + description: Delta count of bytes received over the network, grouped by the + API method name and response code. + - name: total_bytes.value + type: long + description: Total size of all objects in the bucket, grouped by storage class. + This value is measured once per day, and the value is repeated at each sampling + interval throughout the day. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/package-fields.yml new file mode 100644 index 00000000000..ede4f2cb160 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/fields/package-fields.yml @@ -0,0 +1,18 @@ +- name: googlecloud + type: group + fields: + - name: labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: stackdriver.*.*.*.* + type: object + description: | + Metrics that returned from StackDriver API query. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/storage/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/manifest.yml new file mode 100644 index 00000000000..8ff2d206fb9 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/storage/manifest.yml @@ -0,0 +1,43 @@ +title: Google Cloud Platform storage metrics +release: experimental +type: metrics +streams: +- input: googlecloud/metrics + vars: + - name: credentials_file_path + type: text + title: Credentials File Path + multi: false + required: true + show_user: true + default: your JSON credentials file path + - name: exclude_labels + type: bool + title: Exclude Labels + multi: false + required: true + show_user: true + default: false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 300s + - name: project_id + type: text + title: Project Id + multi: false + required: true + show_user: true + default: your project id + - name: region + type: text + title: Region + multi: false + required: true + show_user: true + default: us-central1 + title: Google Cloud Platform storage metrics + description: Collect Google Cloud Platform storage metrics diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/google-pubsub.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/google-pubsub.yml.hbs new file mode 100644 index 00000000000..47458df8678 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/google-pubsub.yml.hbs @@ -0,0 +1,16 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +processors: + - script: + lang: javascript + id: googlecloud_vpcflow_script + file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e6d439c3448 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - script: + lang: javascript + id: googlecloud_vpcflow_script + file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/pipeline.js b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/pipeline.js new file mode 100644 index 00000000000..dd7e3e0ea7e --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/agent/stream/pipeline.js @@ -0,0 +1,259 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function VPCFlow(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }; + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + }, + }); + + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + // Use the LogEntry object's timestamp. VPC flow logs are structured so the + // LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + // https://cloud.google.com/vpc/docs/using-flow-logs#record_format + var convertJsonPayload = new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.protocol", to: "network.iana_number", type: "string"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.bytes_sent", to: "source.bytes", type: "long"}, + {from: "json.packets_sent", to: "source.packets", type: "long"}, + + {from: "json.start_time", to: "event.start"}, + {from: "json.end_time", to: "event.end"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + + {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, + {from: "json", to: "googlecloud.vpcflow"}, + ], + mode: "rename", + ignore_missing: true, + }); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + var dropEmptyObjects = function (evt) { + evt.Delete("googlecloud.vpcflow.connection"); + evt.Delete("googlecloud.vpcflow.dest_location"); + evt.Delete("googlecloud.vpcflow.src_location"); + }; + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + var copyAddressFields = new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"}, + ], + fail_on_error: false, + }); + + var setCloudFromDestInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + var setCloudFromSrcInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + // Set the cloud metadata fields based on the instance that reported the + // event. + var setCloudMetadata = function(evt) { + var reporter = evt.Get("googlecloud.vpcflow.reporter"); + + if (reporter === "DEST") { + setCloudFromDestInstance.Run(evt); + } else if (reporter === "SRC") { + setCloudFromSrcInstance.Run(evt); + } + }; + + var communityId = new processor.CommunityID({ + fields: { + transport: "network.iana_number", + } + }); + + // VPC flows are unidirectional so we only have to worry about copy the + // source.bytes/packets over to network.bytes/packets. + var setNetworkBytesPackets = new processor.Convert({ + fields: [ + {from: "source.bytes", to: "network.bytes"}, + {from: "source.packets", to: "network.packets"}, + ], + ignore_missing: true, + }); + + // VPC flow logs are reported for TCP and UDP traffic only so handle these + // protocols' IANA numbers. + var setNetworkTransport = function(event) { + var ianaNumber = event.Get("network.iana_number"); + switch (ianaNumber) { + case "6": + event.Put("network.transport", "tcp"); + break; + case "17": + event.Put("network.transport", "udp"); + break; + } + }; + + var setNetworkDirection = function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + var direction = "unknown"; + + if (srcInstance && destInstance) { + direction = "internal"; + } else if (srcInstance) { + direction = "outbound"; + } else if (destInstance) { + direction = "inbound"; + } + event.Put("network.direction", direction); + }; + + var setNetworkType = function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }; + + var setRelatedIP = function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(categorizeEvent) + .Add(saveMetadata) + .Add(convertLogEntry) + .Add(convertJsonPayload) + .Add(dropEmptyObjects) + .Add(copyAddressFields) + .Add(setCloudMetadata) + .Add(communityId) + .Add(setNetworkBytesPackets) + .Add(setNetworkTransport) + .Add(setNetworkDirection) + .Add(setNetworkType) + .Add(setRelatedIP) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var vpcflow; + +// Register params from configuration. +function register(params) { + vpcflow = new VPCFlow(params.keep_original_message); +} + +function process(evt) { + return vpcflow.process(evt); +} diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..50d2f41bf49 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for Google Cloud VPC Flow Logs + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/fields.yml new file mode 100644 index 00000000000..a91c8d2d810 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/fields.yml @@ -0,0 +1,11 @@ +- name: googlecloud.vpcflow + type: group + fields: + - name: reporter + type: keyword + description: | + The side which reported the flow. Can be either 'SRC' or 'DEST'. + - name: rtt.ms + type: long + description: | + Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/package-fields.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/package-fields.yml new file mode 100644 index 00000000000..53365cd7f12 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: googlecloud + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/manifest.yml new file mode 100644 index 00000000000..fd0a84254ef --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/dataset/vpcflow/manifest.yml @@ -0,0 +1,35 @@ +title: Google Cloud vpcflow logs +release: experimental +type: logs +streams: +- input: google-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-vpcflow + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-googlecloud-vpcflow + template_path: google-pubsub.yml.hbs + title: Google Cloud vpcflow logs (google-pubsub) + description: Collect Google Cloud vpcflow logs using google-pubsub input +- input: logs + vars: + - name: keep_original_message + type: bool + title: Keep Original Message + multi: false + required: true + show_user: true + default: false + template_path: log.yml.hbs + title: Google Cloud vpcflow logs (log) + description: Collect Google Cloud vpcflow logs using log input diff --git a/dev/packages/beats/googlecloud/0.0.1/docs/README.md b/dev/packages/beats/googlecloud/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/img/filebeat-googlecloud-audit.png b/dev/packages/beats/googlecloud/0.0.1/img/filebeat-googlecloud-audit.png new file mode 100644 index 00000000000..4f68932e9f7 Binary files /dev/null and b/dev/packages/beats/googlecloud/0.0.1/img/filebeat-googlecloud-audit.png differ diff --git a/dev/packages/beats/googlecloud/0.0.1/img/logo_gcp.svg b/dev/packages/beats/googlecloud/0.0.1/img/logo_gcp.svg new file mode 100644 index 00000000000..75e139f9b2e --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/img/logo_gcp.svg @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/googlecloud/0.0.1/img/metricbeat-googlecloud-compute-overview.png b/dev/packages/beats/googlecloud/0.0.1/img/metricbeat-googlecloud-compute-overview.png new file mode 100644 index 00000000000..d4d90d27ad3 Binary files /dev/null and b/dev/packages/beats/googlecloud/0.0.1/img/metricbeat-googlecloud-compute-overview.png differ diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/6576c480-73a2-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/6576c480-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..4267423e64f --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/6576c480-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,163 @@ +{ + "attributes": { + "description": "Overview of audit events from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 32.1625, + "lon": -48.67493, + "zoom": 1.97 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "panelRefName": "panel_6", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs GoogleCloud] Audit", + "version": 1 + }, + "id": "6576c480-73a2-11ea-a345-f985c61fe654", + "references": [ + { + "id": "a97de660-73a5-11ea-a345-f985c61fe654", + "name": "panel_0", + "type": "map" + }, + { + "id": "4627efa0-73a2-11ea-a345-f985c61fe654", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "eb5bf570-73a2-11ea-a345-f985c61fe654", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "33ee1320-73a5-11ea-a345-f985c61fe654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a8e40240-73a3-11ea-a345-f985c61fe654", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6d90d320-73a4-11ea-a345-f985c61fe654", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "panel_6", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/ac97c2f0-6ac5-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/ac97c2f0-6ac5-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..05748395e82 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/ac97c2f0-6ac5-11ea-b657-e57ec854315f.json @@ -0,0 +1,217 @@ +{ + "attributes": { + "description": "Overview of Googlecloud Pubsub Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 13, + "i": "575df0fe-b44d-471f-8386-c4bd118a3810", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "575df0fe-b44d-471f-8386-c4bd118a3810", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Oldest Unacked Message" + }, + "gridData": { + "h": 13, + "i": "5c336037-7c71-4eab-b544-926aaff73736", + "w": 17, + "x": 11, + "y": 0 + }, + "panelIndex": "5c336037-7c71-4eab-b544-926aaff73736", + "panelRefName": "panel_1", + "title": "Subscription Oldest Unacked Message", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Undelivered Messages" + }, + "gridData": { + "h": 13, + "i": "389bc633-eeaf-4deb-815c-3a6b8e5d95ac", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "389bc633-eeaf-4deb-815c-3a6b8e5d95ac", + "panelRefName": "panel_2", + "title": "Subscription Undelivered Messages", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Backlog Size" + }, + "gridData": { + "h": 15, + "i": "2e8dc479-ba85-4424-87c4-40b93e801006", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "2e8dc479-ba85-4424-87c4-40b93e801006", + "panelRefName": "panel_3", + "title": "Subscription Backlog Size", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Pull Request Count" + }, + "gridData": { + "h": 15, + "i": "aefce32f-71e4-4770-9a4b-bedb2c608abd", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "aefce32f-71e4-4770-9a4b-bedb2c608abd", + "panelRefName": "panel_4", + "title": "Subscription Pull Request Count", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Topic Message Size" + }, + "gridData": { + "h": 15, + "i": "ca4cce89-0d1d-4d96-b35f-443a05d1b410", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "ca4cce89-0d1d-4d96-b35f-443a05d1b410", + "panelRefName": "panel_5", + "title": "Topic Message Size", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Undelivered Messages" + }, + "gridData": { + "h": 15, + "i": "95c5c1f6-194c-4814-8281-02fecf7a81a5", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "95c5c1f6-194c-4814-8281-02fecf7a81a5", + "panelRefName": "panel_6", + "title": "Subscription Undelivered Messages", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Pull Message Operation Count" + }, + "gridData": { + "h": 15, + "i": "ab2fad6a-f888-4b49-92c4-c220f3b8669c", + "w": 24, + "x": 0, + "y": 43 + }, + "panelIndex": "ab2fad6a-f888-4b49-92c4-c220f3b8669c", + "panelRefName": "panel_7", + "title": "Subscription Pull Message Operation Count", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Subscription Sent Message Count" + }, + "gridData": { + "h": 15, + "i": "2121bde6-3a01-4339-8508-a20c107c62c9", + "w": 24, + "x": 24, + "y": 43 + }, + "panelIndex": "2121bde6-3a01-4339-8508-a20c107c62c9", + "panelRefName": "panel_8", + "title": "Subscription Sent Message Count", + "version": "7.6.1" + } + ], + "timeRestore": false, + "title": "[Metrics Googlecloud] Pubsub Overview", + "version": 1 + }, + "id": "ac97c2f0-6ac5-11ea-b657-e57ec854315f", + "references": [ + { + "id": "8897e920-6ac5-11ea-b657-e57ec854315f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1a83ede0-6ab5-11ea-b657-e57ec854315f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "fddf3a50-6ac8-11ea-b657-e57ec854315f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "5067cf60-6a2b-11ea-b657-e57ec854315f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "8e4a1d50-6ab8-11ea-b657-e57ec854315f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "0cb2b3f0-6abe-11ea-b657-e57ec854315f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "afe5e1b0-6ab3-11ea-b657-e57ec854315f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "8355dab0-6ab8-11ea-b657-e57ec854315f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "97ee1230-6ab8-11ea-b657-e57ec854315f", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/f40ee870-5e4a-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/f40ee870-5e4a-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..278b4006b28 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/dashboard/f40ee870-5e4a-11ea-a4f6-717338406083.json @@ -0,0 +1,217 @@ +{ + "attributes": { + "description": "Overview of Googlecloud Compute Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Filters" + }, + "gridData": { + "h": 17, + "i": "28706ab2-1142-401d-9143-f4176a034c10", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "28706ab2-1142-401d-9143-f4176a034c10", + "panelRefName": "panel_0", + "title": "Filters", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Instance Uptime" + }, + "gridData": { + "h": 17, + "i": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", + "w": 10, + "x": 7, + "y": 0 + }, + "panelIndex": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", + "panelRefName": "panel_1", + "title": "Instance Uptime", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "CPU Utilization" + }, + "gridData": { + "h": 17, + "i": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", + "w": 31, + "x": 17, + "y": 0 + }, + "panelIndex": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", + "panelRefName": "panel_2", + "title": "CPU Utilization", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Read I/O" + }, + "gridData": { + "h": 15, + "i": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", + "panelRefName": "panel_3", + "title": "Read I/O", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Write I/O" + }, + "gridData": { + "h": 15, + "i": "93906f63-42c9-4f30-9b2c-05041a9e1efe", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "93906f63-42c9-4f30-9b2c-05041a9e1efe", + "panelRefName": "panel_4", + "title": "Write I/O", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Network Sent Bytes" + }, + "gridData": { + "h": 15, + "i": "e1a4e862-dd00-409f-8746-8a8e4bc82807", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "e1a4e862-dd00-409f-8746-8a8e4bc82807", + "panelRefName": "panel_5", + "title": "Network Sent Bytes", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Network Received Bytes" + }, + "gridData": { + "h": 15, + "i": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", + "panelRefName": "panel_6", + "title": "Network Received Bytes", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Firewall Dropped Bytes" + }, + "gridData": { + "h": 15, + "i": "00689e12-4cb3-49ad-ac33-dbe4279f446e", + "w": 24, + "x": 0, + "y": 47 + }, + "panelIndex": "00689e12-4cb3-49ad-ac33-dbe4279f446e", + "panelRefName": "panel_7", + "title": "Firewall Dropped Bytes", + "version": "7.6.1" + }, + { + "embeddableConfig": { + "title": "Firewall Dropped Packets" + }, + "gridData": { + "h": 15, + "i": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", + "w": 24, + "x": 24, + "y": 47 + }, + "panelIndex": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", + "panelRefName": "panel_8", + "title": "Firewall Dropped Packets", + "version": "7.6.1" + } + ], + "timeRestore": false, + "title": "[Metrics Googlecloud] Compute Overview", + "version": 1 + }, + "id": "f40ee870-5e4a-11ea-a4f6-717338406083", + "references": [ + { + "id": "3aa96470-5fc4-11ea-a4f6-717338406083", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "da5bc460-63e1-11ea-b0ac-95d4ecb1fecd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "3f472ea0-5e47-11ea-a4f6-717338406083", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "89513bc0-5e48-11ea-a4f6-717338406083", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "95e1f050-5e48-11ea-a4f6-717338406083", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6f795e70-5e49-11ea-a4f6-717338406083", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "43f45ba0-5e4a-11ea-a4f6-717338406083", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "9d919d00-5e4d-11ea-a4f6-717338406083", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "ef1508c0-5e4c-11ea-a4f6-717338406083", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/map/a97de660-73a5-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/map/a97de660-73a5-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..4a23a5cadf7 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/map/a97de660-73a5-11ea-a345-f985c61fe654.json @@ -0,0 +1,185 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -180, + 74.14342 + ], + [ + -180, + -58.35006 + ], + [ + 180, + -58.35006 + ], + [ + 180, + 74.14342 + ], + [ + -180, + 74.14342 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "279da950-e9a7-4287-ab37-25906e448455", + "joins": [], + "label": "Source Locations", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "stream.dataset:googlecloud.audit" + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "79ec6461-7561-45e4-a6a2-9d6fbd4cf986", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "now-7d", + "to": "now" + }, + "zoom": 1.97 + }, + "title": "Audit Source Locations [Logs GoogleCloud]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "a97de660-73a5-11ea-a345-f985c61fe654", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/search/d88364c0-73a1-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/search/d88364c0-73a1-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..f44b74f514e --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/search/d88364c0-73a1-11ea-a345-f985c61fe654.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "columns": [ + "user.email", + "service.name", + "googlecloud.audit.type", + "event.action", + "event.outcome", + "source.ip", + "source.geo.region_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "googlecloud.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "googlecloud.audit" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "Audit [Logs GoogleCloud]", + "version": 1 + }, + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/0cb2b3f0-6abe-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/0cb2b3f0-6abe-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..c19624852b7 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/0cb2b3f0-6abe-11ea-b657-e57ec854315f.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Topic Message Size [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e0957450-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "df2ac0c0-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.topic.message_sizes.bucket_options.Options.ExponentialBuckets.num_finite_buckets", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.topic_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Topic Message Size [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "0cb2b3f0-6abe-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/1a83ede0-6ab5-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/1a83ede0-6ab5-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..b549edc50bf --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/1a83ede0-6ab5-11ea-b657-e57ec854315f.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Oldest Unacked Message [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e0957450-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "bar_color_rules": [ + { + "id": "8a3465a0-6ac6-11ea-a262-61aa6533c46b" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "df2ac0c0-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "stream.dataset: \"googlecloud.pubsub\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Oldest Unacknowledged Message(s)", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.oldest_unacked_message_age", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Pubsub Subscription Oldest Unacked Message [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "1a83ede0-6ab5-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/33ee1320-73a5-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/33ee1320-73a5-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..ab3ce9e7755 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/33ee1320-73a5-11ea-a345-f985c61fe654.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Top User Email [Logs GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Audit Top User Email [Logs GoogleCloud]", + "type": "tagcloud" + } + }, + "id": "33ee1320-73a5-11ea-a345-f985c61fe654", + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3aa96470-5fc4-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3aa96470-5fc4-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..f0a881cb336 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3aa96470-5fc4-11ea-a4f6-717338406083.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "az-instance-account Filter [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cloud.availability_zone", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "availability zone", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.instance.name", + "id": "1583510592540", + "indexPatternRefName": "control_1_index_pattern", + "label": "instance name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.account.id", + "id": "1583510650472", + "indexPatternRefName": "control_2_index_pattern", + "label": "account id", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "az-instance-account Filter [Metrics Googlecloud]", + "type": "input_control_vis" + } + }, + "id": "3aa96470-5fc4-11ea-a4f6-717338406083", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3f472ea0-5e47-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3f472ea0-5e47-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..ea3321f72f1 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/3f472ea0-5e47-11ea-a4f6-717338406083.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute CPU Utilization [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.instance.cpu.utilization", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute CPU Utilization [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "3f472ea0-5e47-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/43f45ba0-5e4a-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/43f45ba0-5e4a-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..94c7eb539c6 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/43f45ba0-5e4a-11ea-a4f6-717338406083.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Network Received Bytes [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.instance.network.received_bytes_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute Network Received Bytes [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "43f45ba0-5e4a-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/4627efa0-73a2-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/4627efa0-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..f711d1fdb9a --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/4627efa0-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,152 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Events Outcome over time [Logs GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Audit Event Outcome over time [Logs GoogleCloud]", + "type": "histogram" + } + }, + "id": "4627efa0-73a2-11ea-a345-f985c61fe654", + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/5067cf60-6a2b-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/5067cf60-6a2b-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..260ac39614b --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/5067cf60-6a2b-11ea-b657-e57ec854315f.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Backlog Size [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cb6bee00-6a1f-11ea-b594-a5f826db7e0b" + } + ], + "bar_color_rules": [ + { + "id": "cc54ee70-6a1f-11ea-b594-a5f826db7e0b" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "cce19e10-6a1f-11ea-b594-a5f826db7e0b" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.backlog_bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Subscription Backlog Size [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "5067cf60-6a2b-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6d90d320-73a4-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6d90d320-73a4-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..76b619d3102 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6d90d320-73a4-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Resource Name [Logs GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "googlecloud.audit.resource_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Resource Name [Logs GoogleCloud]", + "type": "pie" + } + }, + "id": "6d90d320-73a4-11ea-a345-f985c61fe654", + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6f795e70-5e49-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6f795e70-5e49-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..3b5616ce64a --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/6f795e70-5e49-11ea-a4f6-717338406083.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Network Sent Bytes [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.instance.network.sent_bytes_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute Network Sent Bytes [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "6f795e70-5e49-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8355dab0-6ab8-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8355dab0-6ab8-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..21430b269a7 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8355dab0-6ab8-11ea-b657-e57ec854315f.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Pull Message Operation Count [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e0957450-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "df2ac0c0-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.pull_message_operation_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Subscription Pull Message Operation Count [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "8355dab0-6ab8-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8897e920-6ac5-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8897e920-6ac5-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..c67f23f38e2 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8897e920-6ac5-11ea-b657-e57ec854315f.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Filters [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "googlecloud.labels.resource.subscription_id", + "id": "1584720667458", + "indexPatternRefName": "control_0_index_pattern", + "label": "Subscription ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "googlecloud.labels.resource.topic_id", + "id": "1584720684072", + "indexPatternRefName": "control_1_index_pattern", + "label": "Topic ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Pubsub Filters [Metrics Googlecloud]", + "type": "input_control_vis" + } + }, + "id": "8897e920-6ac5-11ea-b657-e57ec854315f", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/89513bc0-5e48-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/89513bc0-5e48-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..bb9bf6de25b --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/89513bc0-5e48-11ea-a4f6-717338406083.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Read I/O [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.instance.disk.read_ops_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute Read I/O [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "89513bc0-5e48-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8e4a1d50-6ab8-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8e4a1d50-6ab8-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..7ecac7b19ac --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/8e4a1d50-6ab8-11ea-b657-e57ec854315f.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Pull Request Count [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e0957450-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "df2ac0c0-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.pull_request_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Subscription Pull Request Count [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "8e4a1d50-6ab8-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/95e1f050-5e48-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/95e1f050-5e48-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..6406033ace5 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/95e1f050-5e48-11ea-a4f6-717338406083.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Write I/O [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.instance.disk.write_ops_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute Write I/O [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "95e1f050-5e48-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/97ee1230-6ab8-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/97ee1230-6ab8-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..9fe456dc5a5 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/97ee1230-6ab8-11ea-b657-e57ec854315f.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Sent Message Count [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "e0957450-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "df2ac0c0-6ab4-11ea-b946-0f4b813ed42e" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.sent_message_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Subscription Sent Message Count [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "97ee1230-6ab8-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/9d919d00-5e4d-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/9d919d00-5e4d-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..bfe48320061 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/9d919d00-5e4d-11ea-a4f6-717338406083.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Firewall Dropped Bytes [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "bar_color_rules": [ + { + "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.compute.firewall.dropped_bytes_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Compute Firewall Dropped Bytes [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "9d919d00-5e4d-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/a8e40240-73a3-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/a8e40240-73a3-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..0df4fc88a47 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/a8e40240-73a3-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit User Agent [Logs GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit User Agent [Logs GoogleCloud]", + "type": "pie" + } + }, + "id": "a8e40240-73a3-11ea-a345-f985c61fe654", + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/afe5e1b0-6ab3-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/afe5e1b0-6ab3-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..5c34cd10231 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/afe5e1b0-6ab3-11ea-b657-e57ec854315f.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Undelivered Messages [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.num_undelivered_messages", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Pubsub Subscription Undelivered Messages [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "afe5e1b0-6ab3-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json new file mode 100644 index 00000000000..678728803dc --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json @@ -0,0 +1,108 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Instance Uptime Gauge [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "74a18260-63df-11ea-9543-55b68a4bcad3" + } + ], + "bar_color_rules": [ + { + "id": "77a54c80-63df-11ea-9543-55b68a4bcad3" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "777371a0-63e0-11ea-9543-55b68a4bcad3", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "circle", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average Uptime", + "line_width": 1, + "metrics": [ + { + "denominator": "60", + "field": "googlecloud.compute.instance.uptime", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "numerator": "googlecloud.compute.instance.uptime", + "type": "avg", + "values": [ + "60" + ] + }, + { + "id": "81dc6000-63e7-11ea-994d-3b2599babc53", + "script": "params.uptime /60\n", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "85f3bd00-63e7-11ea-994d-3b2599babc53", + "name": "uptime" + } + ] + } + ], + "override_index_pattern": 0, + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Compute Instance Uptime Gauge [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "da5bc460-63e1-11ea-b0ac-95d4ecb1fecd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/eb5bf570-73a2-11ea-a345-f985c61fe654.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/eb5bf570-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..6710c586dca --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/eb5bf570-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Action [Logs GoogleCloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Event Action [Logs GoogleCloud]", + "type": "pie" + } + }, + "id": "eb5bf570-73a2-11ea-a345-f985c61fe654", + "references": [ + { + "id": "d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/ef1508c0-5e4c-11ea-a4f6-717338406083.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/ef1508c0-5e4c-11ea-a4f6-717338406083.json new file mode 100644 index 00000000000..fbdb66f3c93 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/ef1508c0-5e4c-11ea-a4f6-717338406083.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Compute Firewall Dropped Packets [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "bar_color_rules": [ + { + "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "3", + "metrics": [ + { + "field": "googlecloud.compute.firewall.dropped_packets_count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "type": "top_n" + }, + "title": "Compute Firewall Dropped Packets [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "ef1508c0-5e4c-11ea-a4f6-717338406083", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/fddf3a50-6ac8-11ea-b657-e57ec854315f.json b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/fddf3a50-6ac8-11ea-b657-e57ec854315f.json new file mode 100644 index 00000000000..ba4e6e907f1 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/kibana/visualization/fddf3a50-6ac8-11ea-b657-e57ec854315f.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Pubsub Subscription Number of Undelivered Messages [Metrics Googlecloud]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "eed2b050-6ac8-11ea-a765-0512a055c04c" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of Undelivered Messages", + "line_width": "2", + "metrics": [ + { + "field": "googlecloud.pubsub.subscription.num_undelivered_messages", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "googlecloud.labels.resource.subscription_id", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Pubsub Subscription Number of Undelivered Messages [Metrics Googlecloud]", + "type": "metrics" + } + }, + "id": "fddf3a50-6ac8-11ea-b657-e57ec854315f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/googlecloud/0.0.1/manifest.yml b/dev/packages/beats/googlecloud/0.0.1/manifest.yml new file mode 100644 index 00000000000..037d48516a2 --- /dev/null +++ b/dev/packages/beats/googlecloud/0.0.1/manifest.yml @@ -0,0 +1,43 @@ +format_version: 1.0.0 +name: googlecloud +title: Google Cloud Platform +version: 0.0.1 +license: basic +description: Google Cloud Platform Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-googlecloud-audit.png + title: filebeat googlecloud audit + size: 1702x996 + type: image/png +- src: /img/metricbeat-googlecloud-compute-overview.png + title: metricbeat googlecloud compute overview + size: 5109x2610 + type: image/png +icons: +- src: /img/logo_gcp.svg + title: logo gcp + size: 32x32 + type: image/svg+xml +datasources: +- name: googlecloud + title: Google Cloud Platform logs and metrics + description: Collect logs and metrics from Google Cloud Platform instances + inputs: + - type: logs + title: Collect logs from Google Cloud Platform instances + description: Collecting Google Cloud Platform audit, firewall and vpcflow logs + - type: googlecloud/metrics + title: Collect metrics from Google Cloud Platform instances + description: Collecting Google Cloud Platform compute, loadbalancing, pubsub, + stackdriver and storage metrics diff --git a/dev/packages/beats/graphite/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/graphite/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..927804223ae --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["server"] diff --git a/dev/packages/beats/graphite/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/graphite/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..688c0229290 --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,8 @@ +- name: graphite.server + type: group + release: ga + fields: + - name: example + type: keyword + description: | + Example field diff --git a/dev/packages/beats/graphite/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/graphite/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..305d785a56e --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: graphite + type: group diff --git a/dev/packages/beats/graphite/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/graphite/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..c9092eda644 --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,7 @@ +title: Graphite server metrics +release: experimental +type: metrics +streams: +- input: graphite/metrics + title: Graphite server metrics + description: Collect Graphite server metrics diff --git a/dev/packages/beats/graphite/0.0.1/docs/README.md b/dev/packages/beats/graphite/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/graphite/0.0.1/manifest.yml b/dev/packages/beats/graphite/0.0.1/manifest.yml new file mode 100644 index 00000000000..3eaf475fd9a --- /dev/null +++ b/dev/packages/beats/graphite/0.0.1/manifest.yml @@ -0,0 +1,22 @@ +format_version: 1.0.0 +name: graphite +title: Graphite +version: 0.0.1 +license: basic +description: Graphite Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: graphite + title: Graphite metrics + description: Collect metrics from Graphite instances + inputs: + - type: graphite/metrics + title: Collect metrics from Graphite instances + description: Collecting Graphite server metrics diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/info/agent/stream/stream.yml.hbs b/dev/packages/beats/haproxy/0.0.1/dataset/info/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d575458dc9d --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/info/agent/stream/stream.yml.hbs @@ -0,0 +1,12 @@ +metricsets: ["info"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/ecs.yml b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/ecs.yml new file mode 100644 index 00000000000..5263890ef3a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/ecs.yml @@ -0,0 +1,10 @@ +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 00000000000..4f586b9b838 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,144 @@ +- name: haproxy.info + type: group + release: ga + fields: + - name: processes + type: long + description: | + Number of processes. + - name: process_num + type: long + description: | + Process number. + - name: run_queue + type: long + - name: tasks + type: long + - name: uptime.sec + type: long + description: | + Current uptime in seconds. + - name: memory.max.bytes + type: long + format: bytes + description: | + Maximum amount of memory usage in bytes (the 'Memmax_MB' value converted to bytes). + - name: ulimit_n + type: long + description: | + Maximum number of open files for the process. + - name: compress + type: group + fields: + - name: bps + type: group + fields: + - name: in + type: long + - name: out + type: long + - name: rate_limit + type: long + - name: connection + type: group + fields: + - name: rate + type: group + fields: + - name: value + type: long + - name: limit + type: long + - name: max + type: long + - name: current + type: long + description: | + Current connections. + - name: total + type: long + description: | + Total connections. + - name: ssl.current + type: long + description: | + Current SSL connections. + - name: ssl.total + type: long + description: | + Total SSL connections. + - name: ssl.max + type: long + description: | + Maximum SSL connections. + - name: max + type: long + description: | + Maximum connections. + - name: hard_max + type: long + - name: requests.total + type: long + - name: sockets.max + type: long + - name: requests.max + type: long + - name: pipes + type: group + fields: + - name: used + type: integer + - name: free + type: integer + - name: max + type: integer + - name: session + type: group + fields: + - name: rate.value + type: integer + - name: rate.limit + type: integer + - name: rate.max + type: integer + - name: ssl + type: group + fields: + - name: rate.value + type: integer + - name: rate.limit + type: integer + - name: rate.max + type: integer + - name: frontend + type: group + fields: + - name: key_rate.value + type: integer + - name: key_rate.max + type: integer + - name: session_reuse.pct + type: scaled_float + format: percent + - name: backend + type: group + fields: + - name: key_rate.value + type: integer + - name: key_rate.max + type: integer + description: MaxConnRate + - name: cached_lookups + type: long + - name: cache_misses + type: long + - name: zlib_mem_usage + type: group + fields: + - name: value + type: integer + - name: max + type: integer + - name: idle.pct + type: scaled_float + format: percent diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/package-fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/package-fields.yml new file mode 100644 index 00000000000..4bc6b37626a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/info/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: haproxy + type: group diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/info/manifest.yml b/dev/packages/beats/haproxy/0.0.1/dataset/info/manifest.yml new file mode 100644 index 00000000000..eaebe205bd2 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/info/manifest.yml @@ -0,0 +1,15 @@ +title: HAProxy info metrics +release: experimental +type: metrics +streams: +- input: haproxy/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: HAProxy info metrics + description: Collect HAProxy info metrics diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ed4036fef5b --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/syslog.yml.hbs b/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..871be08e53d --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/agent/stream/syslog.yml.hbs @@ -0,0 +1,4 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/haproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f5c964d6391 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,139 @@ +--- +description: Pipeline for parsing HAProxy http, tcp and default logs. Requires the + geoip plugin. +processors: +- grok: + field: message + patterns: + - '%{HAPROXY_DATE:haproxy.request_date} %{IPORHOST:haproxy.source} %{PROG:process.name}(?:\[%{POSINT:process.pid:long}\])?: + %{GREEDYDATA} %{IPORHOST:source.address}:%{POSINT:source.port:long} %{WORD} + %{IPORHOST:destination.ip}:%{POSINT:destination.port:long} \(%{WORD:haproxy.frontend_name}/%{WORD:haproxy.mode}\)' + - '(%{NOTSPACE:process.name}\[%{NUMBER:process.pid:long}\]: )?%{IP:source.address}:%{NUMBER:source.port:long} + \[%{NOTSPACE:haproxy.request_date}\] %{NOTSPACE:haproxy.frontend_name} %{NOTSPACE:haproxy.backend_name}/%{NOTSPACE:haproxy.server_name} + %{NUMBER:haproxy.http.request.time_wait_ms:long}/%{NUMBER:haproxy.total_waiting_time_ms:long}/%{NUMBER:haproxy.connection_wait_time_ms:long}/%{NUMBER:haproxy.http.request.time_wait_without_data_ms:long}/%{NUMBER:temp.duration:long} + %{NUMBER:http.response.status_code:long} %{NUMBER:haproxy.bytes_read:long} %{NOTSPACE:haproxy.http.request.captured_cookie} + %{NOTSPACE:haproxy.http.response.captured_cookie} %{NOTSPACE:haproxy.termination_state} + %{NUMBER:haproxy.connections.active:long}/%{NUMBER:haproxy.connections.frontend:long}/%{NUMBER:haproxy.connections.backend:long}/%{NUMBER:haproxy.connections.server:long}/%{NUMBER:haproxy.connections.retries:long} + %{NUMBER:haproxy.server_queue:long}/%{NUMBER:haproxy.backend_queue:long} (\{%{DATA:haproxy.http.request.captured_headers}\} + \{%{DATA:haproxy.http.response.captured_headers}\} |\{%{DATA}\} )?"%{GREEDYDATA:haproxy.http.request.raw_request_line}"' + - '(%{NOTSPACE:process.name}\[%{NUMBER:process.pid:long}\]: )?%{IP:source.address}:%{NUMBER:source.port:long} + \[%{NOTSPACE:haproxy.request_date}\] %{NOTSPACE:haproxy.frontend_name}/%{NOTSPACE:haproxy.bind_name} + %{GREEDYDATA:haproxy.error_message}' + - '%{HAPROXY_DATE} %{IPORHOST:haproxy.source} (%{NOTSPACE:process.name}\[%{NUMBER:process.pid:long}\]: + )?%{IP:source.address}:%{NUMBER:source.port:long} \[%{NOTSPACE:haproxy.request_date}\] + %{NOTSPACE:haproxy.frontend_name} %{NOTSPACE:haproxy.backend_name}/%{NOTSPACE:haproxy.server_name} + %{NUMBER:haproxy.total_waiting_time_ms:long}/%{NUMBER:haproxy.connection_wait_time_ms:long}/%{NUMBER:temp.duration:long} + %{NUMBER:haproxy.bytes_read:long} %{NOTSPACE:haproxy.termination_state} %{NUMBER:haproxy.connections.active:long}/%{NUMBER:haproxy.connections.frontend:long}/%{NUMBER:haproxy.connections.backend:long}/%{NUMBER:haproxy.connections.server:long}/%{NUMBER:haproxy.connections.retries:long} + %{NUMBER:haproxy.server_queue:long}/%{NUMBER:haproxy.backend_queue:long}' + ignore_missing: false + pattern_definitions: + HAPROXY_DATE: (%{MONTHDAY}[/-]%{MONTH}[/-]%{YEAR}:%{HOUR}:%{MINUTE}:%{SECOND})|%{SYSLOGTIMESTAMP} +- date: + if: ctx.event.timezone == null + field: haproxy.request_date + target_field: '@timestamp' + formats: + - dd/MMM/yyyy:HH:mm:ss.SSS + - MMM dd HH:mm:ss + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: haproxy.request_date + target_field: '@timestamp' + formats: + - dd/MMM/yyyy:HH:mm:ss.SSS + - MMM dd HH:mm:ss + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: haproxy.request_date +- remove: + field: message +- grok: + field: source.address + ignore_failure: true + patterns: + - ^%{IP:source.ip}$ +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- split: + field: haproxy.http.request.captured_headers + separator: \| + ignore_failure: true +- split: + field: haproxy.http.response.captured_headers + separator: \| + ignore_failure: true +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- convert: + field: haproxy.bytes_read + target_field: http.response.bytes + type: long + if: ctx.containsKey('http') +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- set: + field: event.kind + value: event +- append: + field: event.category + value: web + if: "ctx?.haproxy?.mode == 'HTTP' || ctx?.haproxy?.http != null" +- append: + field: event.category + value: network + if: "ctx?.source.ip != null && ctx?.destination?.ip != null" +- append: + field: event.type + value: connection + if: "ctx?.source.ip != null && ctx?.destination?.ip != null" +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..bc590a17378 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,92 @@ +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: ip + level: core + type: ip + description: IP address of the destination (IPv4 or IPv6). + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. +- name: process + title: Process + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pid + level: core + type: long + format: string + description: Process id. +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 + - name: port + level: core + type: long + format: string + description: Port of the source. diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..d64eba022c8 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,44 @@ +- name: haproxy.http + type: group + fields: + - name: response + type: group + fields: + - name: captured_cookie + type: keyword + description: | + Optional "name=value" entry indicating that the client had this cookie in the response. + - name: captured_headers + type: keyword + description: | + List of headers captured in the response due to the presence of the "capture response header" statement in the frontend. + - name: request + type: group + fields: + - name: captured_cookie + type: keyword + description: | + Optional "name=value" entry indicating that the server has returned a cookie with its request. + - name: captured_headers + type: keyword + description: | + List of headers captured in the request due to the presence of the "capture request header" statement in the frontend. + - name: raw_request_line + type: keyword + description: Complete HTTP request line, including the method, request and HTTP + version string. + - name: time_wait_without_data_ms + type: long + description: Total time in milliseconds spent waiting for the server to send + a full HTTP response, not counting data. + - name: time_wait_ms + type: long + description: Total time in milliseconds spent waiting for a full HTTP request + from the client (not counting body) after the first byte was received. +- name: haproxy.tcp + type: group + fields: + - name: connection_waiting_time_ms + type: long + description: Total time in milliseconds elapsed between the accept and the last + close diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..e6f2b4f29d5 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,83 @@ +- name: haproxy + type: group + fields: + - name: frontend_name + type: keyword + description: Name of the frontend (or listener) which received and processed the + connection. + - name: backend_name + type: keyword + description: Name of the backend (or listener) which was selected to manage the + connection to the server. + - name: server_name + type: keyword + description: Name of the last server to which the connection was sent. + - name: total_waiting_time_ms + type: long + description: Total time in milliseconds spent waiting in the various queues + - name: connection_wait_time_ms + type: long + description: Total time in milliseconds spent waiting for the connection to establish + to the final server + - name: bytes_read + type: long + description: Total number of bytes transmitted to the client when the log is emitted. + - name: time_queue + type: long + description: Total time in milliseconds spent waiting in the various queues. + - name: time_backend_connect + type: long + description: Total time in milliseconds spent waiting for the connection to establish + to the final server, including retries. + - name: server_queue + type: long + description: Total number of requests which were processed before this one in + the server queue. + - name: backend_queue + type: long + description: Total number of requests which were processed before this one in + the backend's global queue. + - name: bind_name + type: keyword + description: Name of the listening address which received the connection. + - name: error_message + type: text + description: Error message logged by HAProxy in case of error. + - name: source + type: keyword + description: The HAProxy source of the log + - name: termination_state + type: keyword + description: Condition the session was in when the session ended. + - name: mode + type: keyword + description: mode that the frontend is operating (TCP or HTTP) + - name: connections + type: group + fields: + - name: active + type: long + description: Total number of concurrent connections on the process when the + session was logged. + - name: frontend + type: long + description: Total number of concurrent connections on the frontend when the + session was logged. + - name: backend + type: long + description: Total number of concurrent connections handled by the backend when + the session was logged. + - name: server + type: long + description: Total number of concurrent connections still active on the server + when the session was logged. + - name: retries + type: long + description: Number of connection retries experienced by this session when trying + to connect to the server. + - name: client + type: group + - name: destination + type: group + - name: geoip + type: group diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/haproxy/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..c094787ce09 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,36 @@ +title: haproxy log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/haproxy.log + template_path: log.yml.hbs + title: haproxy log logs (log) + description: Collect haproxy log logs using log input +- input: syslog + vars: + - name: syslog_host + type: text + title: Syslog Host + multi: false + required: true + show_user: true + default: localhost + - name: syslog_port + type: integer + title: Syslog Port + multi: false + required: true + show_user: true + default: 9001 + template_path: syslog.yml.hbs + title: haproxy log logs (syslog) + description: Collect haproxy log logs using syslog input diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/stat/agent/stream/stream.yml.hbs b/dev/packages/beats/haproxy/0.0.1/dataset/stat/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..55157b13d85 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/stat/agent/stream/stream.yml.hbs @@ -0,0 +1,12 @@ +metricsets: ["stat"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/ecs.yml b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/ecs.yml new file mode 100644 index 00000000000..5263890ef3a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/ecs.yml @@ -0,0 +1,10 @@ +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/fields.yml new file mode 100644 index 00000000000..c34a0bd7971 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/fields.yml @@ -0,0 +1,309 @@ +- name: haproxy.stat + type: group + release: ga + fields: + - name: status + type: keyword + description: | + Status (UP, DOWN, NOLB, MAINT, or MAINT(via)...). + - name: weight + type: long + description: | + Total weight (for backends), or server weight (for servers). + - name: downtime + type: long + description: | + Total downtime (in seconds). For backends, this value is the downtime for the whole backend, not the sum of the downtime for the servers. + - name: component_type + type: integer + description: | + Component type (0=frontend, 1=backend, 2=server, or 3=socket/listener). + - name: service_name + type: keyword + description: | + Service name (FRONTEND for frontend, BACKEND for backend, or any name for server/listener). + - name: in.bytes + type: long + format: bytes + description: | + Bytes in. + - name: out.bytes + type: long + format: bytes + description: | + Bytes out. + - name: last_change + type: integer + description: | + Number of seconds since the last UP->DOWN or DOWN->UP transition. + - name: throttle.pct + type: scaled_float + format: percent + description: | + Current throttle percentage for the server when slowstart is active, or no value if slowstart is inactive. + - name: selected.total + type: long + description: | + Total number of times a server was selected, either for new sessions, or when re-dispatching. For servers, this field reports the the number of times the server was selected. + - name: tracked.id + type: long + description: | + ID of the proxy/server if tracking is enabled. + - name: connection + type: group + fields: + - name: total + type: long + description: | + Cumulative number of connections. + - name: retried + type: long + description: | + Number of times a connection to a server was retried. + - name: time.avg + type: long + description: | + Average connect time in ms over the last 1024 requests. + - name: request + type: group + fields: + - name: denied + type: long + description: | + Requests denied because of security concerns. + + * For TCP this is because of a matched tcp-request content rule. + * For HTTP this is because of a matched http-request or tarpit rule. + - name: queued.current + type: long + description: | + Current queued requests. For backends, this field reports the number of requests queued without a server assigned. + - name: queued.max + type: long + description: | + Maximum value of queued.current. + - name: errors + type: long + description: | + Request errors. Some of the possible causes are: + + * early termination from the client, before the request has been sent + * read error from the client + * client timeout + * client closed connection + * various bad requests from the client. + * request was tarpitted. + - name: redispatched + type: long + description: | + Number of times a request was redispatched to another server. For servers, this field reports the number of times the server was switched away from. + - name: connection.errors + type: long + description: | + Number of requests that encountered an error trying to connect to a server. For backends, this field reports the sum of the stat for all backend servers, plus any connection errors not associated with a particular server (such as the backend having no active servers). + - name: rate + type: group + fields: + - name: value + type: long + description: | + Number of HTTP requests per second over the last elapsed second. + - name: max + type: long + description: | + Maximum number of HTTP requests per second. + - name: total + type: long + description: | + Total number of HTTP requests received. + - name: response + type: group + fields: + - name: errors + type: long + description: | + Number of response errors. This value includes the number of data transfers aborted by the server (haproxy.stat.server.aborted). Some other errors are: + * write errors on the client socket (won't be counted for the server stat) * failure applying filters to the response + - name: time.avg + type: long + description: | + Average response time in ms over the last 1024 requests (0 for TCP). + - name: denied + type: integer + description: | + Responses denied because of security concerns. For HTTP this is because of a matched http-request rule, or "option checkcache". + - name: http + type: group + fields: + - name: 1xx + type: long + description: | + HTTP responses with 1xx code. + - name: 2xx + type: long + description: | + HTTP responses with 2xx code. + - name: 3xx + type: long + description: | + HTTP responses with 3xx code. + - name: 4xx + type: long + description: | + HTTP responses with 4xx code. + - name: 5xx + type: long + description: | + HTTP responses with 5xx code. + - name: other + type: long + description: | + HTTP responses with other codes (protocol error). + - name: session + type: group + fields: + - name: current + type: long + description: | + Number of current sessions. + - name: max + type: long + description: | + Maximum number of sessions. + - name: limit + type: long + description: | + Configured session limit. + - name: rate + type: group + fields: + - name: value + type: integer + description: | + Number of sessions per second over the last elapsed second. + - name: limit + type: integer + description: | + Configured limit on new sessions per second. + - name: max + type: integer + description: | + Maximum number of new sessions per second. + - name: check + type: group + fields: + - name: status + type: keyword + description: | + Status of the last health check. One of: + + UNK -> unknown + INI -> initializing + SOCKERR -> socket error + L4OK -> check passed on layer 4, no upper layers testing enabled + L4TOUT -> layer 1-4 timeout + L4CON -> layer 1-4 connection problem, for example + "Connection refused" (tcp rst) or "No route to host" (icmp) + L6OK -> check passed on layer 6 + L6TOUT -> layer 6 (SSL) timeout + L6RSP -> layer 6 invalid response - protocol error + L7OK -> check passed on layer 7 + L7OKC -> check conditionally passed on layer 7, for example 404 with + disable-on-404 + L7TOUT -> layer 7 (HTTP/SMTP) timeout + L7RSP -> layer 7 invalid response - protocol error + L7STS -> layer 7 response error, for example HTTP 5xx + - name: code + type: long + description: | + Layer 5-7 code, if available. + - name: duration + type: long + description: | + Time in ms that it took to finish the last health check. + - name: health.last + type: keyword + description: | + The result of the last health check. + - name: health.fail + type: long + description: | + Number of failed checks. + - name: agent.last + type: integer + - name: failed + type: long + description: | + Number of checks that failed while the server was up. + - name: down + type: long + description: | + Number of UP->DOWN transitions. For backends, this value is the number of transitions to the whole backend being down, rather than the sum of the transitions for each server. + - name: client.aborted + type: integer + description: | + Number of data transfers aborted by the client. + - name: server + type: group + fields: + - name: id + type: integer + description: | + Server ID (unique inside a proxy). + - name: aborted + type: integer + description: | + Number of data transfers aborted by the server. This value is included in haproxy.stat.response.errors. + - name: active + type: integer + description: | + Number of backend servers that are active, meaning that they are healthy and can receive requests from the load balancer. + - name: backup + type: integer + description: | + Number of backend servers that are backup servers. + - name: compressor + type: group + fields: + - name: in.bytes + type: long + format: bytes + description: | + Number of HTTP response bytes fed to the compressor. + - name: out.bytes + type: integer + format: bytes + description: | + Number of HTTP response bytes emitted by the compressor. + - name: bypassed.bytes + type: long + format: bytes + description: | + Number of bytes that bypassed the HTTP compressor (CPU/BW limit). + - name: response.bytes + type: long + format: bytes + description: | + Number of HTTP responses that were compressed. + - name: proxy + type: group + fields: + - name: id + type: integer + description: | + Unique proxy ID. + - name: name + type: keyword + description: | + Proxy name. + - name: queue + type: group + fields: + - name: limit + type: integer + description: | + Configured queue limit (maxqueue) for the server, or nothing if the value of maxqueue is 0 (meaning no limit). + - name: time.avg + type: integer + description: | + The average queue time in ms over the last 1024 requests. diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/package-fields.yml b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/package-fields.yml new file mode 100644 index 00000000000..4bc6b37626a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/stat/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: haproxy + type: group diff --git a/dev/packages/beats/haproxy/0.0.1/dataset/stat/manifest.yml b/dev/packages/beats/haproxy/0.0.1/dataset/stat/manifest.yml new file mode 100644 index 00000000000..f2fa4a61768 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/dataset/stat/manifest.yml @@ -0,0 +1,15 @@ +title: HAProxy stat metrics +release: experimental +type: metrics +streams: +- input: haproxy/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: HAProxy stat metrics + description: Collect HAProxy stat metrics diff --git a/dev/packages/beats/haproxy/0.0.1/docs/README.md b/dev/packages/beats/haproxy/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/img/kibana-haproxy-overview.png b/dev/packages/beats/haproxy/0.0.1/img/kibana-haproxy-overview.png new file mode 100644 index 00000000000..85a24bf01f3 Binary files /dev/null and b/dev/packages/beats/haproxy/0.0.1/img/kibana-haproxy-overview.png differ diff --git a/dev/packages/beats/haproxy/0.0.1/img/logo_haproxy.svg b/dev/packages/beats/haproxy/0.0.1/img/logo_haproxy.svg new file mode 100644 index 00000000000..f45c35d3434 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/img/logo_haproxy.svg @@ -0,0 +1,197 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..3c77fc0a18e --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "HAProxy HTTP backend metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 12, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] HTTP backend ECS", + "version": 1 + }, + "id": "0836a4b0-47bd-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "a64b4fd0-471c-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "794b6cd0-471d-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bb0ab500-4735-11e8-bc13-1397384faad3-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "40bed190-473b-11e8-bc13-1397384faad3-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0751ed00-479c-11e8-bc13-1397384faad3-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b3463670-47a1-11e8-bc13-1397384faad3-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "981d1040-47be-11e8-bc13-1397384faad3-ecs", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/3560d580-aa34-11e8-9c06-877f0445e3e0-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/3560d580-aa34-11e8-9c06-877f0445e3e0-ecs.json new file mode 100644 index 00000000000..f7b1d1b3582 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/3560d580-aa34-11e8-9c06-877f0445e3e0-ecs.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "Logs HAProxy integration dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs HAProxy] Overview ECS", + "version": 1 + }, + "id": "3560d580-aa34-11e8-9c06-877f0445e3e0-ecs", + "references": [ + { + "id": "55251360-aa32-11e8-9c06-877f0445e3e0-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "7fb671f0-aa32-11e8-9c06-877f0445e3e0-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "11f8b9c0-aa32-11e8-9c06-877f0445e3e0-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "68af8ef0-aa33-11e8-9c06-877f0445e3e0-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/4b555c30-47dd-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/4b555c30-47dd-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..9ba13db4c6a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/4b555c30-47dd-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "description": "HAProxy overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 24, + "i": "2", + "w": 16, + "x": 32, + "y": 8 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "title": "Servers", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 24, + "i": "3", + "w": 16, + "x": 16, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "title": "Backends", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 24, + "i": "4", + "w": 16, + "x": 0, + "y": 8 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "title": "Frontends", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] Overview ECS", + "version": 1 + }, + "id": "4b555c30-47dd-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "79350d50-47db-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8c8f0300-47dc-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f1e27ed0-47dc-11e8-bc13-1397384faad3-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "a64b4fd0-471c-11e8-bc13-1397384faad3-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..9b6ee8b2c6b --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "HAProxy metrics for HTTP mode", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "8", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "10", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "11", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "11", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] HTTP server ECS", + "version": 1 + }, + "id": "8cc50a50-47e0-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "0751ed00-479c-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b3463670-47a1-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "981d1040-47be-11e8-bc13-1397384faad3-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "72e84b00-47e1-11e8-bc13-1397384faad3-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "976b0910-47e4-11e8-bc13-1397384faad3-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/9151c900-471d-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/9151c900-471d-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..830298778b4 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/9151c900-471d-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "HAProxy backend metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 12, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 0, + "y": 8 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] Backend ECS", + "version": 1 + }, + "id": "9151c900-471d-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "a64b4fd0-471c-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "794b6cd0-471d-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bb0ab500-4735-11e8-bc13-1397384faad3-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "40bed190-473b-11e8-bc13-1397384faad3-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0751ed00-479c-11e8-bc13-1397384faad3-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "b3463670-47a1-11e8-bc13-1397384faad3-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/d5878d00-47c5-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/d5878d00-47c5-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..37be16bf193 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/d5878d00-47c5-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "HAProxy frontend metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] Frontend ECS", + "version": 1 + }, + "id": "d5878d00-47c5-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "a64b4fd0-471c-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "86159190-47c5-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..3ae65ed8bd9 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "HAProxy frontend metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics HAProxy] HTTP frontend ECS", + "version": 1 + }, + "id": "e9057ae0-47c5-11e8-bc13-1397384faad3-ecs", + "references": [ + { + "id": "86159190-47c5-11e8-bc13-1397384faad3-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "30956d00-47d7-11e8-bc13-1397384faad3-ecs", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/0751ed00-479c-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/0751ed00-479c-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..55955a993d5 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/0751ed00-479c-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Average connection time [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Percentile", + "line_width": "1", + "metrics": [ + { + "field": "haproxy.stat.connection.time.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "percentiles": [ + { + "id": "9fa517e0-479b-11e8-9590-e34c5ed2dd95", + "mode": "line", + "percentile": "", + "shade": 0.2, + "value": "99" + }, + { + "id": "daafd6e0-479b-11e8-9590-e34c5ed2dd95", + "mode": "line", + "percentile": "", + "shade": 0.2, + "value": "90" + }, + { + "id": "e006b8c0-479b-11e8-9590-e34c5ed2dd95", + "mode": "line", + "percentile": "", + "shade": 0.2, + "value": "50" + } + ], + "type": "percentile" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "haproxy.stat.service_name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy average connection time ECS", + "type": "metrics" + } + }, + "id": "0751ed00-479c-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/11f8b9c0-aa32-11e8-9c06-877f0445e3e0-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/11f8b9c0-aa32-11e8-9c06-877f0445e3e0-ecs.json new file mode 100644 index 00000000000..9800d4982b5 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/11f8b9c0-aa32-11e8-9c06-877f0445e3e0-ecs.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "IP Geohashes [Logs HAProxy] ECS", + "uiStateJSON": { + "mapCenter": [ + 14.944784875088372, + 5.09765625 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "IP Geohashes [Logs HAProxy] ECS", + "type": "tile_map" + } + }, + "id": "11f8b9c0-aa32-11e8-9c06-877f0445e3e0-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/30956d00-47d7-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/30956d00-47d7-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..88ac5625dc7 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/30956d00-47d7-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Requests [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Requests", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.request.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "ad38e2c0-47d6-11e8-994c-81d2daeb7c86", + "type": "derivative", + "unit": "" + }, + { + "field": "ad38e2c0-47d6-11e8-994c-81d2daeb7c86", + "id": "b1ca03a0-47d6-11e8-994c-81d2daeb7c86", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,0,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "c2f30500-47d6-11e8-994c-81d2daeb7c86", + "label": "Request errors", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.request.errors", + "id": "c2f30501-47d6-11e8-994c-81d2daeb7c86", + "type": "max" + }, + { + "field": "c2f30501-47d6-11e8-994c-81d2daeb7c86", + "id": "c2f30502-47d6-11e8-994c-81d2daeb7c86", + "type": "derivative", + "unit": "" + }, + { + "field": "c2f30502-47d6-11e8-994c-81d2daeb7c86", + "id": "c2f30503-47d6-11e8-994c-81d2daeb7c86", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,0,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "11968ce0-47d7-11e8-994c-81d2daeb7c86", + "label": "Denied requests", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.request.denied", + "id": "11968ce1-47d7-11e8-994c-81d2daeb7c86", + "type": "max" + }, + { + "field": "11968ce1-47d7-11e8-994c-81d2daeb7c86", + "id": "11968ce2-47d7-11e8-994c-81d2daeb7c86", + "type": "derivative", + "unit": "" + }, + { + "field": "11968ce2-47d7-11e8-994c-81d2daeb7c86", + "id": "11968ce3-47d7-11e8-994c-81d2daeb7c86", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy requests ECS", + "type": "metrics" + } + }, + "id": "30956d00-47d7-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/40bed190-473b-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/40bed190-473b-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..5c3e79a4d8a --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/40bed190-473b-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Downtime seconds [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "c86b8e00-4739-11e8-8953-55bbe33e1362" + } + ], + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:1" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,0,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Downtime", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.downtime", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "91aa6a20-473a-11e8-8953-55bbe33e1362", + "type": "derivative", + "unit": "" + }, + { + "field": "91aa6a20-473a-11e8-8953-55bbe33e1362", + "id": "a8ce7ca0-473a-11e8-8953-55bbe33e1362", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.proxy.name", + "value_template": "{{value}}s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "HAProxy downtime seconds ECS", + "type": "metrics" + } + }, + "id": "40bed190-473b-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/55251360-aa32-11e8-9c06-877f0445e3e0-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/55251360-aa32-11e8-9c06-877f0445e3e0-ecs.json new file mode 100644 index 00000000000..df5971c75ee --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/55251360-aa32-11e8-9c06-877f0445e3e0-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Backend breakdown [Logs HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "haproxy.backend_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Backend breakdown [Logs HAProxy] ECS", + "type": "pie" + } + }, + "id": "55251360-aa32-11e8-9c06-877f0445e3e0-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/68af8ef0-aa33-11e8-9c06-877f0445e3e0-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/68af8ef0-aa33-11e8-9c06-877f0445e3e0-ecs.json new file mode 100644 index 00000000000..62db5f4518f --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/68af8ef0-aa33-11e8-9c06-877f0445e3e0-ecs.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Response codes over time [Logs HAProxy] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#508642", + "204": "#629E51", + "302": "#6ED0E0", + "404": "#EAB839", + "503": "#705DA0" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_term", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Response codes over time [Logs HAProxy] ECS", + "type": "histogram" + } + }, + "id": "68af8ef0-aa33-11e8-9c06-877f0445e3e0-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/72e84b00-47e1-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/72e84b00-47e1-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..7ef6a24f6f3 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/72e84b00-47e1-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Number of server connections [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:(2 OR 3)" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of connections", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "22668d40-47e1-11e8-96ee-d767c73d008a", + "type": "derivative", + "unit": "" + }, + { + "field": "22668d40-47e1-11e8-96ee-d767c73d008a", + "id": "2a1d0a00-47e1-11e8-96ee-d767c73d008a", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.service_name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy number of server connections ECS", + "type": "metrics" + } + }, + "id": "72e84b00-47e1-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/79350d50-47db-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/79350d50-47db-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..3975abdb326 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/79350d50-47db-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Servers per connection [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "50830800-47d9-11e8-9db9-274c7a5e25e4" + } + ], + "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.service_name:\"{{ key }}\"'))", + "filter": "", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "metrics-*", + "interval": "auto", + "markdown": "{{#each _all}}\n{{ label }}\n\n{{/each}}", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:(2 OR 3)" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Servers", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.service_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "20", + "var_name": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "HAProxy servers per connection ECS", + "type": "metrics" + } + }, + "id": "79350d50-47db-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/794b6cd0-471d-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/794b6cd0-471d-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..285e83270cd --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/794b6cd0-471d-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,133 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Active servers in backend [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "color": "rgba(255,0,6,1)", + "id": "1ec0dde0-471d-11e8-9876-09cc6c85f5f2", + "operator": "lte", + "value": 0 + } + ], + "bar_color_rules": [ + { + "id": "297160c0-471d-11e8-9876-09cc6c85f5f2" + } + ], + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:(2 OR 3)" + }, + "gauge_color_rules": [ + { + "gauge": "rgba(255,0,5,1)", + "id": "4ce156a0-471d-11e8-9876-09cc6c85f5f2", + "operator": "lte", + "text": null, + "value": 0 + }, + { + "gauge": "rgba(255,196,0,1)", + "id": "f8458a80-4721-11e8-b854-2f6d2b452362", + "operator": "lte", + "value": 0.5 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "haproxy.stat.status:UP" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Active servers", + "line_width": 1, + "metrics": [ + { + "denominator": "*", + "field": "haproxy.stat.server.id", + "id": "b754d060-471e-11e8-9876-09cc6c85f5f2", + "metric_agg": "count", + "numerator": "*", + "script": "params.up / (params.down + params.up)", + "type": "cardinality", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "cfd51780-471e-11e8-9d35-6baabcdce3dc", + "name": "down" + }, + { + "field": "a049c420-471e-11e8-9876-09cc6c85f5f2", + "id": "45e6ec00-471f-11e8-9d35-6baabcdce3dc", + "name": "up" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "haproxy.stat.proxy.name" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2cba9420-4724-11e8-b854-2f6d2b452362", + "label": "Total servers", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.server.id", + "id": "2cba9421-4724-11e8-b854-2f6d2b452362", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "HAProxy active servers in backend ECS", + "type": "metrics" + } + }, + "id": "794b6cd0-471d-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/7fb671f0-aa32-11e8-9c06-877f0445e3e0-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/7fb671f0-aa32-11e8-9c06-877f0445e3e0-ecs.json new file mode 100644 index 00000000000..0fc3000fffa --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/7fb671f0-aa32-11e8-9c06-877f0445e3e0-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Frontend breakdown [Logs HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "haproxy.frontend_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Frontend breakdown [Logs HAProxy] ECS", + "type": "pie" + } + }, + "id": "7fb671f0-aa32-11e8-9c06-877f0445e3e0-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/86159190-47c5-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/86159190-47c5-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..2a1e658d67b --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/86159190-47c5-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Traffic volume [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Incoming", + "line_width": "1", + "metrics": [ + { + "field": "haproxy.stat.in.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "9814c420-47c4-11e8-994c-81d2daeb7c86", + "type": "derivative", + "unit": "" + } + ], + "point_size": "1", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(25,77,51,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "c89d1520-47c4-11e8-994c-81d2daeb7c86", + "label": "Outgoing", + "line_width": "1", + "metrics": [ + { + "field": "haproxy.stat.out.bytes", + "id": "c89d6340-47c4-11e8-994c-81d2daeb7c86", + "type": "sum" + }, + { + "field": "c89d6340-47c4-11e8-994c-81d2daeb7c86", + "id": "c89d6341-47c4-11e8-994c-81d2daeb7c86", + "type": "derivative", + "unit": "" + } + ], + "override_index_pattern": 0, + "point_size": "1", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy traffic volume ECS", + "type": "metrics" + } + }, + "id": "86159190-47c5-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/8c8f0300-47dc-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/8c8f0300-47dc-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..10fd57560ee --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/8c8f0300-47dc-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Backends per connection [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "4aeddd40-47dc-11e8-9db9-274c7a5e25e4" + } + ], + "drilldown_url": "../app/kibana#/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:1" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Backends", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.proxy.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "20" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "HAProxy backends per connection ECS", + "type": "metrics" + } + }, + "id": "8c8f0300-47dc-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/976b0910-47e4-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/976b0910-47e4-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..b68a57601c6 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/976b0910-47e4-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Healthcheck [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,0,4,1)", + "fill": 0.5, + "formatter": "number", + "id": "198f56e0-47e4-11e8-b45e-f10c3845381c", + "label": "Down", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.downtime", + "id": "198f56e1-47e4-11e8-b45e-f10c3845381c", + "type": "sum" + }, + { + "field": "198f56e1-47e4-11e8-b45e-f10c3845381c", + "id": "dbf38560-47e6-11e8-b45e-f10c3845381c", + "sigma": "", + "type": "derivative", + "unit": "" + }, + { + "field": "dbf38560-47e6-11e8-b45e-f10c3845381c", + "id": "62274b80-47e7-11e8-b45e-f10c3845381c", + "type": "positive_only", + "unit": "" + }, + { + "id": "7b7a7300-47e7-11e8-b45e-f10c3845381c", + "script": "(params.down \u003e 0) ? 1 : 0", + "type": "calculation", + "variables": [ + { + "field": "62274b80-47e7-11e8-b45e-f10c3845381c", + "id": "7e577b40-47e7-11e8-b45e-f10c3845381c", + "name": "down" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,218,0,1)", + "fill": 0.5, + "formatter": "ms,ms,0", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Duration (ms)", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.check.duration", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy healthcheck ECS", + "type": "metrics" + } + }, + "id": "976b0910-47e4-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/981d1040-47be-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/981d1040-47be-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..945e92ed002 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/981d1040-47be-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Average response time [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "ms,ms,0", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average response time", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.time.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy average response time ECS", + "type": "metrics" + } + }, + "id": "981d1040-47be-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/a64b4fd0-471c-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/a64b4fd0-471c-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..73e7a7f1a95 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/a64b4fd0-471c-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Connections [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "4e35d500-471b-11e8-a520-3f46123ab5eb" + } + ], + "bar_color_rules": [ + { + "id": "69899960-4719-11e8-a520-3f46123ab5eb" + } + ], + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:(0 OR 1)" + }, + "gauge_color_rules": [ + { + "id": "6f171ba0-4719-11e8-a520-3f46123ab5eb" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Number of connections", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "41ff3940-4719-11e8-a520-3f46123ab5eb", + "type": "derivative", + "unit": "" + }, + { + "field": "41ff3940-4719-11e8-a520-3f46123ab5eb", + "id": "456a5fa0-4738-11e8-8633-8f8b3acf1566", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "rainbow", + "split_filters": [ + { + "color": "#68BC00", + "id": "0ceb7740-471a-11e8-a520-3f46123ab5eb" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.proxy.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy connections ECS", + "type": "metrics" + } + }, + "id": "a64b4fd0-471c-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/b3463670-47a1-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/b3463670-47a1-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..d356a75c4af --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/b3463670-47a1-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,54 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Average time in queue [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average time in queue", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.queue.time.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy average time in queue ECS", + "type": "metrics" + } + }, + "id": "b3463670-47a1-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/bb0ab500-4735-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/bb0ab500-4735-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..fdafb3b0f84 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/bb0ab500-4735-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Connections per server [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "978f2660-4735-11e8-b619-8f82b8185e96" + } + ], + "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.service_name:\"{{ key }}\"'))", + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:(2 OR 3)" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Connections per server", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3ea29000-4735-11e8-b619-8f82b8185e96", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.service_name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "HAProxy connections per server ECS", + "type": "metrics" + } + }, + "id": "bb0ab500-4735-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/f1e27ed0-47dc-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/f1e27ed0-47dc-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..70848cec74c --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/f1e27ed0-47dc-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Frontends per connection [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "b81d8640-47dc-11e8-9a25-99b107967d82" + } + ], + "drilldown_url": "../app/kibana#/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "haproxy.stat.component_type:0" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Frontends", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.connection.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "haproxy.stat.proxy.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "20" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "HAProxy frontends per connection ECS", + "type": "metrics" + } + }, + "id": "f1e27ed0-47dc-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/kibana/visualization/fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs.json b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs.json new file mode 100644 index 00000000000..33e6aa77708 --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/kibana/visualization/fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs.json @@ -0,0 +1,206 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "HTTP response codes [Metrics HAProxy] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "200s", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.http.2xx", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "973a6de0-47bd-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + }, + { + "field": "973a6de0-47bd-11e8-b7ab-dff70b15977c", + "id": "4971d580-47e5-11e8-b45e-f10c3845381c", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(64,240,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "aafd05e0-47bd-11e8-b7ab-dff70b15977c", + "label": "300s", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.http.3xx", + "id": "aafd05e1-47bd-11e8-b7ab-dff70b15977c", + "type": "sum" + }, + { + "field": "aafd05e1-47bd-11e8-b7ab-dff70b15977c", + "id": "aafd05e2-47bd-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,246,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "c77191a0-47bd-11e8-b7ab-dff70b15977c", + "label": "400s", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.http.4xx", + "id": "c77191a1-47bd-11e8-b7ab-dff70b15977c", + "type": "sum" + }, + { + "field": "c77191a1-47bd-11e8-b7ab-dff70b15977c", + "id": "c77191a2-47bd-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(255,0,4,1)", + "fill": 0.5, + "formatter": "number", + "id": "d574e900-47bd-11e8-b7ab-dff70b15977c", + "label": "500s", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.http.5xx", + "id": "d574e901-47bd-11e8-b7ab-dff70b15977c", + "type": "sum" + }, + { + "field": "d574e901-47bd-11e8-b7ab-dff70b15977c", + "id": "d5753720-47bd-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,251,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "e3b8a4c0-47bd-11e8-b7ab-dff70b15977c", + "label": "Other", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.http.other", + "id": "e3b8a4c1-47bd-11e8-b7ab-dff70b15977c", + "type": "sum" + }, + { + "field": "e3b8a4c1-47bd-11e8-b7ab-dff70b15977c", + "id": "e3b8a4c2-47bd-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(15,20,25,1)", + "fill": 0.5, + "formatter": "number", + "id": "f9217d40-47be-11e8-b7ab-dff70b15977c", + "label": "Response errors", + "line_width": 1, + "metrics": [ + { + "field": "haproxy.stat.response.errors", + "id": "f9217d41-47be-11e8-b7ab-dff70b15977c", + "type": "sum" + }, + { + "field": "f9217d41-47be-11e8-b7ab-dff70b15977c", + "id": "1b7d4400-47bf-11e8-b7ab-dff70b15977c", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HAProxy HTTP response codes ECS", + "type": "metrics" + } + }, + "id": "fcbdfa60-47bd-11e8-bc13-1397384faad3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/haproxy/0.0.1/manifest.yml b/dev/packages/beats/haproxy/0.0.1/manifest.yml new file mode 100644 index 00000000000..28e0017025d --- /dev/null +++ b/dev/packages/beats/haproxy/0.0.1/manifest.yml @@ -0,0 +1,61 @@ +format_version: 1.0.0 +name: haproxy +title: HAProxy +version: 0.0.1 +license: basic +description: HAProxy Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-haproxy-overview.png + title: kibana haproxy overview + size: 1725x780 + type: image/png +icons: +- src: /img/logo_haproxy.svg + title: logo haproxy + size: 32x32 + type: image/svg+xml +datasources: +- name: haproxy + title: HAProxy logs and metrics + description: Collect logs and metrics from HAProxy instances + inputs: + - type: logs + title: Collect logs from HAProxy instances + description: Collecting HAProxy log logs + - type: haproxy/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - tcp://127.0.0.1:14567 + - name: password + type: password + title: Password + multi: false + required: true + show_user: true + default: admin + - name: username + type: text + title: Username + multi: false + required: true + show_user: true + default: admin + title: Collect metrics from HAProxy instances + description: Collecting HAProxy info and stat metrics diff --git a/dev/packages/beats/http/0.0.1/dataset/json/agent/stream/stream.yml.hbs b/dev/packages/beats/http/0.0.1/dataset/json/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..afe1e9e34eb --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/json/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["json"] diff --git a/dev/packages/beats/http/0.0.1/dataset/json/fields/fields.yml b/dev/packages/beats/http/0.0.1/dataset/json/fields/fields.yml new file mode 100644 index 00000000000..92b5fbbffd6 --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/json/fields/fields.yml @@ -0,0 +1,3 @@ +- name: http.json + type: group + release: ga diff --git a/dev/packages/beats/http/0.0.1/dataset/json/fields/package-fields.yml b/dev/packages/beats/http/0.0.1/dataset/json/fields/package-fields.yml new file mode 100644 index 00000000000..38e8cebe9ac --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/json/fields/package-fields.yml @@ -0,0 +1,25 @@ +- name: http + type: group + fields: + - name: request + type: group + fields: + - name: headers + type: object + description: | + The HTTP headers sent + - name: response + type: group + fields: + - name: headers + type: object + description: | + The HTTP headers received + - name: code + type: keyword + description: | + The HTTP status code + - name: phrase + type: keyword + description: | + The HTTP status phrase diff --git a/dev/packages/beats/http/0.0.1/dataset/json/manifest.yml b/dev/packages/beats/http/0.0.1/dataset/json/manifest.yml new file mode 100644 index 00000000000..865c986190f --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/json/manifest.yml @@ -0,0 +1,7 @@ +title: HTTP json metrics +release: experimental +type: metrics +streams: +- input: http/metrics + title: HTTP json metrics + description: Collect HTTP json metrics diff --git a/dev/packages/beats/http/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/http/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..927804223ae --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["server"] diff --git a/dev/packages/beats/http/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/http/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..da412b4d7bc --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,3 @@ +- name: http.server + type: group + release: ga diff --git a/dev/packages/beats/http/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/http/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..38e8cebe9ac --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,25 @@ +- name: http + type: group + fields: + - name: request + type: group + fields: + - name: headers + type: object + description: | + The HTTP headers sent + - name: response + type: group + fields: + - name: headers + type: object + description: | + The HTTP headers received + - name: code + type: keyword + description: | + The HTTP status code + - name: phrase + type: keyword + description: | + The HTTP status phrase diff --git a/dev/packages/beats/http/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/http/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..a0173e4f85f --- /dev/null +++ b/dev/packages/beats/http/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,7 @@ +title: HTTP server metrics +release: experimental +type: metrics +streams: +- input: http/metrics + title: HTTP server metrics + description: Collect HTTP server metrics diff --git a/dev/packages/beats/http/0.0.1/docs/README.md b/dev/packages/beats/http/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/http/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/http/0.0.1/manifest.yml b/dev/packages/beats/http/0.0.1/manifest.yml new file mode 100644 index 00000000000..404771d31c5 --- /dev/null +++ b/dev/packages/beats/http/0.0.1/manifest.yml @@ -0,0 +1,22 @@ +format_version: 1.0.0 +name: http +title: HTTP +version: 0.0.1 +license: basic +description: HTTP Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: http + title: HTTP metrics + description: Collect metrics from HTTP instances + inputs: + - type: http/metrics + title: Collect metrics from HTTP instances + description: Collecting HTTP json and server metrics diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/agent/stream/log.yml.hbs b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..8d26a70ed41 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/agent/stream/log.yml.hbs @@ -0,0 +1,9 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: "^[\\-]{5}.*[\\-]{10,}$" + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..43e691ff79f --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,77 @@ +--- +description: Pipeline for parsing MQ error logs. +processors: +- gsub: + field: message + pattern: ^[\-]{5}[a-z0-9\. :]*[\-]{5,} + replacement: "" +- gsub: + field: message + pattern: |2+ + + replacement: ' ' +- gsub: + field: message + pattern: '[ ]{2,}' + replacement: ' ' +- trim: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{DATA:log_timestamp} - +- grok: + field: message + patterns: + - 'Process\(%{DATA:process.pid}\) User\(%{WORD:user.name}\) Program\(%{DATA:process.title}\) + Host\(%{DATA:host.hostname}\) Installation\(%{WORD:ibmmq.errorlog.installation}\) + VRMF\(%{DATA:service.version}\)( QMgr\(%{DATA:ibmmq.errorlog.qmgr}\))?( Time\(%{TIMESTAMP_ISO8601:@timestamp}\))?( + RemoteHost\(%{DATA:destination.address}\))?( ArithInsert1\(%{DATA:ibmmq.errorlog.arithinsert1}\))?( + ArithInsert2\(%{DATA:ibmmq.errorlog.arithinsert2}\))?( CommentInsert1\(%{DATA:ibmmq.errorlog.commentinsert1}\))?( + CommentInsert2\(%{DATA:ibmmq.errorlog.commentinsert2}\))?( CommentInsert3\(%{DATA:ibmmq.errorlog.commentinsert3}\))? + (?=AMQ[0-9]{4})%{DATA:ibmmq.errorlog.code}((?<=AMQ[0-9]{4}[A-Z])%{DATA:log.level})?: + %{DATA:ibmmq.errorlog.errordescription} [^\ ]+:( %{DATA:ibmmq.errorlog.explanation})? + [^\ ]+:( %{DATA:ibmmq.errorlog.action})?$' +- date: + field: log_timestamp + target_field: '@timestamp' + formats: + - MM/dd/yyyy hh:mm:ss aa + - dd/MM/yyyy HH:mm:ss + ignore_failure: true +- append: + field: ibmmq.errorlog.commentinsert + value: + - '{{ibmmq.errorlog.commentinsert1}}' + - '{{ibmmq.errorlog.commentinsert2}}' + - '{{ibmmq.errorlog.commentinsert3}}' + ignore_failure: true +- append: + field: ibmmq.errorlog.arithinsert + value: + - '{{ibmmq.errorlog.arithinsert1}}' + - '{{ibmmq.errorlog.arithinsert2}}' + ignore_failure: true +- remove: + field: + - log_timestamp + - message + - ibmmq.errorlog.arithinsert1 + - ibmmq.errorlog.arithinsert2 + - ibmmq.errorlog.commentinsert1 + - ibmmq.errorlog.commentinsert2 + - ibmmq.errorlog.commentinsert3 + ignore_missing: true +- rename: + field: ibmmq.errorlog.errordescription + target_field: message +- set: + field: event.kind + value: event +on_failure: +- set: + field: error.message + value: 'pipeline-entry: {{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/fields.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/fields.yml new file mode 100644 index 00000000000..c8ae1727f93 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/fields.yml @@ -0,0 +1,30 @@ +- name: ibmmq.errorlog + type: group + fields: + - name: installation + type: keyword + description: | + This is the installation name which can be given at installation time. + Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. + - name: qmgr + type: keyword + description: | + Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. + - name: arithinsert + type: keyword + description: Changing content based on error.id + - name: commentinsert + type: keyword + description: Changing content based on error.id + - name: errordescription + type: text + description: Please add description + - name: explanation + type: keyword + description: Explaines the error in more detail + - name: action + type: keyword + description: Defines what to do when the error occurs + - name: code + type: keyword + description: Error code. diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/package-fields.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/package-fields.yml new file mode 100644 index 00000000000..1f2b749a8f8 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ibmmq + type: group diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/manifest.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/manifest.yml new file mode 100644 index 00000000000..0ae85c08777 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/errorlog/manifest.yml @@ -0,0 +1,23 @@ +title: ibmmq errorlog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/mqm/*.LOG* + - /var/mqm/qmgrs/*/*.LOG* + os: + windows: + default: + - C:\ProgramData\IBM\MQ\errors\*.LOG* + - C:\ProgramData\IBM\MQ\qmgrs\*\errors\*.LOG* + template_path: log.yml.hbs + title: ibmmq errorlog logs (log) + description: Collect ibmmq errorlog logs using log input diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/agent/stream/stream.yml.hbs b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..924a6bd5128 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["qmgr"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if metrics_path}} +metrics_path: {{metrics_path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/fields.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/fields.yml new file mode 100644 index 00000000000..871a44440ce --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/fields.yml @@ -0,0 +1,3 @@ +- name: ibmmq. + type: keyword + release: beta diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/package-fields.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/package-fields.yml new file mode 100644 index 00000000000..1f2b749a8f8 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: ibmmq + type: group diff --git a/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/manifest.yml b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/manifest.yml new file mode 100644 index 00000000000..bc7e6249670 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/dataset/qmgr/manifest.yml @@ -0,0 +1,15 @@ +title: IBM MQ qmgr metrics +release: experimental +type: metrics +streams: +- input: ibmmq/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: IBM MQ qmgr metrics + description: Collect IBM MQ qmgr metrics diff --git a/dev/packages/beats/ibmmq/0.0.1/docs/README.md b/dev/packages/beats/ibmmq/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/img/filebeat-ibmmq.png b/dev/packages/beats/ibmmq/0.0.1/img/filebeat-ibmmq.png new file mode 100644 index 00000000000..100a8b6ae36 Binary files /dev/null and b/dev/packages/beats/ibmmq/0.0.1/img/filebeat-ibmmq.png differ diff --git a/dev/packages/beats/ibmmq/0.0.1/img/ibmmq.svg b/dev/packages/beats/ibmmq/0.0.1/img/ibmmq.svg new file mode 100644 index 00000000000..396d5a67a20 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/img/ibmmq.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-calls.png b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-calls.png new file mode 100644 index 00000000000..27e09c4c6ea Binary files /dev/null and b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-calls.png differ diff --git a/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-messages.png b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-messages.png new file mode 100644 index 00000000000..b20360674ae Binary files /dev/null and b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-messages.png differ diff --git a/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-subscriptions.png b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-subscriptions.png new file mode 100644 index 00000000000..44c8f14a900 Binary files /dev/null and b/dev/packages/beats/ibmmq/0.0.1/img/metricbeat-ibmmq-subscriptions.png differ diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/8f788c70-36c9-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/8f788c70-36c9-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..af91de3f456 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/8f788c70-36c9-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,154 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing IBM MQ subscriptions. Metrics show statistics of actions performed on durable and non-durable subscriptions, collected by a queue manager.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "e17294e6-0911-47dc-b28b-de87507924b5", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "e17294e6-0911-47dc-b28b-de87507924b5", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "040d5750-fa77-45c6-82c1-26fc6f3859a6", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "040d5750-fa77-45c6-82c1-26fc6f3859a6", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "fe5933aa-17b4-455e-8ab4-88d1f50ba73a", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "fe5933aa-17b4-455e-8ab4-88d1f50ba73a", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "87a5c31a-6456-4839-a9ec-24802f51889d", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "87a5c31a-6456-4839-a9ec-24802f51889d", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1af1ab03-5cfd-4495-9d50-7dd77f43f1a4", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "1af1ab03-5cfd-4495-9d50-7dd77f43f1a4", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "a9a53a87-592f-480f-997d-73fcb1843167", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "a9a53a87-592f-480f-997d-73fcb1843167", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "38525462-b0f6-4cc9-a052-6e5f66f1cba3", + "w": 16, + "x": 0, + "y": 24 + }, + "panelIndex": "38525462-b0f6-4cc9-a052-6e5f66f1cba3", + "panelRefName": "panel_6", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics IBM MQ] Subscriptions Overview", + "version": 1 + }, + "id": "8f788c70-36c9-11ea-9f7a-097fe7ab3ddd", + "references": [ + { + "id": "b455bc00-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "bdf17380-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "9939e270-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "89984460-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "908afbf0-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d8dbdcd0-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "3901ed30-36cb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/ba1d8830-7c7b-11e9-9645-e37efaf5baff.json b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/ba1d8830-7c7b-11e9-9645-e37efaf5baff.json new file mode 100644 index 00000000000..0dcb5f8ea56 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/ba1d8830-7c7b-11e9-9645-e37efaf5baff.json @@ -0,0 +1,179 @@ +{ + "attributes": { + "description": "Overview of IBM MQ", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "1", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "6", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "6", + "panelRefName": "panel_1", + "title": "Top 5 Errors [Logs IBM MQ]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "8", + "w": 13, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 27, + "i": "9", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "9", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "10", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "10", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "11", + "w": 7, + "x": 13, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "12", + "w": 7, + "x": 20, + "y": 0 + }, + "panelIndex": "12", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "13", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "13", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-2M", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs IBM MQ] Overview of error log overview", + "version": 1 + }, + "id": "ba1d8830-7c7b-11e9-9645-e37efaf5baff", + "references": [ + { + "id": "4b2794c0-d901-11e8-aa1c-3fc8e6195a8e", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b6308f30-7c7e-11e9-9645-e37efaf5baff", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bf8e5de0-7c7f-11e9-9645-e37efaf5baff", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "panel_3", + "type": "search" + }, + { + "id": "df35c4b0-adf0-11e9-8358-1517661d7c84", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "3ff778d0-adf0-11e9-8358-1517661d7c84", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "57eae940-adf0-11e9-8358-1517661d7c84", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "845fca50-adef-11e9-8358-1517661d7c84", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/d2112e90-36ea-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/d2112e90-36ea-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..cfc5586043e --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/d2112e90-36ea-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,244 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing IBM MQ persistent and non-persistent messages. Metric data are collected by a queue manager.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "31635dc4-663e-4ad1-adae-eb96687c7810", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "31635dc4-663e-4ad1-adae-eb96687c7810", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5452998b-5149-4ac6-93df-b3fccab74f58", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "5452998b-5149-4ac6-93df-b3fccab74f58", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "0e58849b-8742-4ed4-aae2-33ca19553ac2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "0e58849b-8742-4ed4-aae2-33ca19553ac2", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "45cd1f23-ef32-4785-b8c0-dcd4cf4c0c1f", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "45cd1f23-ef32-4785-b8c0-dcd4cf4c0c1f", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2fbdb686-f624-4b2d-a26d-4e7f70e8d902", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "2fbdb686-f624-4b2d-a26d-4e7f70e8d902", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "355b12f6-56cb-4b8c-8498-b379d3e7d8b0", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "355b12f6-56cb-4b8c-8498-b379d3e7d8b0", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "c1eed75c-610c-4741-b384-de866f30b79b", + "w": 16, + "x": 0, + "y": 24 + }, + "panelIndex": "c1eed75c-610c-4741-b384-de866f30b79b", + "panelRefName": "panel_6", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "78bd7680-0f3f-4d3f-994b-eeb58ef0a340", + "w": 16, + "x": 16, + "y": 24 + }, + "panelIndex": "78bd7680-0f3f-4d3f-994b-eeb58ef0a340", + "panelRefName": "panel_7", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6edef0c3-4c5f-4d0a-8e58-076cb5249ca2", + "w": 16, + "x": 32, + "y": 24 + }, + "panelIndex": "6edef0c3-4c5f-4d0a-8e58-076cb5249ca2", + "panelRefName": "panel_8", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "0ecb7983-d4f9-453d-ade4-d02dfa6b6c72", + "w": 16, + "x": 0, + "y": 36 + }, + "panelIndex": "0ecb7983-d4f9-453d-ade4-d02dfa6b6c72", + "panelRefName": "panel_9", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1c8071e7-c89a-45b1-aae6-31471939b73c", + "w": 16, + "x": 32, + "y": 36 + }, + "panelIndex": "1c8071e7-c89a-45b1-aae6-31471939b73c", + "panelRefName": "panel_10", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "e27955d6-ce96-48b9-b9d0-04f4d61a757f", + "w": 16, + "x": 16, + "y": 36 + }, + "panelIndex": "e27955d6-ce96-48b9-b9d0-04f4d61a757f", + "panelRefName": "panel_11", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics IBM MQ] Messages Overview", + "version": 1 + }, + "id": "d2112e90-36ea-11ea-9f7a-097fe7ab3ddd", + "references": [ + { + "id": "49abed00-36eb-11ea-9f7a-097fe7ab3ddd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0abb72e0-36ec-11ea-9f7a-097fe7ab3ddd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "195b5860-36ec-11ea-9f7a-097fe7ab3ddd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "60b5a440-36ec-11ea-9f7a-097fe7ab3ddd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e98d7660-36ee-11ea-9f7a-097fe7ab3ddd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d82919b0-36ee-11ea-9f7a-097fe7ab3ddd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "23c5f140-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "3ed28890-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "58abd000-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "67eeac40-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "96d27500-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "855debb0-36ef-11ea-9f7a-097fe7ab3ddd", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/fc5512c0-36d1-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/fc5512c0-36d1-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..9a3ec1df8af --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/dashboard/fc5512c0-36d1-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,226 @@ +{ + "attributes": { + "description": "The dashboard presents metric data describing IBM MQ calls, collected by a queue manager.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "68140594-23bf-4e1e-a062-19b21e557e1a", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "68140594-23bf-4e1e-a062-19b21e557e1a", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2bb94f86-2fa8-4e3e-b91d-9838a29b9674", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "2bb94f86-2fa8-4e3e-b91d-9838a29b9674", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "0b68733f-6f86-4686-9580-1354f5d6bc4d", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "0b68733f-6f86-4686-9580-1354f5d6bc4d", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "0423a3f2-8f1f-4402-842b-9423008ac5c1", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "0423a3f2-8f1f-4402-842b-9423008ac5c1", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6936c053-8168-4eb9-9964-fc0e892b9130", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "6936c053-8168-4eb9-9964-fc0e892b9130", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "084602cd-6b17-4f8f-97a8-c33ac2bafb14", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "084602cd-6b17-4f8f-97a8-c33ac2bafb14", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "50a75e9d-e345-45c7-93fb-54e29d0863f2", + "w": 16, + "x": 0, + "y": 24 + }, + "panelIndex": "50a75e9d-e345-45c7-93fb-54e29d0863f2", + "panelRefName": "panel_6", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9cae147d-66d9-4bff-b916-f3b82adc07be", + "w": 16, + "x": 16, + "y": 24 + }, + "panelIndex": "9cae147d-66d9-4bff-b916-f3b82adc07be", + "panelRefName": "panel_7", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "fc84cd97-80a9-406d-ab2b-c1d9ce5dca72", + "w": 16, + "x": 32, + "y": 24 + }, + "panelIndex": "fc84cd97-80a9-406d-ab2b-c1d9ce5dca72", + "panelRefName": "panel_8", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "d8c19a6d-a25b-4950-9ef4-6a15a894f725", + "w": 16, + "x": 0, + "y": 36 + }, + "panelIndex": "d8c19a6d-a25b-4950-9ef4-6a15a894f725", + "panelRefName": "panel_9", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "d76eb9f9-2198-475b-a058-7204244d5597", + "w": 16, + "x": 16, + "y": 36 + }, + "panelIndex": "d76eb9f9-2198-475b-a058-7204244d5597", + "panelRefName": "panel_10", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics IBM MQ] Calls Overview", + "version": 1 + }, + "id": "fc5512c0-36d1-11ea-9f7a-097fe7ab3ddd", + "references": [ + { + "id": "07262080-36d3-11ea-9f7a-097fe7ab3ddd", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1dba2700-36de-11ea-9f7a-097fe7ab3ddd", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "2fcbdab0-36de-11ea-9f7a-097fe7ab3ddd", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d781db00-36df-11ea-9f7a-097fe7ab3ddd", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "aa90ec20-36e0-11ea-9f7a-097fe7ab3ddd", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "56b63f60-36e0-11ea-9f7a-097fe7ab3ddd", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "74874de0-36e0-11ea-9f7a-097fe7ab3ddd", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "92bf3480-36e0-11ea-9f7a-097fe7ab3ddd", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c4be1ff0-36e0-11ea-9f7a-097fe7ab3ddd", + "name": "panel_10", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/search/82db7ba0-adec-11e9-8358-1517661d7c84.json b/dev/packages/beats/ibmmq/0.0.1/kibana/search/82db7ba0-adec-11e9-8358-1517661d7c84.json new file mode 100644 index 00000000000..b2e72496331 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/search/82db7ba0-adec-11e9-8358-1517661d7c84.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "columns": [ + "@timestamp", + "message", + "ibmmq.errorlog.explanation", + "ibmmq.errorlog.action" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"ibmmq.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "ibmmq." + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Errorlogs [Logs IBM MQ]", + "version": 1 + }, + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/07262080-36d3-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/07262080-36d3-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..ca5921c8a6e --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/07262080-36d3-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQCB calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqcb_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqcb_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQCB calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "07262080-36d3-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/0abb72e0-36ec-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/0abb72e0-36ec-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..b642833c2b6 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/0abb72e0-36ec-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Expired messages [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_expired_message_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Expired messages [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "0abb72e0-36ec-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/195b5860-36ec-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/195b5860-36ec-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..ad3f4a901f8 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/195b5860-36ec-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Purged queue [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_purged_queue_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Purged queue [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "195b5860-36ec-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/1dba2700-36de-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/1dba2700-36de-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..4b2da1ca46e --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/1dba2700-36de-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQCLOSE calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqclose_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqclose_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQCLOSE calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "1dba2700-36de-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/23c5f140-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/23c5f140-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..0fa49e71c2b --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/23c5f140-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Non-persistent message browse count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_persistent_message_browse_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Non-persistent message browse count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "23c5f140-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/2fcbdab0-36de-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/2fcbdab0-36de-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..b4799265643 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/2fcbdab0-36de-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQCONN/MQCONNX calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqconn_mqconnx_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqconn_mqconnx_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQCONN/MQCONNX calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "2fcbdab0-36de-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3901ed30-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3901ed30-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..9e211f33a8e --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3901ed30-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Alter durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_durable_subscription_alter_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Alter durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "3901ed30-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ed28890-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ed28890-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..e1ac08f4505 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ed28890-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Non-persistent message destructive get count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_persistent_message_destructive_get_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Non-persistent message destructive get count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "3ed28890-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ff778d0-adf0-11e9-8358-1517661d7c84.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ff778d0-adf0-11e9-8358-1517661d7c84.json new file mode 100644 index 00000000000..76fe083f745 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/3ff778d0-adf0-11e9-8358-1517661d7c84.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Different error codes [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Different error codes", + "field": "ibmmq.errorlog.code" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Different error codes [Logs IBM MQ]", + "type": "metric" + } + }, + "id": "3ff778d0-adf0-11e9-8358-1517661d7c84", + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/49abed00-36eb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/49abed00-36eb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..93fc1c99529 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/49abed00-36eb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Message commits [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_commit_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Message commits [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "49abed00-36eb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/4b2794c0-d901-11e8-aa1c-3fc8e6195a8e.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/4b2794c0-d901-11e8-aa1c-3fc8e6195a8e.json new file mode 100644 index 00000000000..eef54b1515d --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/4b2794c0-d901-11e8-aa1c-3fc8e6195a8e.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Errors over time by Queue Manager [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "(stream.dataset:ibmmq.errorlog)" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "ibmmq.errorlog.qmgr", + "terms_size": "50", + "value_template": "{{value}} Errors" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Errors over time by Queue Manager [Logs IBM MQ]", + "type": "metrics" + } + }, + "id": "4b2794c0-d901-11e8-aa1c-3fc8e6195a8e", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/56b63f60-36e0-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/56b63f60-36e0-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..68a3156d77d --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/56b63f60-36e0-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQOPEN calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqopen_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqopen_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQOPEN calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "56b63f60-36e0-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/57eae940-adf0-11e9-8358-1517661d7c84.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/57eae940-adf0-11e9-8358-1517661d7c84.json new file mode 100644 index 00000000000..4543c7c5b84 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/57eae940-adf0-11e9-8358-1517661d7c84.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Number of Queue Manager [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Queue Manager", + "field": "ibmmq.errorlog.qmgr" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "cardinality", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of Queue Manager [Logs IBM MQ]", + "type": "metric" + } + }, + "id": "57eae940-adf0-11e9-8358-1517661d7c84", + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/58abd000-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/58abd000-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..985b838376d --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/58abd000-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Persistent message MQPUT count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_persistent_message_mqput_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Persistent message MQPUT count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "58abd000-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/60b5a440-36ec-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/60b5a440-36ec-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..5d314f04cc8 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/60b5a440-36ec-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Failed browse count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_browse_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Failed browse count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "60b5a440-36ec-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/67eeac40-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/67eeac40-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..abe55e13624 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/67eeac40-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Persistent message MQPUT1 count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_persistent_message_mqput1_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Persistent message MQPUT1 count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "67eeac40-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/74874de0-36e0-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/74874de0-36e0-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..85b56099bd8 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/74874de0-36e0-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQINQ calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqinq_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqinq_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQINQ calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "74874de0-36e0-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/845fca50-adef-11e9-8358-1517661d7c84.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/845fca50-adef-11e9-8358-1517661d7c84.json new file mode 100644 index 00000000000..ce4f85705c9 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/845fca50-adef-11e9-8358-1517661d7c84.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Last error [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Last error", + "field": "@timestamp" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Last error [Logs IBM MQ]", + "type": "metric" + } + }, + "id": "845fca50-adef-11e9-8358-1517661d7c84", + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/855debb0-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/855debb0-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..15e6bf23098 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/855debb0-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Persistent message browse count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_persistent_message_browse_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Persistent message browse count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "855debb0-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/89984460-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/89984460-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..4292482eedb --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/89984460-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Create durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_durable_subscription_create_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "gamma": 0.3, + "id": "f9af6070-36cc-11ea-b7bc-e7f346d59677", + "model_type": "simple", + "multiplicative": true, + "period": 1, + "type": "derivative", + "unit": "", + "window": 5 + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Create durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "89984460-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/908afbf0-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/908afbf0-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..92a79be61ed --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/908afbf0-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Delete durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_durable_subscription_delete_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "0a276150-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Delete durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "908afbf0-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/92bf3480-36e0-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/92bf3480-36e0-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..f1212f22baa --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/92bf3480-36e0-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQSET calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqset_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqset_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQSET calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "92bf3480-36e0-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/96d27500-36ef-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/96d27500-36ef-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..4c54c7e908f --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/96d27500-36ef-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Persistent message destructive get count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_persistent_message_destructive_get_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Persistent message destructive get count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "96d27500-36ef-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/9939e270-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/9939e270-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..8ce3e90a29f --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/9939e270-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Resume durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_durable_subscription_resume_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "e0ece030-36cc-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Resume durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "9939e270-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/aa90ec20-36e0-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/aa90ec20-36e0-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..b7f95ce8035 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/aa90ec20-36e0-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQSTAT calls succeeded [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqstat_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQSTAT calls succeeded [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "aa90ec20-36e0-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b455bc00-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b455bc00-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..5865415d804 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b455bc00-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Create non-durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_durable_subscription_create_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "b5619140-36cc-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Create non-durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "b455bc00-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b6308f30-7c7e-11e9-9645-e37efaf5baff.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b6308f30-7c7e-11e9-9645-e37efaf5baff.json new file mode 100644 index 00000000000..3c4df5b4b8b --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/b6308f30-7c7e-11e9-9645-e37efaf5baff.json @@ -0,0 +1,148 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"ibmmq.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "ibmmq." + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top 5 Errors [Logs IBM MQ]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Occurences" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "aggregate": "concat", + "customLabel": "Description", + "field": "message", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "5", + "params": { + "aggregate": "concat", + "customLabel": "Explanation", + "field": "ibmmq.errorlog.explanation", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Recommended Action", + "field": "ibmmq.errorlog.action", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Error Codes", + "field": "ibmmq.errorlog.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top 5 Errors [Logs IBM MQ]", + "type": "table" + } + }, + "id": "b6308f30-7c7e-11e9-9645-e37efaf5baff", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bdf17380-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bdf17380-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..c3739f998a9 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bdf17380-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Delete non-durable subscription [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_durable_subscription_delete_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "cd9fed60-36cc-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Delete non-durable subscription [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "bdf17380-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bf8e5de0-7c7f-11e9-9645-e37efaf5baff.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bf8e5de0-7c7f-11e9-9645-e37efaf5baff.json new file mode 100644 index 00000000000..24e5cba1aaa --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/bf8e5de0-7c7f-11e9-9645-e37efaf5baff.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Control [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "ibmmq.errorlog.qmgr", + "id": "1558522305526", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Queue Manager", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Control [Logs IBM MQ]", + "type": "input_control_vis" + } + }, + "id": "bf8e5de0-7c7f-11e9-9645-e37efaf5baff", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/c4be1ff0-36e0-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/c4be1ff0-36e0-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..744bcfd175a --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/c4be1ff0-36e0-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQSUBRQ calls succeeded/failed [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqsubrq_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "a8f2add0-36d2-11ea-8b7d-bfeb3bd2cf33", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_mqsubrq_total", + "id": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "max" + }, + { + "field": "a8f2add1-36d2-11ea-8b7d-bfeb3bd2cf33", + "id": "bb30c8b0-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQSUBRQ calls succeeded/failed [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "c4be1ff0-36e0-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d781db00-36df-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d781db00-36df-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..82fba31ad7e --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d781db00-36df-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQDISC calls succeeded [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqdisc_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQDISC calls succeeded [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "d781db00-36df-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d82919b0-36ee-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d82919b0-36ee-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..8f9e1741920 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d82919b0-36ee-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Non-persistent message MQPUT [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_persistent_message_mqput_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Non-persistent message MQPUT [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "d82919b0-36ee-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d8dbdcd0-36cb-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d8dbdcd0-36cb-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..55dab80b43b --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/d8dbdcd0-36cb-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Failed create/alter/resume subscription count [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_failed_subscription_create_alter_resume_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "2809d4f0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Failed create/alter/resume subscription count [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "d8dbdcd0-36cb-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/df35c4b0-adf0-11e9-8358-1517661d7c84.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/df35c4b0-adf0-11e9-8358-1517661d7c84.json new file mode 100644 index 00000000000..8be0c972627 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/df35c4b0-adf0-11e9-8358-1517661d7c84.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Errors per code, queue manager and host [Logs IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Errorcodes", + "field": "ibmmq.errorlog.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Queue Manager", + "field": "ibmmq.errorlog.qmgr", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Host", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Errors per code, queue manager and host [Logs IBM MQ]", + "type": "pie" + } + }, + "id": "df35c4b0-adf0-11e9-8358-1517661d7c84", + "references": [ + { + "id": "82db7ba0-adec-11e9-8358-1517661d7c84", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/e98d7660-36ee-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/e98d7660-36ee-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..57f61b09979 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/e98d7660-36ee-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Non-persistent message MQPUT1 [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "6fa6af70-36ca-11ea-b7bc-e7f346d59677" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_non_persistent_message_mqput1_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "3b91ade0-36cd-11ea-b7bc-e7f346d59677", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Non-persistent message MQPUT1 [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "e98d7660-36ee-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd.json b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd.json new file mode 100644 index 00000000000..d8baa26c069 --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/kibana/visualization/fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "MQCTL calls succeeded [Metrics IBM MQ]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "prometheus.metrics.ibmmq_qmgr_mqctl_total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "92c00030-36d2-11ea-8b7d-bfeb3bd2cf33", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.qmgr", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "MQCTL calls succeeded [Metrics IBM MQ]", + "type": "metrics" + } + }, + "id": "fd0e16a0-36de-11ea-9f7a-097fe7ab3ddd", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/ibmmq/0.0.1/manifest.yml b/dev/packages/beats/ibmmq/0.0.1/manifest.yml new file mode 100644 index 00000000000..d69557e4e7d --- /dev/null +++ b/dev/packages/beats/ibmmq/0.0.1/manifest.yml @@ -0,0 +1,66 @@ +format_version: 1.0.0 +name: ibmmq +title: IBM MQ +version: 0.0.1 +license: basic +description: IBM MQ Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.4.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-ibmmq.png + title: filebeat ibmmq + size: 1849x846 + type: image/png +- src: /img/metricbeat-ibmmq-calls.png + title: metricbeat ibmmq calls + size: 3360x3040 + type: image/png +- src: /img/metricbeat-ibmmq-messages.png + title: metricbeat ibmmq messages + size: 3360x3040 + type: image/png +- src: /img/metricbeat-ibmmq-subscriptions.png + title: metricbeat ibmmq subscriptions + size: 3360x2368 + type: image/png +icons: +- src: /img/ibmmq.svg + title: ibmmq + size: 32x32 + type: image/svg+xml +datasources: +- name: ibmmq + title: IBM MQ logs and metrics + description: Collect logs and metrics from IBM MQ instances + inputs: + - type: logs + title: Collect logs from IBM MQ instances + description: Collecting IBM MQ errorlog logs + - type: ibmmq/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:9157 + - name: metrics_path + type: text + title: Metrics Path + multi: false + required: true + show_user: true + default: /metrics + title: Collect metrics from IBM MQ instances + description: Collecting IBM MQ qmgr metrics diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/agent/stream/log.yml.hbs b/dev/packages/beats/icinga/0.0.1/dataset/debug/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..fb226f3f63b --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/agent/stream/log.yml.hbs @@ -0,0 +1,9 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\[' + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/icinga/0.0.1/dataset/debug/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..78ca5f9996c --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,40 @@ +--- +description: Pipeline for parsing icinga debug logs +processors: +- grok: + field: message + patterns: + - '\[%{TIMESTAMP:icinga.debug.timestamp}\] %{WORD:log.level}/%{WORD:icinga.debug.facility}: + %{GREEDYMULTILINE:message}' + ignore_missing: true + pattern_definitions: + TIMESTAMP: '%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE}' + GREEDYMULTILINE: |- + (.| + )* +- date: + field: icinga.debug.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss Z + ignore_failure: true +- remove: + field: icinga.debug.timestamp +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["warning", "critical"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/ecs.yml b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/fields.yml new file mode 100644 index 00000000000..a7cf3fe09cb --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/fields.yml @@ -0,0 +1,7 @@ +- name: icinga.debug + type: group + fields: + - name: facility + type: keyword + description: | + Specifies what component of Icinga logged the message. diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/package-fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/package-fields.yml new file mode 100644 index 00000000000..c631b9d37f2 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: icinga + type: group diff --git a/dev/packages/beats/icinga/0.0.1/dataset/debug/manifest.yml b/dev/packages/beats/icinga/0.0.1/dataset/debug/manifest.yml new file mode 100644 index 00000000000..04d9460ba5f --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/debug/manifest.yml @@ -0,0 +1,24 @@ +title: Icinga debug logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/icinga2/debug.log* + os: + darwin: + default: + - /usr/local/icinga2/var/log/icinga2/debug.log* + windows: + default: + - c:/programdata/icinga2/var/log/icinga2/debug.log* + template_path: log.yml.hbs + title: Icinga debug logs (log) + description: Collect Icinga debug logs using log input diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/agent/stream/log.yml.hbs b/dev/packages/beats/icinga/0.0.1/dataset/main/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..fb226f3f63b --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/agent/stream/log.yml.hbs @@ -0,0 +1,9 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\[' + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/icinga/0.0.1/dataset/main/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..cee3f3dd4e0 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,40 @@ +--- +description: Pipeline for parsing icinga main logs +processors: +- grok: + field: message + patterns: + - '\[%{TIMESTAMP:icinga.main.timestamp}\] %{WORD:log.level}/%{WORD:icinga.main.facility}: + %{GREEDYMULTILINE:message}' + ignore_missing: true + pattern_definitions: + TIMESTAMP: '%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE}' + GREEDYMULTILINE: |- + (.| + )* +- date: + field: icinga.main.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss Z + ignore_failure: true +- remove: + field: icinga.main.timestamp +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["warning", "critical"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/fields/ecs.yml b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/fields/fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/fields.yml new file mode 100644 index 00000000000..55e2619e973 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/fields.yml @@ -0,0 +1,7 @@ +- name: icinga.main + type: group + fields: + - name: facility + type: keyword + description: | + Specifies what component of Icinga logged the message. diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/fields/package-fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/package-fields.yml new file mode 100644 index 00000000000..c631b9d37f2 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: icinga + type: group diff --git a/dev/packages/beats/icinga/0.0.1/dataset/main/manifest.yml b/dev/packages/beats/icinga/0.0.1/dataset/main/manifest.yml new file mode 100644 index 00000000000..b3bf95ec8c3 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/main/manifest.yml @@ -0,0 +1,24 @@ +title: Icinga main logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/icinga2/icinga2.log* + os: + darwin: + default: + - /usr/local/icinga2/var/log/icinga2/icinga2.log* + windows: + default: + - c:/programdata/icinga2/var/log/icinga2/icinga2.log* + template_path: log.yml.hbs + title: Icinga main logs (log) + description: Collect Icinga main logs using log input diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/agent/stream/log.yml.hbs b/dev/packages/beats/icinga/0.0.1/dataset/startup/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..270be02b28e --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/agent/stream/log.yml.hbs @@ -0,0 +1,9 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^[a-z]*\/[a-zA-Z]*:' + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/icinga/0.0.1/dataset/startup/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..07d932cf379 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,30 @@ +--- +description: Pipeline for parsing icinga startup logs +processors: +- grok: + field: message + patterns: + - '%{WORD:log.level}/%{WORD:icinga.startup.facility}: %{GREEDYMULTILINE:message}' + ignore_missing: true + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )* +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["warning", "critical"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/ecs.yml b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/fields.yml new file mode 100644 index 00000000000..f08a944a40a --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/fields.yml @@ -0,0 +1,7 @@ +- name: icinga.startup + type: group + fields: + - name: facility + type: keyword + description: | + Specifies what component of Icinga logged the message. diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/package-fields.yml b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/package-fields.yml new file mode 100644 index 00000000000..c631b9d37f2 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: icinga + type: group diff --git a/dev/packages/beats/icinga/0.0.1/dataset/startup/manifest.yml b/dev/packages/beats/icinga/0.0.1/dataset/startup/manifest.yml new file mode 100644 index 00000000000..b9c0a9e9a71 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/dataset/startup/manifest.yml @@ -0,0 +1,24 @@ +title: Icinga startup logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/icinga2/startup.log + os: + darwin: + default: + - /usr/local/icinga2/var/log/icinga2/startup.log + windows: + default: + - c:/programdata/icinga2/var/log/icinga2/startup.log + template_path: log.yml.hbs + title: Icinga startup logs (log) + description: Collect Icinga startup logs using log input diff --git a/dev/packages/beats/icinga/0.0.1/docs/README.md b/dev/packages/beats/icinga/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/img/kibana-icinga-main.png b/dev/packages/beats/icinga/0.0.1/img/kibana-icinga-main.png new file mode 100644 index 00000000000..013b20fcf16 Binary files /dev/null and b/dev/packages/beats/icinga/0.0.1/img/kibana-icinga-main.png differ diff --git a/dev/packages/beats/icinga/0.0.1/kibana/dashboard/26309570-2419-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/26309570-2419-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..befd0021d7c --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/26309570-2419-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "Logs Icinga integration dashboard for the debug logs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "icinga.debug.facility", + "log.level", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 116, + "i": "3", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Icinga] Debug Log ECS", + "version": 1 + }, + "id": "26309570-2419-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "0bc34b60-2419-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "fb09d4b0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/dashboard/b9163ea0-2417-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/b9163ea0-2417-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..ba229019b1b --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/b9163ea0-2417-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "Logs Icinga integration dashboard for startup errors", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "icinga.startup.facility", + "log.level", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 52, + "i": "2", + "w": 48, + "x": 0, + "y": 8 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Icinga] Startup Errors ECS", + "version": 1 + }, + "id": "b9163ea0-2417-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "a59b5e00-2417-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_1", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/dashboard/f693d260-2417-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/f693d260-2417-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..59eb93180f8 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/dashboard/f693d260-2417-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "Logs Icinga integration dashboard for the main log files", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "icinga.main.facility", + "log.level", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 100, + "i": "2", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Icinga] Main Log ECS", + "version": 1 + }, + "id": "f693d260-2417-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "d8e5dc40-2417-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "2cf77780-2418-11e7-a83b-d5f4cebac9ff-ecs", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/search/710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/search/710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..ccb61961f73 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/search/710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "icinga.startup.facility", + "log.level", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "log.level:critical" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Startup Errors [Logs Icinga] ECS", + "version": 1 + }, + "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/search/c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/search/c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..6f817a5bd7a --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/search/c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "columns": [ + "icinga.debug.facility", + "log.level", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"icinga.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "icinga." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "debug", + "type": "phrase" + }, + "type": "phrase", + "value": "debug" + }, + "query": { + "match": { + "fileset.name": { + "query": "debug", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Debug Log [Logs Icinga] ECS", + "version": 1 + }, + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/search/ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/search/ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs.json new file mode 100644 index 00000000000..07a7d397d0f --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/search/ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "columns": [ + "icinga.main.facility", + "log.level", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"icinga.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "icinga." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "main", + "type": "phrase" + }, + "type": "phrase", + "value": "main" + }, + "query": { + "match": { + "fileset.name": { + "query": "main", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Main Log [Logs Icinga] ECS", + "version": 1 + }, + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/visualization/0bc34b60-2419-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/visualization/0bc34b60-2419-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..68cc657a9d2 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/visualization/0bc34b60-2419-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Debuglog Facility [Logs Icinga] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.debug.facility", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Debuglog Facility ECS", + "type": "histogram" + } + }, + "id": "0bc34b60-2419-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/visualization/2cf77780-2418-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/visualization/2cf77780-2418-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..3fe359d60aa --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/visualization/2cf77780-2418-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Mainlog Facility [Logs Icinga] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.main.facility", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Mainlog Facility ECS", + "type": "histogram" + } + }, + "id": "2cf77780-2418-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/visualization/a59b5e00-2417-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/visualization/a59b5e00-2417-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..56a5df38b54 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/visualization/a59b5e00-2417-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Startup Errors [Logs Icinga] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#BF1B00" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Startup Errors ECS", + "type": "histogram" + } + }, + "id": "a59b5e00-2417-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/visualization/d8e5dc40-2417-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/visualization/d8e5dc40-2417-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..c1dd9243519 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/visualization/d8e5dc40-2417-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Mainlog Severity [Logs Icinga] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "critical": "#BF1B00", + "warning": "#E5AC0E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Mainlog Severity ECS", + "type": "histogram" + } + }, + "id": "d8e5dc40-2417-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/kibana/visualization/fb09d4b0-2418-11e7-a83b-d5f4cebac9ff-ecs.json b/dev/packages/beats/icinga/0.0.1/kibana/visualization/fb09d4b0-2418-11e7-a83b-d5f4cebac9ff-ecs.json new file mode 100644 index 00000000000..25b1e7c6d88 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/kibana/visualization/fb09d4b0-2418-11e7-a83b-d5f4cebac9ff-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Debuglog Severity [Logs Icinga] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "debug": "#BA43A9", + "information": "#629E51", + "notice": "#6ED0E0", + "warning": "#E5AC0E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Debuglog Severity ECS", + "type": "histogram" + } + }, + "id": "fb09d4b0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "references": [ + { + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/icinga/0.0.1/manifest.yml b/dev/packages/beats/icinga/0.0.1/manifest.yml new file mode 100644 index 00000000000..416d48cf013 --- /dev/null +++ b/dev/packages/beats/icinga/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: icinga +title: Icinga +version: 0.0.1 +license: basic +description: Icinga Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-icinga-main.png + title: kibana icinga main + size: 1216x635 + type: image/png +datasources: +- name: icinga + title: Icinga logs + description: Collect logs from Icinga instances + inputs: + - type: logs + title: Collect logs from Icinga instances + description: Collecting Icinga debug, main and startup logs diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/agent/stream/log.yml.hbs b/dev/packages/beats/iis/0.0.1/dataset/access/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..5d150765c62 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/agent/stream/log.yml.hbs @@ -0,0 +1,6 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +exclude_lines: ["^#"] \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/iis/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..dc1c1f42d5c --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,140 @@ +--- +description: Pipeline for parsing IIS access logs. Requires the geoip and user_agent + plugins. +processors: +- grok: + field: message + patterns: + - '%{TIMESTAMP_ISO8601:iis.access.time} (?:-|%{IPORHOST:destination.address}) (?:-|%{WORD:http.request.method}) + (?:-|%{NOTSPACE:url.path}) (?:-|%{NOTSPACE:url.query}) (?:-|%{NUMBER:destination.port:long}) (?:-|%{NOTSPACE:user.name}) + (?:-|%{IPORHOST:source.address}) (?:-|%{NOTSPACE:user_agent.original}) (?:-|%{NOTSPACE:http.request.referrer}) + (?:-|%{NUMBER:http.response.status_code:long}) (?:-|%{NUMBER:iis.access.sub_status:long}) + (?:-|%{NUMBER:iis.access.win32_status:long}) (?:-|%{NUMBER:temp.duration:long})' + - '%{TIMESTAMP_ISO8601:iis.access.time} (?:-|%{NOTSPACE:iis.access.site_name}) (?:-|%{WORD:http.request.method}) + (?:-|%{NOTSPACE:url.path}) (?:-|%{NOTSPACE:url.query}) (?:-|%{NUMBER:destination.port:long}) (?:-|%{NOTSPACE:user.name}) + (?:-|%{IPORHOST:source.address}) (?:-|%{NOTSPACE:user_agent.original}) (?:-|%{NOTSPACE:iis.access.cookie}) + (?:-|%{NOTSPACE:http.request.referrer}) (?:-|%{NOTSPACE:destination.domain}) (?:-|%{NUMBER:http.response.status_code:long}) + (?:-|%{NUMBER:iis.access.sub_status:long}) (?:-|%{NUMBER:iis.access.win32_status:long}) + (?:-|%{NUMBER:http.response.body.bytes:long}) (?:-|%{NUMBER:http.request.body.bytes:long}) + (?:-|%{NUMBER:temp.duration:long})' + - '%{TIMESTAMP_ISO8601:iis.access.time} (?:-|%{NOTSPACE:iis.access.site_name}) (?:-|%{NOTSPACE:iis.access.server_name}) + (?:-|%{IPORHOST:destination.address}) (?:-|%{WORD:http.request.method}) (?:-|%{NOTSPACE:url.path}) + (?:-|%{NOTSPACE:url.query}) (?:-|%{NUMBER:destination.port:long}) (?:-|%{NOTSPACE:user.name}) + (?:-|%{IPORHOST:source.address}) (?:-|HTTP/%{NUMBER:http.version}) (?:-|%{NOTSPACE:user_agent.original}) + (?:-|%{NOTSPACE:iis.access.cookie}) (?:-|%{NOTSPACE:http.request.referrer}) (?:-|%{NOTSPACE:destination.domain}) + (?:-|%{NUMBER:http.response.status_code:long}) (?:-|%{NUMBER:iis.access.sub_status:long}) + (?:-|%{NUMBER:iis.access.win32_status:long}) (?:-|%{NUMBER:http.response.body.bytes:long}) + (?:-|%{NUMBER:http.request.body.bytes:long}) (?:-|%{NUMBER:temp.duration:long})' + - '%{TIMESTAMP_ISO8601:iis.access.time} \[%{IPORHOST:destination.address}\]\(http://%{IPORHOST:destination.address}\) + (?:-|%{WORD:http.request.method}) (?:-|%{NOTSPACE:url.path}) (?:-|%{NOTSPACE:url.query}) (?:-|%{NUMBER:destination.port:long}) + (?:-|%{NOTSPACE:user.name}) \[%{IPORHOST:source.address}\]\(http://%{IPORHOST:source.address}\) + (?:-|%{NOTSPACE:user_agent.original}) (?:-|%{NUMBER:http.response.status_code:long}) (?:-|%{NUMBER:iis.access.sub_status:long}) + (?:-|%{NUMBER:iis.access.win32_status:long}) (?:-|%{NUMBER:temp.duration:long})' + - '%{TIMESTAMP_ISO8601:iis.access.time} (?:-|%{IPORHOST:destination.address}) (?:-|%{WORD:http.request.method}) + (?:-|%{NOTSPACE:url.path}) (?:-|%{NOTSPACE:url.query}) (?:-|%{NUMBER:destination.port:long}) (?:-|%{NOTSPACE:user.name}) + (?:-|%{IPORHOST:source.address}) (?:-|%{NOTSPACE:user_agent.original}) (?:-|%{NUMBER:http.response.status_code:long}) + (?:-|%{NUMBER:iis.access.sub_status:long}) (?:-|%{NUMBER:iis.access.win32_status:long}) + (?:-|%{NUMBER:temp.duration:long})' + ignore_missing: true +- remove: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: iis.access.time + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss +- remove: + field: iis.access.time +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- urldecode: + field: user_agent.original + ignore_missing: true +- user_agent: + field: user_agent.original + ignore_missing: true +- grok: + field: destination.address + ignore_failure: true + patterns: + - '%{NOZONEIP:destination.ip}' + pattern_definitions: + NOZONEIP: '[^%]*' +- grok: + field: source.address + ignore_failure: true + patterns: + - '%{NOZONEIP:source.ip}' + pattern_definitions: + NOZONEIP: '[^%]*' +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: web +- append: + field: event.category + value: network + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- append: + field: event.type + value: connection + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- lowercase: + field: http.request.method + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/fields/ecs.yml b/dev/packages/beats/iis/0.0.1/dataset/access/fields/ecs.yml new file mode 100644 index 00000000000..1aa0fd319b1 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/fields/ecs.yml @@ -0,0 +1,173 @@ +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: host + title: Host + group: 2 + type: group + fields: + - name: hostname + level: core + type: keyword + description: |- + Hostname of the host. + It normally contains what the `hostname` command returns on the host machine. + ignore_above: 1024 +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the request body. + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: path + level: extended + type: keyword + description: Path of the request, such as "/search". + ignore_above: 1024 + - name: query + level: extended + type: keyword + description: |- + The query field describes the query string of the request, such as "q=elasticsearch". + The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. + ignore_above: 1024 +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/iis/0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 00000000000..de7647d1774 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,27 @@ +- name: iis.access + type: group + fields: + - name: sub_status + type: long + description: | + The HTTP substatus code. + - name: win32_status + type: long + description: | + The Windows status code. + - name: site_name + type: keyword + description: | + The site name and instance number. + - name: server_name + type: keyword + description: | + The name of the server on which the log file entry was generated. + - name: cookie + type: keyword + description: | + The content of the cookie sent or received, if any. + - name: user_agent + type: group + - name: geoip + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/fields/package-fields.yml b/dev/packages/beats/iis/0.0.1/dataset/access/fields/package-fields.yml new file mode 100644 index 00000000000..ac43193c9f5 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iis + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/access/manifest.yml b/dev/packages/beats/iis/0.0.1/dataset/access/manifest.yml new file mode 100644 index 00000000000..9edcfa7b8fb --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/access/manifest.yml @@ -0,0 +1,24 @@ +title: IIS access logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - C:/inetpub/logs/LogFiles/*/*.log + os: + darwin: + default: + - "" + windows: + default: + - C:/inetpub/logs/LogFiles/*/*.log + template_path: log.yml.hbs + title: IIS access logs (log) + description: Collect IIS access logs using log input diff --git a/dev/packages/beats/iis/0.0.1/dataset/application_pool/agent/stream/stream.yml.hbs b/dev/packages/beats/iis/0.0.1/dataset/application_pool/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a9f15d6cc86 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/application_pool/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["application_pool"] +period: {{period}} diff --git a/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/fields.yml b/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/fields.yml new file mode 100644 index 00000000000..56e52c6c764 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/fields.yml @@ -0,0 +1,8 @@ +- name: iis.application_pool + type: group + release: beta + fields: + - name: name + type: keyword + description: | + application pool name diff --git a/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/package-fields.yml b/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/package-fields.yml new file mode 100644 index 00000000000..ac43193c9f5 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/application_pool/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iis + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/application_pool/manifest.yml b/dev/packages/beats/iis/0.0.1/dataset/application_pool/manifest.yml new file mode 100644 index 00000000000..9d477b2c014 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/application_pool/manifest.yml @@ -0,0 +1,15 @@ +title: iis application_pool metrics +release: experimental +type: metrics +streams: +- input: iis/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: iis application_pool metrics + description: Collect iis application_pool metrics diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/agent/stream/log.yml.hbs b/dev/packages/beats/iis/0.0.1/dataset/error/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..5d150765c62 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/agent/stream/log.yml.hbs @@ -0,0 +1,6 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +exclude_lines: ["^#"] \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/iis/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..fcfc8fb943b --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,97 @@ +--- +description: Pipeline for parsing IIS error logs. Requires the geoip plugin. +processors: +- grok: + field: message + patterns: + - '%{TIMESTAMP_ISO8601:iis.error.time} %{IPORHOST:source.address} %{NUMBER:source.port:long} + %{IPORHOST:destination.address} %{IPORHOST:destination.port:long} (?:HTTP/%{NUMBER:http.version}|-) + (?:%{WORD:http.request.method}|-) (?:-|%{NOTSPACE:url.original}) (?:%{NUMBER}|-) + (?:%{NUMBER:http.response.status_code:long}|-) (?:%{NUMBER}|-) (?:-|%{NOTSPACE:iis.error.reason_phrase}) + (?:-|%{NOTSPACE:iis.error.queue_name})' + - '%{TIMESTAMP_ISO8601:iis.error.time} %{IPORHOST:source.address} %{NUMBER:source.port:long} + %{IPORHOST:destination.address} %{IPORHOST:destination.port:long} (?:HTTP/%{NUMBER:http.version}|-) + (?:%{WORD:http.request.method}|-) (?:-|%{NOTSPACE:url.original}) (?:%{NUMBER:http.response.status_code:long}|-) + (?:%{NUMBER}|-) (?:-|%{NOTSPACE:iis.error.reason_phrase}) (?:-|%{NOTSPACE:iis.error.queue_name})' + ignore_missing: true +- remove: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: iis.error.time + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss +- remove: + field: iis.error.time +- grok: + field: destination.address + patterns: + - '%{NOZONEIP:destination.ip}' + pattern_definitions: + NOZONEIP: '[^%]*' +- grok: + field: source.address + patterns: + - '%{NOZONEIP:source.ip}' + pattern_definitions: + NOZONEIP: '[^%]*' +- geoip: + field: source.ip + target_field: source.geo + ignore_failure: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: web +- append: + field: event.category + value: network + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- append: + field: event.type + value: connection + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- lowercase: + field: http.request.method + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/fields/ecs.yml b/dev/packages/beats/iis/0.0.1/dataset/error/fields/ecs.yml new file mode 100644 index 00000000000..c0000585deb --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/fields/ecs.yml @@ -0,0 +1,103 @@ +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 + - name: port + level: core + type: long + format: string + description: Port of the source. +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/iis/0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 00000000000..b7ec503509e --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,13 @@ +- name: iis.error + type: group + fields: + - name: reason_phrase + type: keyword + description: | + The HTTP reason phrase. + - name: queue_name + type: keyword + description: | + The IIS application pool name. + - name: geoip + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/fields/package-fields.yml b/dev/packages/beats/iis/0.0.1/dataset/error/fields/package-fields.yml new file mode 100644 index 00000000000..ac43193c9f5 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iis + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/error/manifest.yml b/dev/packages/beats/iis/0.0.1/dataset/error/manifest.yml new file mode 100644 index 00000000000..85765a5da80 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/error/manifest.yml @@ -0,0 +1,24 @@ +title: IIS error logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - c:/Windows/System32/LogFiles/HTTPERR/*.log + os: + darwin: + default: + - "" + windows: + default: + - c:/Windows/System32/LogFiles/HTTPERR/*.log + template_path: log.yml.hbs + title: IIS error logs (log) + description: Collect IIS error logs using log input diff --git a/dev/packages/beats/iis/0.0.1/dataset/webserver/agent/stream/stream.yml.hbs b/dev/packages/beats/iis/0.0.1/dataset/webserver/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..2013dc06bf1 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/webserver/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["webserver"] +period: {{period}} diff --git a/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/fields.yml b/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/fields.yml new file mode 100644 index 00000000000..8782e8d42d3 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/fields.yml @@ -0,0 +1,5 @@ +- name: iis.webserver.*.* + type: object + description: | + webserver + release: beta diff --git a/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/package-fields.yml b/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/package-fields.yml new file mode 100644 index 00000000000..ac43193c9f5 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/webserver/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iis + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/webserver/manifest.yml b/dev/packages/beats/iis/0.0.1/dataset/webserver/manifest.yml new file mode 100644 index 00000000000..7c6aa9bce31 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/webserver/manifest.yml @@ -0,0 +1,15 @@ +title: iis webserver metrics +release: experimental +type: metrics +streams: +- input: iis/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: iis webserver metrics + description: Collect iis webserver metrics diff --git a/dev/packages/beats/iis/0.0.1/dataset/website/agent/stream/stream.yml.hbs b/dev/packages/beats/iis/0.0.1/dataset/website/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..288efb1386b --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/website/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["website"] +period: {{period}} diff --git a/dev/packages/beats/iis/0.0.1/dataset/website/fields/fields.yml b/dev/packages/beats/iis/0.0.1/dataset/website/fields/fields.yml new file mode 100644 index 00000000000..0ac6745f134 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/website/fields/fields.yml @@ -0,0 +1,10 @@ +- name: iis.website.*.* + type: object + description: | + website + release: beta + fields: + - name: name + type: keyword + description: | + website name diff --git a/dev/packages/beats/iis/0.0.1/dataset/website/fields/package-fields.yml b/dev/packages/beats/iis/0.0.1/dataset/website/fields/package-fields.yml new file mode 100644 index 00000000000..ac43193c9f5 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/website/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iis + type: group diff --git a/dev/packages/beats/iis/0.0.1/dataset/website/manifest.yml b/dev/packages/beats/iis/0.0.1/dataset/website/manifest.yml new file mode 100644 index 00000000000..a75d2318c5d --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/dataset/website/manifest.yml @@ -0,0 +1,15 @@ +title: iis website metrics +release: experimental +type: metrics +streams: +- input: iis/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: iis website metrics + description: Collect iis website metrics diff --git a/dev/packages/beats/iis/0.0.1/docs/README.md b/dev/packages/beats/iis/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/img/iis.svg b/dev/packages/beats/iis/0.0.1/img/iis.svg new file mode 100644 index 00000000000..99964448d33 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/img/iis.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/img/kibana-iis.png b/dev/packages/beats/iis/0.0.1/img/kibana-iis.png new file mode 100644 index 00000000000..eec61a94d0d Binary files /dev/null and b/dev/packages/beats/iis/0.0.1/img/kibana-iis.png differ diff --git a/dev/packages/beats/iis/0.0.1/kibana/dashboard/4278ad30-fe16-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/dashboard/4278ad30-fe16-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..1e18d9d8eaa --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/dashboard/4278ad30-fe16-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "Dashboard for the Logs IIS integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 28, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 20, + "x": 28, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs IIS] Access and error logs ECS", + "version": 1 + }, + "id": "4278ad30-fe16-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "eb2db5b0-fe11-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "f31414b0-fe14-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "63129c80-fe12-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "ccd3f9c0-fe12-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "41f38230-fe17-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "c0d02cd0-fe1b-11e7-a3b0-d13028918f9f-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/41f38230-fe17-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/41f38230-fe17-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..a1792b4aeb4 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/41f38230-fe17-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Error logs over time [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Error logs over time [Logs IIS] ECS", + "type": "histogram" + } + }, + "id": "41f38230-fe17-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/63129c80-fe12-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/63129c80-fe12-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..2a995161363 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/63129c80-fe12-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Browsers breakdown [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Browsers breakdown [Logs IIS] ECS", + "type": "pie" + } + }, + "id": "63129c80-fe12-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/c0d02cd0-fe1b-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/c0d02cd0-fe1b-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..ce8886cdce1 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/c0d02cd0-fe1b-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top URLs by response code [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL", + "field": "url.path", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URLs by response code [Logs IIS] ECS", + "type": "pie" + } + }, + "id": "c0d02cd0-fe1b-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/ccd3f9c0-fe12-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/ccd3f9c0-fe12-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..eca5e294334 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/ccd3f9c0-fe12-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Operating systems breakdown [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.os.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Operating systems breakdown [Logs IIS] ECS", + "type": "pie" + } + }, + "id": "ccd3f9c0-fe12-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/eb2db5b0-fe11-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/eb2db5b0-fe11-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..d460ecf9a4a --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/eb2db5b0-fe11-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Access map [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Access map [Logs IIS] ECS", + "type": "tile_map" + } + }, + "id": "eb2db5b0-fe11-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/kibana/visualization/f31414b0-fe14-11e7-a3b0-d13028918f9f-ecs.json b/dev/packages/beats/iis/0.0.1/kibana/visualization/f31414b0-fe14-11e7-a3b0-d13028918f9f-ecs.json new file mode 100644 index 00000000000..c97e87a36e2 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/kibana/visualization/f31414b0-fe14-11e7-a3b0-d13028918f9f-ecs.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Response codes over time [Logs IIS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Response codes over time [Logs IIS] ECS", + "type": "histogram" + } + }, + "id": "f31414b0-fe14-11e7-a3b0-d13028918f9f-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iis/0.0.1/manifest.yml b/dev/packages/beats/iis/0.0.1/manifest.yml new file mode 100644 index 00000000000..ea189387cb1 --- /dev/null +++ b/dev/packages/beats/iis/0.0.1/manifest.yml @@ -0,0 +1,38 @@ +format_version: 1.0.0 +name: iis +title: iis +version: 0.0.1 +license: basic +description: iis Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-iis.png + title: kibana iis + size: 1960x2820 + type: image/png +icons: +- src: /img/iis.svg + title: iis + size: 100x100 + type: image/svg+xml +datasources: +- name: iis + title: iis logs and metrics + description: Collect logs and metrics from iis instances + inputs: + - type: logs + title: Collect logs from iis instances + description: Collecting iis access and error logs + - type: iis/metrics + title: Collect metrics from iis instances + description: Collecting iis application_pool, webserver and website metrics diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..85587ce2696 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,40 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ +{{#if community_id}} + - dissect: + tokenizer: "%{} SRC=%{source.ip} DST=%{destination.ip} " + field: "message" + target_prefix: "" + - dissect: + tokenizer: "%{} PROTO=%{network.transport} " + field: "message" + target_prefix: "" + - if: + or: + - equals.network.transport: TCP + - equals.network.transport: UDP + - equals.network.transport: SCTP + then: + dissect: + tokenizer: "%{} SPT=%{source.port} DPT=%{destination.port} " + field: "message" + target_prefix: "" + else: + dissect: + when:or: + - equals.network.transport: ICMP + - equals.network.transport: ICMPv6 + tokenizer: "%{} TYPE=%{iptables.icmp.type} CODE=%{iptables.icmp.code} " + field: "message" + target_prefix: "" + - community_id: + fields: + icmp_type: iptables.icmp.type + icmp_code: iptables.icmp.code +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/syslog.yml.hbs b/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..02b0d7b29b9 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/agent/stream/syslog.yml.hbs @@ -0,0 +1,37 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +tags: {{tags}} +processors: + - add_locale: ~ +{{#if community_id}} + - dissect: + tokenizer: "%{} SRC=%{source.ip} DST=%{destination.ip} " + field: "message" + target_prefix: "" + - dissect: + tokenizer: "%{} PROTO=%{network.transport} " + field: "message" + target_prefix: "" + - if: + or: + - equals.network.transport: TCP + - equals.network.transport: UDP + - equals.network.transport: SCTP + then: + dissect: + tokenizer: "%{} SPT=%{source.port} DPT=%{destination.port} " + field: "message" + target_prefix: "" + else: + dissect: + when:or: + - equals.network.transport: ICMP + - equals.network.transport: ICMPv6 + tokenizer: "%{} TYPE=%{iptables.icmp.type} CODE=%{iptables.icmp.code} " + field: "message" + target_prefix: "" + - community_id: + fields: + icmp_type: iptables.icmp.type + icmp_code: iptables.icmp.code +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/iptables/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..dac1b4fa85b --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,260 @@ +--- +description: Pipeline for IPTables +processors: +- grok: + field: message + patterns: + - '%{SYSLOGTIMESTAMP:iptables.raw_date}%{GREEDYDATA}\[%{UBIQUITI_LABEL}\]%{IPTABLES}%{SPACE}' + - '%{SYSLOGTIMESTAMP:iptables.raw_date}%{GREEDYDATA}%{IPTABLES}%{SPACE}' + - '%{GREEDYDATA}\[%{UBIQUITI_LABEL}\]%{IPTABLES}%{SPACE}' + - '%{GREEDYDATA}%{IPTABLES}%{SPACE}' + pattern_definitions: + UNSIGNED_INT: '[0-9]+' + ETHTYPE: (?:[A-Fa-f0-9]{2}):(?:[A-Fa-f0-9]{2}) + ETHTYPE_DISCARD: (?::[A-Fa-f0-9]{2})* + NETFILTERMAC: (?:%{MAC:destination.mac}:%{MAC:source.mac}:%{ETHTYPE:iptables.ether_type}?%{ETHTYPE_DISCARD}|%{MAC:destination.mac}%{ETHTYPE_DISCARD}:%{ETHTYPE:iptables.ether_type}?) + IPTABLES_ETHERNET: 'IN=%{DATA:iptables.input_device} OUT=%{DATA:iptables.output_device}?(?: + MAC=%{NETFILTERMAC})?' + IPTABLES_PORT_PAIR: SPT=%{UNSIGNED_INT:source.port:int} DPT=%{UNSIGNED_INT:destination.port:int} + IPTABLES_TCP_FLAGS: (CWR |ECE |URG |ACK |PSH |RST |SYN |FIN )* + IPTABLES_TCP_SEQ: SEQ=%{UNSIGNED_INT:iptables.tcp.seq:int} ACK=%{UNSIGNED_INT:iptables.tcp.ack:int} + IPTABLES_TCP_DETAILS: (?:%{IPTABLES_TCP_SEQ} )?WINDOW=%{UNSIGNED_INT:iptables.tcp.window:int} + RES=0x%{BASE16NUM:iptables.tcp_reserved_bits} %{IPTABLES_TCP_FLAGS:iptables.tcp.flags} + IPTABLES_INCOMPLETE_PACKET: INCOMPLETE \[%{UNSIGNED_INT:iptables.incomplete_bytes:int} + bytes\] + IPTABLES_UDP_DETAILS: LEN=%{UNSIGNED_INT:iptables.udp.length:int} + IPTABLES_ICMP_EXTRA_ECHO: ID=%{UNSIGNED_INT:iptables.icmp.id:int} SEQ=%{UNSIGNED_INT:iptables.icmp.seq:int} + IPTABLES_ICMP_EXTRA_PARAM: PARAMETER=%{UNSIGNED_INT:iptables.icmp.parameter:int} + IPTABLES_ICMP_EXTRA_REDIRECT: GATEWAY=%{IP:iptables.icmp.redirect} + IPTABLES_ICMP_EXTRA: ( (?:%{IPTABLES_ICMP_EXTRA_ECHO}|%{IPTABLES_ICMP_EXTRA_PARAM}|%{IPTABLES_ICMP_EXTRA_REDIRECT}))* + IPTABLES_ICMP_DETAILS: TYPE=%{UNSIGNED_INT:iptables.icmp.type:int} CODE=%{UNSIGNED_INT:iptables.icmp.code:int}(( + %{IPTABLES_INCOMPLETE_PACKET})|%{IPTABLES_ICMP_EXTRA}) + IPTABLES_PROTOCOL: PROTO=(?[a-zA-Z0-9]+) + IPTABLES_IP_PAYLOAD: '%{IPTABLES_PROTOCOL}( %{IPTABLES_PORT_PAIR})?( (%{IPTABLES_TCP_DETAILS}|%{IPTABLES_UDP_DETAILS}|%{IPTABLES_ICMP_DETAILS}|%{IPTABLES_INCOMPLETE_PACKET}))?' + IPTABLES_IP_FRAGFLAG: ((?<= )(CE|DF|MF))* + IPTABLES_IP_START: 'SRC=%{IPV4:source.ip} DST=%{IPV4:destination.ip} LEN=%{UNSIGNED_INT:iptables.length:int} + TOS=0x%{BASE16NUM:iptables.tos} PREC=0x%{BASE16NUM:iptables.precedence_bits} + TTL=%{UNSIGNED_INT:iptables.ttl:int} ID=%{UNSIGNED_INT:iptables.id:int}(?: + %{IPTABLES_IP_FRAGFLAG:iptables.fragment_flags})?(?: FRAG: %{UNSIGNED_INT:iptables.fragment_offset:int})?' + IPTABLES_IP: '%{IPTABLES_IP_START} %{IPTABLES_IP_PAYLOAD}' + IPTABLES_IPV6_START: SRC=%{IPV6:source.ip} DST=%{IPV6:destination.ip} LEN=%{UNSIGNED_INT:iptables.length:int} + TC=%{UNSIGNED_INT:iptables.tos} HOPLIMIT=%{UNSIGNED_INT:iptables.ttl:int} + FLOWLBL=%{UNSIGNED_INT:iptables.flow_label:int} + IPTABLES_IPV6: '%{IPTABLES_IPV6_START} %{IPTABLES_IP_PAYLOAD}' + IPTABLES: '%{IPTABLES_ETHERNET} (:?%{IPTABLES_IP}|%{IPTABLES_IPV6})' + UBIQUITI_FIELD: '[^-\]]*' + UBIQUITI_RULESET_NAME: '[^\]]*' + UBIQUITI_LABEL: '%{UBIQUITI_RULESET_NAME:iptables.ubiquiti.rule_set}-%{UBIQUITI_FIELD:iptables.ubiquiti.rule_number}-%{UBIQUITI_FIELD:event.action}' +- rename: + field: message + target_field: log.original +- grok: + field: iptables.ubiquiti.rule_set + ignore_missing: true + ignore_failure: true + patterns: + - '%{UBIQUITI_FIELD:iptables.ubiquiti.input_zone}-%{UBIQUITI_FIELD:iptables.ubiquiti.output_zone}' + pattern_definitions: + UBIQUITI_FIELD: '[^-]*' +- date: + if: ctx.event.timezone == null + field: iptables.raw_date + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: iptables.raw_date + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: iptables.raw_date + ignore_missing: true +- lowercase: + field: network.transport + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- script: + lang: painless + params: + mappings: + - source: + object: iptables + key: ether_type + destination: + object: network + key: type + map: + 08:00: ipv4 + 86:dd: ipv6 + - source: + object: event + key: action + destination: + object: event + key: action + map: + D: drop + A: accept + - source: + object: event + key: action + destination: + object: event + key: type + map: + drop: denied + accept: allowed + - source: + object: network + key: transport + destination: + object: network + key: transport + map: + icmpv6: ipv6-icmp + source: >- + for (action in params.mappings) { + def src = ctx[action.source.object]; + if (src != null) { + Map map = action.map; + String key = src[action.source.key]; + String mapping = map[key]; + if (mapping != null) { + Map dst = ctx[action.destination.object]; + if (dst == null) { + dst = new HashMap(); + ctx[action.destination.object] = dst; + } + dst[action.destination.key] = mapping; + } + } + } + +- script: + lang: painless + params: + hex_fields_to_convert: + - ether_type + - tos + - precedence_bits + - tcp_reserved_bits + source: >- + def iptables = ctx['iptables']; + if (iptables != null) { + for (key in params.hex_fields_to_convert) { + long value = 0; + def field = iptables[key]; + if (field == null) continue; + char[] hex = field.toLowerCase().toCharArray(); + for (chr in hex) { + long v = -1; + if (chr >= (char) 'a' && chr <= (char) 'f') v = (long) chr - (char) 'a' + 10; + else if (chr >= (char) '0' && chr <= (char) '9') v = (long) chr - (char) '0'; + if (v >= 0) { + value = value * 16 + v; + } + } + iptables[key] = value; + } + } + +- set: + field: event.kind + value: event +- append: + field: event.category + value: network +- append: + field: event.type + value: connection + if: "ctx?.source?.ip != null && ctx?.destination?.ip != null" +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- rename: + field: iptables.tcp_reserved_bits + target_field: iptables.tcp.reserved_bits + ignore_missing: true +- split: + field: iptables.tcp.flags + separator: "\\s+" + ignore_missing: true +- split: + field: iptables.fragment_flags + separator: "\\s+" + ignore_missing: true +- set: + field: observer.egress.zone + value: "{{iptables.ubiquiti.output_zone}}" + if: ctx?.iptables?.ubiquiti?.output_zone != null +- set: + field: observer.ingress.zone + value: "{{iptables.ubiquiti.input_zone}}" + if: ctx?.iptables?.ubiquiti?.input_zone != null +- set: + field: rule.id + value: "{{iptables.ubiquiti.rule_number}}" + if: ctx?.iptables?.ubiquiti?.rule_number != null +- set: + field: rule.name + value: "{{iptables.ubiquiti.rule_set}}" + if: ctx?.iptables?.ubiquiti?.rule_set != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/iptables/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..0c436bea211 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,122 @@ +- name: iptables.ether_type + type: long + description: | + Value of the ethernet type field identifying the network layer protocol. +- name: iptables.flow_label + type: integer + description: | + IPv6 flow label. +- name: iptables.fragment_flags + type: keyword + description: | + IP fragment flags. A combination of CE, DF and MF. +- name: iptables.fragment_offset + type: long + description: | + Offset of the current IP fragment. +- name: iptables.icmp + type: group + fields: + - name: code + type: long + description: | + ICMP code. + - name: id + type: long + description: | + ICMP ID. + - name: parameter + type: long + description: | + ICMP parameter. + - name: redirect + type: ip + description: | + ICMP redirect address. + - name: seq + type: long + description: | + ICMP sequence number. + - name: type + type: long + description: | + ICMP type. +- name: iptables.id + type: long + description: | + Packet identifier. +- name: iptables.incomplete_bytes + type: long + description: | + Number of incomplete bytes. +- name: iptables.input_device + type: keyword + description: | + Device that received the packet. +- name: iptables.precedence_bits + type: short + description: | + IP precedence bits. +- name: iptables.tos + type: long + description: | + IP Type of Service field. +- name: iptables.length + type: long + description: | + Packet length. +- name: iptables.output_device + type: keyword + description: | + Device that output the packet. +- name: iptables.tcp + type: group + fields: + - name: flags + type: keyword + description: | + TCP flags. + - name: reserved_bits + type: short + description: | + TCP reserved bits. + - name: seq + type: long + description: | + TCP sequence number. + - name: ack + type: long + description: | + TCP Acknowledgment number. + - name: window + type: long + description: | + Advertised TCP window size. +- name: iptables.ttl + type: integer + description: | + Time To Live field. +- name: iptables.udp + type: group + fields: + - name: length + type: long + description: | + Length of the UDP header and payload. +- name: iptables.ubiquiti + type: group + fields: + - name: input_zone + type: keyword + description: | + Input zone. + - name: output_zone + type: keyword + description: | + Output zone. + - name: rule_number + type: keyword + description: The rule number within the rule set. + - name: rule_set + type: keyword + description: The rule set name. diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/iptables/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..3e324730b1f --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: iptables + type: group diff --git a/dev/packages/beats/iptables/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/iptables/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..aff767e866d --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,36 @@ +title: iptables log logs +release: experimental +type: logs +streams: +- input: syslog + template_path: syslog.yml.hbs + title: iptables log logs (syslog) + description: Collect iptables log logs using syslog input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/iptables.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - iptables + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: iptables log logs (log) + description: Collect iptables log logs using log input diff --git a/dev/packages/beats/iptables/0.0.1/docs/README.md b/dev/packages/beats/iptables/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/img/kibana-iptables-ubiquiti.png b/dev/packages/beats/iptables/0.0.1/img/kibana-iptables-ubiquiti.png new file mode 100644 index 00000000000..246f2ace263 Binary files /dev/null and b/dev/packages/beats/iptables/0.0.1/img/kibana-iptables-ubiquiti.png differ diff --git a/dev/packages/beats/iptables/0.0.1/img/kibana-iptables.png b/dev/packages/beats/iptables/0.0.1/img/kibana-iptables.png new file mode 100644 index 00000000000..a12929d11d5 Binary files /dev/null and b/dev/packages/beats/iptables/0.0.1/img/kibana-iptables.png differ diff --git a/dev/packages/beats/iptables/0.0.1/img/ubiquiti.svg b/dev/packages/beats/iptables/0.0.1/img/ubiquiti.svg new file mode 100644 index 00000000000..99a911e3286 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/img/ubiquiti.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/dashboard/ceefb9e0-1f51-11e9-93ed-f7e068f4aebb-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/dashboard/ceefb9e0-1f51-11e9-93ed-f7e068f4aebb-ecs.json new file mode 100644 index 00000000000..3e4811a3416 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/dashboard/ceefb9e0-1f51-11e9-93ed-f7e068f4aebb-ecs.json @@ -0,0 +1,189 @@ +{ + "attributes": { + "description": "Overview of the iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 37, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 47.15984001304432, + -47.02148437500001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 49.15296965617042, + -27.949218750000004 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 19, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 18, + "x": 19, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 11, + "x": 37, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "8", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Iptables] Overview ECS", + "version": 1 + }, + "id": "ceefb9e0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "references": [ + { + "id": "4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "panel_7", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/dashboard/d39f0980-1ff3-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/dashboard/d39f0980-1ff3-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..e8c6afc80a0 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/dashboard/d39f0980-1ff3-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,195 @@ +{ + "attributes": { + "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 33, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Event Timeline", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Top Blocked by source IP", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 39.095962936305476, + -22.148437500000004 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Allowed Traffic Map", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 46.31658418182218, + -34.10156250000001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Blocked Traffic Map", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "colors": { + "allow": "#7EB26D", + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } + }, + "gridData": { + "h": 18, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Traffic Breakdown by Protocol", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 27, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Event View", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "7", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Traffic Breakdown by Port", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Iptables] Ubiquiti Firewall Overview ECS", + "version": 1 + }, + "id": "d39f0980-1ff3-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "758b3620-1fda-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_5", + "type": "search" + }, + { + "id": "190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/search/7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/search/7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..e4189250ec0 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/search/7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :* and event.outcome : \"allow\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Ubiquiti Firewall Allowed Events [Logs Iptables] ECS", + "version": 1 + }, + "id": "7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/search/9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/search/9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..1a770fd056e --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/search/9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :* and event.outcome : \"deny\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Ubiquiti Firewall Blocked Events [Logs Iptables] ECS", + "version": 1 + }, + "id": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/search/b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/search/b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..36cb936a8ad --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/search/b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "iptables.length :*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Events Search [Logs Iptables] ECS", + "version": 1 + }, + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/search/c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/search/c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..05d75ae5e4d --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/search/c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "iptables.ubiquiti.rule_set :*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Ubiquiti Firewall Events [Logs Iptables] ECS", + "version": 1 + }, + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..22bfa360fd7 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "event.outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables] ECS", + "type": "table" + } + }, + "id": "190bcb50-1ff6-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..968708cdb01 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables] ECS", + "type": "table" + } + }, + "id": "1ba82fd0-1ff0-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..3a5349105cd --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Source Countries [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Source Countries [Logs Iptables] ECS", + "type": "table" + } + }, + "id": "2599f5e0-1e98-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..560e12a1617 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Network Transport Breakdown [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Transport Breakdown [Logs Iptables] ECS", + "type": "pie" + } + }, + "id": "35fe0910-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs.json new file mode 100644 index 00000000000..1dc008f4fe5 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Events Timeline [Logs Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Events Timeline [Logs Iptables] ECS", + "type": "area" + } + }, + "id": "4c913eb0-1f51-11e9-93ed-f7e068f4aebb-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..34a481d6709 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Allowed Traffic Map [Logs Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Ubiquiti Firewall Allowed Traffic Map [Logs Iptables] ECS", + "type": "tile_map" + } + }, + "id": "5bd53050-1fe9-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "7862cab0-1fdb-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..ae341888ad2 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination Ports [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destination Ports [Logs Iptables] ECS", + "type": "table" + } + }, + "id": "683402b0-1f29-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/758b3620-1fda-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/758b3620-1fda-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..e878459c14a --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/758b3620-1fda-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Event Timeline [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2019-01-24T15:47:12.171Z", + "mode": "absolute", + "to": "2019-01-24T15:47:52.785Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "top", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Ubiquiti Firewall Event Timeline [Logs Iptables] ECS", + "type": "histogram" + } + }, + "id": "758b3620-1fda-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..724f16171a2 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Blocked Traffic Map [Logs Iptables] ECS", + "uiStateJSON": { + "mapCenter": [ + 19.228176737766262, + -22.851562500000004 + ], + "mapZoom": 3 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Ubiquiti Firewall Blocked Traffic Map [Logs Iptables] ECS", + "type": "tile_map" + } + }, + "id": "8853aa20-1fef-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "9f7d97c0-1fe9-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..fbf1410649c --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Network Type Breakdown [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Type Breakdown [Logs Iptables] ECS", + "type": "pie" + } + }, + "id": "b57b7370-1f1d-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..386613b564f --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Map [Logs Iptables] ECS", + "uiStateJSON": { + "mapCenter": [ + 45.02695045318546, + -44.82421875000001 + ], + "mapZoom": 3 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Source Map [Logs Iptables] ECS", + "type": "tile_map" + } + }, + "id": "c4394ec0-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs.json new file mode 100644 index 00000000000..fa9c47efa49 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Map [Logs Iptables] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Destination Map [Logs Iptables] ECS", + "type": "tile_map" + } + }, + "id": "d8cea010-1efd-11e9-8ec4-cf5d91a864b3-ecs", + "references": [ + { + "id": "b3f1b010-1f26-11e9-8ec4-cf5d91a864b3-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/kibana/visualization/fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs.json b/dev/packages/beats/iptables/0.0.1/kibana/visualization/fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs.json new file mode 100644 index 00000000000..ec4d5501636 --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/kibana/visualization/fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": false + }, + "legendPosition": "top", + "type": "pie" + }, + "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables] ECS", + "type": "pie" + } + }, + "id": "fdea1ad0-1ff4-11e9-ae2a-939083c6a64e-ecs", + "references": [ + { + "id": "c4e80aa0-1fd4-11e9-ae2a-939083c6a64e-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/iptables/0.0.1/manifest.yml b/dev/packages/beats/iptables/0.0.1/manifest.yml new file mode 100644 index 00000000000..8f061db1b8e --- /dev/null +++ b/dev/packages/beats/iptables/0.0.1/manifest.yml @@ -0,0 +1,38 @@ +format_version: 1.0.0 +name: iptables +title: iptables +version: 0.0.1 +license: basic +description: iptables Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-iptables.png + title: kibana iptables + size: 1492x1382 + type: image/png +- src: /img/kibana-iptables-ubiquiti.png + title: kibana iptables ubiquiti + size: 1492x1464 + type: image/png +icons: +- src: /img/ubiquiti.svg + title: ubiquiti + size: 110x120 + type: image/svg+xml +datasources: +- name: iptables + title: iptables logs + description: Collect logs from iptables instances + inputs: + - type: logs + title: Collect logs from iptables instances + description: Collecting iptables log logs diff --git a/dev/packages/beats/istio/0.0.1/dataset/citadel/agent/stream/stream.yml.hbs b/dev/packages/beats/istio/0.0.1/dataset/citadel/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..bb655d02084 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/citadel/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["citadel"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/fields.yml b/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/fields.yml new file mode 100644 index 00000000000..29455b37f09 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/fields.yml @@ -0,0 +1,53 @@ +- name: istio.citadel + type: group + release: beta + fields: + - name: grpc.method + type: keyword + description: | + The grpc method + - name: grpc.service + type: keyword + description: | + The grpc service + - name: grpc.type + type: keyword + description: | + The type of the respective grpc service + - name: secret_controller_svc_acc_created_cert.count + type: long + description: | + The number of certificates created due to service account creation. + - name: server_root_cert_expiry_seconds + type: float + description: | + The unix timestamp, in seconds, when Citadel root cert will expire. We set it to negative in case of internal error. + - name: grpc.server.handled + type: long + description: | + Total number of RPCs completed on the server, regardless of success or failure. + - name: grpc.server.msg.received + type: long + description: | + Total number of RPC stream messages received on the server. + - name: grpc.server.msg.sent + type: long + description: | + Total number of gRPC stream messages sent by the server. + - name: grpc.server.started + type: long + description: | + Total number of RPCs started on the server. + - name: grpc.server.handling.latency.ms.bucket.* + type: object + description: | + The response latency (milliseconds) of gRPC that had been application-level handled by the server. + - name: grpc.server.handling.latency.ms.sum + type: long + format: duration + description: | + The response latency of gRPC, sum of latencies in milliseconds + - name: grpc.server.handling.latency.ms.count + type: long + description: | + The response latency of gRPC, number of metrics diff --git a/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/package-fields.yml b/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/package-fields.yml new file mode 100644 index 00000000000..b5f48fcfb94 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/citadel/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: istio + type: group diff --git a/dev/packages/beats/istio/0.0.1/dataset/citadel/manifest.yml b/dev/packages/beats/istio/0.0.1/dataset/citadel/manifest.yml new file mode 100644 index 00000000000..9f711d3a341 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/citadel/manifest.yml @@ -0,0 +1,23 @@ +title: istio citadel metrics +release: experimental +type: metrics +streams: +- input: istio/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15014 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: istio citadel metrics + description: Collect istio citadel metrics diff --git a/dev/packages/beats/istio/0.0.1/dataset/galley/agent/stream/stream.yml.hbs b/dev/packages/beats/istio/0.0.1/dataset/galley/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1d7de8600af --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/galley/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["galley"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/istio/0.0.1/dataset/galley/fields/fields.yml b/dev/packages/beats/istio/0.0.1/dataset/galley/fields/fields.yml new file mode 100644 index 00000000000..8c4c8cfd14b --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/galley/fields/fields.yml @@ -0,0 +1,134 @@ +- name: istio.galley + type: group + release: beta + fields: + - name: name + type: keyword + description: | + The name of the resource the metric is related to + - name: namespace + type: keyword + description: | + The Kubernetes namespace of the resource + - name: version + type: keyword + description: | + The version of the object + - name: collection + type: keyword + description: | + The collection of the instance + - name: istio.authentication.meshpolicies + type: long + description: | + The number of valid istio/authentication/meshpolicies known to galley at a point in time + - name: istio.authentication.policies + type: long + description: | + The number of valid istio/authentication/policies known to galley at a point in time + - name: istio.mesh.MeshConfig + type: long + description: | + The number of valid istio/mesh/MeshConfig known to galley at a point in time + - name: istio.networking.destinationrules + type: long + description: | + The number of valid istio/networking/destinationrules known to galley at a point in time + - name: istio.networking.envoyfilters + type: long + description: | + The number of valid istio/networking/envoyfilters known to galley at a point in time + - name: istio.networking.gateways + type: long + description: | + The number of valid istio/networking/gateways known to galley at a point in time + - name: istio.networking.sidecars + type: long + description: | + The number of valid istio/networking/sidecars known to galley at a point in time + - name: istio.networking.virtualservices + type: long + description: | + The number of valid istio/networking/virtualservices known to galley at a point in time + - name: istio.policy.attributemanifests + type: long + description: | + The number of valid istio/policy/attributemanifests known to galley at a point in time + - name: istio.policy.handlers + type: long + description: | + The number of valid istio/policy/handlers known to galley at a point in time + - name: istio.policy.instances + type: long + description: | + The number of valid istio/policy/instances known to galley at a point in time + - name: istio.policy.rules + type: long + description: | + The number of valid istio/policy/rules known to galley at a point in time + - name: runtime.processor.event_span.duration.ms.bucket.* + type: object + description: | + The duration between each incoming event as histogram buckets in milliseconds + - name: runtime.processor.event_span.duration.ms.sum + type: long + format: duration + description: | + The duration between each incoming event, sum of durations in milliseconds + - name: runtime.processor.event_span.duration.ms.count + type: long + description: | + The duration between each incoming event, number of metrics + - name: runtime.processor.snapshot_events.bucket.* + type: object + description: | + The number of events that have been processed as histogram buckets + - name: runtime.processor.snapshot_events.sum + type: long + description: | + The number of events that have been processed, sum of events + - name: runtime.processor.snapshot_events.count + type: long + description: | + The duration between each incoming event, number of metrics + - name: runtime.processor.snapshot_lifetime.duration.ms.bucket.* + type: object + description: | + The duration of each snapshot as histogram buckets in milliseconds + - name: runtime.processor.snapshot_lifetime.duration.ms.sum + type: long + format: duration + description: | + The duration of each snapshot, sum of durations in milliseconds + - name: runtime.processor.snapshot_lifetime.duration.ms.count + type: long + description: | + The duration of each snapshot, number of metrics + - name: runtime.state_type_instances + type: long + description: | + The number of type instances per type URL + - name: runtime.strategy.on_change + type: long + description: | + The number of times the strategy's onChange has been called + - name: runtime.strategy.timer_quiesce_reached + type: long + description: | + The number of times a quiesce has been reached + - name: source_kube_event_success_total + type: long + description: | + The number of times a kubernetes source successfully handled an event + - name: validation.cert_key.updates + type: long + description: | + Galley validation webhook certificate updates + - name: validation.config.load + type: long + description: | + k8s webhook configuration (re)loads + - name: validation.config.updates + type: long + description: | + k8s webhook configuration updates diff --git a/dev/packages/beats/istio/0.0.1/dataset/galley/fields/package-fields.yml b/dev/packages/beats/istio/0.0.1/dataset/galley/fields/package-fields.yml new file mode 100644 index 00000000000..b5f48fcfb94 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/galley/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: istio + type: group diff --git a/dev/packages/beats/istio/0.0.1/dataset/galley/manifest.yml b/dev/packages/beats/istio/0.0.1/dataset/galley/manifest.yml new file mode 100644 index 00000000000..90e5052b31d --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/galley/manifest.yml @@ -0,0 +1,23 @@ +title: istio galley metrics +release: experimental +type: metrics +streams: +- input: istio/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15014 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: istio galley metrics + description: Collect istio galley metrics diff --git a/dev/packages/beats/istio/0.0.1/dataset/mesh/agent/stream/stream.yml.hbs b/dev/packages/beats/istio/0.0.1/dataset/mesh/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ddb47918067 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mesh/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mesh"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/fields.yml b/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/fields.yml new file mode 100644 index 00000000000..9af35b2d788 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/fields.yml @@ -0,0 +1,121 @@ +- name: istio.mesh + type: group + release: beta + fields: + - name: instance + type: text + description: | + The prometheus instance + - name: job + type: keyword + description: | + The prometheus job + - name: requests + type: long + description: | + Total requests handled by an Istio proxy + - name: request.duration.ms.bucket.* + type: object + description: | + Request duration histogram buckets in milliseconds + - name: request.duration.ms.sum + type: long + format: duration + description: | + Requests duration, sum of durations in milliseconds + - name: request.duration.ms.count + type: long + description: | + Requests duration, number of requests + - name: request.size.bytes.bucket.* + type: object + description: | + Request Size histogram buckets + - name: request.size.bytes.sum + type: long + description: | + Request Size histogram sum + - name: request.size.bytes.count + type: long + description: | + Request Size histogram count + - name: response.size.bytes.bucket.* + type: object + description: | + Request Size histogram buckets + - name: response.size.bytes.sum + type: long + description: | + Request Size histogram sum + - name: response.size.bytes.count + type: long + description: | + Request Size histogram count + - name: reporter + type: keyword + description: | + Reporter identifies the reporter of the request. It is set to destination if report is from a server Istio proxy and source if report is from a client Istio proxy. + - name: source.workload.name + type: keyword + description: | + This identifies the name of source workload which controls the source. + - name: source.workload.namespace + type: keyword + description: | + This identifies the namespace of the source workload. + - name: source.principal + type: keyword + description: | + This identifies the peer principal of the traffic source. It is set when peer authentication is used. + - name: source.app + type: keyword + description: | + This identifies the source app based on app label of the source workload. + - name: source.version + type: keyword + description: | + This identifies the version of the source workload. + - name: destination.workload.name + type: keyword + description: | + This identifies the name of destination workload. + - name: destination.workload.namespace + type: keyword + description: | + This identifies the namespace of the destination workload. + - name: destination.principal + type: keyword + description: | + This identifies the peer principal of the traffic destination. It is set when peer authentication is used. + - name: destination.app + type: keyword + description: | + This identifies the destination app based on app label of the destination workload.. + - name: destination.version + type: keyword + description: | + This identifies the version of the destination workload. + - name: destination.service.host + type: keyword + description: | + This identifies destination service host responsible for an incoming request. + - name: destination.service.name + type: keyword + description: | + This identifies the destination service name. + - name: destination.service.namespace + type: keyword + description: | + This identifies the namespace of destination service. + - name: request.protocol + type: keyword + description: | + This identifies the protocol of the request. It is set to API protocol if provided, otherwise request or connection protocol. + - name: response.code + type: long + description: | + This identifies the response code of the request. This label is present only on HTTP metrics. + - name: connection.security.policy + type: keyword + description: | + This identifies the service authentication policy of the request. It is set to mutual_tls when Istio is used to make communication secure and report is from destination. It is set to unknown when report is from source since security policy cannot be properly populated. diff --git a/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/package-fields.yml b/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/package-fields.yml new file mode 100644 index 00000000000..b5f48fcfb94 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mesh/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: istio + type: group diff --git a/dev/packages/beats/istio/0.0.1/dataset/mesh/manifest.yml b/dev/packages/beats/istio/0.0.1/dataset/mesh/manifest.yml new file mode 100644 index 00000000000..9f480325893 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mesh/manifest.yml @@ -0,0 +1,23 @@ +title: istio mesh metrics +release: experimental +type: metrics +streams: +- input: istio/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:42422 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: istio mesh metrics + description: Collect istio mesh metrics diff --git a/dev/packages/beats/istio/0.0.1/dataset/mixer/agent/stream/stream.yml.hbs b/dev/packages/beats/istio/0.0.1/dataset/mixer/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a744eee3f0c --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mixer/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mixer"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/fields.yml b/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/fields.yml new file mode 100644 index 00000000000..2bd318e89d2 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/fields.yml @@ -0,0 +1,96 @@ +- name: istio.mixer + type: group + release: beta + fields: + - name: istio.mcp.request.acks + type: long + description: | + The number of request acks received by the source. + - name: config.adapter.info.errors.config + type: long + description: | + The number of errors encountered during processing of the adapter info configuration. + - name: config.adapter.info.configs + type: long + description: | + The number of known adapters in the current config. + - name: config.attributes + type: long + description: | + The number of known attributes in the current config. + - name: config.handler.configs + type: long + description: | + The number of known handlers in the current config. + - name: config.handler.errors.validation + type: long + description: | + The number of errors encountered because handler validation returned error. + - name: config.instance.errors.config + type: long + description: | + The number of errors encountered during processing of the instance configuration. + - name: config.instance.configs + type: long + description: | + The number of known instances in the current config. + - name: config.rule.errors.config + type: long + description: | + The number of errors encountered during processing of the rule configuration. + - name: config.rule.errors.match + type: long + description: | + The number of rule conditions that was not parseable. + - name: config.rule.configs + type: long + description: | + The number of known rules in the current config. + - name: config.template.errors.config + type: long + description: | + The number of errors encountered during processing of the template configuration. + - name: config.template.configs + type: long + description: | + The number of known templates in the current config. + - name: config.unsatisfied.action_handler + type: long + description: | + The number of actions that failed due to handlers being unavailable. + - name: dispatcher_destinations_per_variety_total + type: long + description: | + The number of Mixer adapter destinations by template variety type. + - name: handler.handlers.closed + type: long + description: | + The number of handlers that were closed during config transition. + - name: handler.daemons + type: long + description: | + The current number of active daemon routines in a given adapter environment. + - name: handler.failures.build + type: long + description: | + The number of handlers that failed creation during config transition. + - name: handler.failures.close + type: long + description: | + The number of errors encountered while closing handlers during config transition. + - name: handler.handlers.new + type: long + description: | + The number of handlers that were newly created during config transition. + - name: handler.handlers.reused + type: long + description: | + The number of handlers that were re-used during config transition. + - name: handler.name + type: keyword + description: | + The name of the daemon handler + - name: variety + type: keyword + description: | + The name of the variety diff --git a/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/package-fields.yml b/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/package-fields.yml new file mode 100644 index 00000000000..b5f48fcfb94 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mixer/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: istio + type: group diff --git a/dev/packages/beats/istio/0.0.1/dataset/mixer/manifest.yml b/dev/packages/beats/istio/0.0.1/dataset/mixer/manifest.yml new file mode 100644 index 00000000000..b8e61887bab --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/mixer/manifest.yml @@ -0,0 +1,23 @@ +title: istio mixer metrics +release: experimental +type: metrics +streams: +- input: istio/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15014 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: istio mixer metrics + description: Collect istio mixer metrics diff --git a/dev/packages/beats/istio/0.0.1/dataset/pilot/agent/stream/stream.yml.hbs b/dev/packages/beats/istio/0.0.1/dataset/pilot/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c15f840abcd --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/pilot/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["pilot"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/fields.yml b/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/fields.yml new file mode 100644 index 00000000000..4ce3afc7ac2 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/fields.yml @@ -0,0 +1,88 @@ +- name: istio.pilot + type: group + release: beta + fields: + - name: xds.count + type: long + description: | + Count of concurrent xDS client connections for Pilot. + - name: xds.pushes + type: long + description: | + Count of xDS messages sent, as well as errors building or sending xDS messages for lds, rds, cds and eds. + - name: xds.push.time.ms.bucket.* + type: object + description: | + Total time Pilot takes to push lds, rds, cds and eds, histogram buckets in milliseconds. + - name: xds.push.time.ms.sum + type: long + description: | + Total time Pilot takes to push lds, rds, cds and eds, histogram sum of times in milliseconds. + - name: xds.push.time.ms.count + type: long + description: | + Total time Pilot takes to push lds, rds, cds and eds, histogram count of times. + - name: xds.eds.instances + type: long + description: | + Instances for each cluster, as of last push. Zero instances is an error. + - name: xds.push.context.errors + type: long + description: | + Number of errors (timeouts) initiating push context. + - name: xds.internal.errors + type: long + description: | + Total number of internal XDS errors in pilot. + - name: conflict.listener.inbound + type: long + description: | + Number of conflicting inbound listeners. + - name: conflict.listener.outbound.http.over.current.tcp + type: long + description: | + Number of conflicting wildcard http listeners with current wildcard tcp listener. + - name: conflict.listener.outbound.http.over.https + type: long + description: | + Number of conflicting HTTP listeners with well known HTTPS ports. + - name: conflict.listener.outbound.tcp.over.current.http + type: long + description: | + Number of conflicting wildcard tcp listeners with current wildcard http listener. + - name: conflict.listener.outbound.tcp.over.current.tcp + type: long + description: | + Number of conflicting tcp listeners with current tcp listener. + - name: proxy.conv.ms.bucket.* + type: object + description: | + Time needed by Pilot to push Envoy configurations, histogram buckets in milliseconds. + - name: proxy.conv.ms.sum + type: long + description: | + Time needed by Pilot to push Envoy configurations, histogram sum of times in milliseconds. + - name: proxy.conv.ms.count + type: long + description: | + Time needed by Pilot to push Envoy configurations, histogram count of times. + - name: services + type: integer + description: | + Total services known to pilot. + - name: virt.services + type: long + description: | + Total virtual services known to pilot. + - name: no.ip + type: long + description: | + Pods not found in the endpoint table, possibly invalid. + - name: cluster + type: text + description: | + The instance FQDN. + - name: type + type: text + description: | + The Envoy proxy configuration type. diff --git a/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/package-fields.yml b/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/package-fields.yml new file mode 100644 index 00000000000..b5f48fcfb94 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/pilot/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: istio + type: group diff --git a/dev/packages/beats/istio/0.0.1/dataset/pilot/manifest.yml b/dev/packages/beats/istio/0.0.1/dataset/pilot/manifest.yml new file mode 100644 index 00000000000..44084385488 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/dataset/pilot/manifest.yml @@ -0,0 +1,23 @@ +title: istio pilot metrics +release: experimental +type: metrics +streams: +- input: istio/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15014 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: istio pilot metrics + description: Collect istio pilot metrics diff --git a/dev/packages/beats/istio/0.0.1/docs/README.md b/dev/packages/beats/istio/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/istio/0.0.1/manifest.yml b/dev/packages/beats/istio/0.0.1/manifest.yml new file mode 100644 index 00000000000..a480db7a4d2 --- /dev/null +++ b/dev/packages/beats/istio/0.0.1/manifest.yml @@ -0,0 +1,22 @@ +format_version: 1.0.0 +name: istio +title: istio +version: 0.0.1 +license: basic +description: istio Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: istio + title: istio metrics + description: Collect metrics from istio instances + inputs: + - type: istio/metrics + title: Collect metrics from istio instances + description: Collecting istio citadel, galley, mesh, mixer and pilot metrics diff --git a/dev/packages/beats/jolokia/0.0.1/dataset/jmx/agent/stream/stream.yml.hbs b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c549696515a --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["jmx"] diff --git a/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/fields.yml b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/fields.yml new file mode 100644 index 00000000000..c681f36c6b7 --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/fields.yml @@ -0,0 +1,4 @@ +- name: jolokia. + key: jmx + type: group + release: ga diff --git a/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/package-fields.yml b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/package-fields.yml new file mode 100644 index 00000000000..399ee4c1a02 --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: jolokia + type: group diff --git a/dev/packages/beats/jolokia/0.0.1/dataset/jmx/manifest.yml b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/manifest.yml new file mode 100644 index 00000000000..22e0ecc2e67 --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/dataset/jmx/manifest.yml @@ -0,0 +1,7 @@ +title: Jolokia jmx metrics +release: experimental +type: metrics +streams: +- input: jolokia/metrics + title: Jolokia jmx metrics + description: Collect Jolokia jmx metrics diff --git a/dev/packages/beats/jolokia/0.0.1/docs/README.md b/dev/packages/beats/jolokia/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/jolokia/0.0.1/manifest.yml b/dev/packages/beats/jolokia/0.0.1/manifest.yml new file mode 100644 index 00000000000..0fc289c3f9b --- /dev/null +++ b/dev/packages/beats/jolokia/0.0.1/manifest.yml @@ -0,0 +1,22 @@ +format_version: 1.0.0 +name: jolokia +title: Jolokia +version: 0.0.1 +license: basic +description: Jolokia Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: jolokia + title: Jolokia metrics + description: Collect metrics from Jolokia instances + inputs: + - type: jolokia/metrics + title: Collect metrics from Jolokia instances + description: Collecting Jolokia jmx metrics diff --git a/dev/packages/beats/kafka/0.0.1/dataset/broker/agent/stream/stream.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/broker/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..4363ac96f39 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/broker/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["broker"] diff --git a/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/fields.yml new file mode 100644 index 00000000000..5e33f896178 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/fields.yml @@ -0,0 +1,67 @@ +- name: kafka.broker + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: request.channel.queue.size + type: long + description: The size of the request queue + - name: request.produce.failed_per_second + type: float + description: The rate of failed produce requests per second + - name: request.fetch.failed_per_second + type: float + description: The rate of client fetch request failures per second + - name: request.produce.failed + type: float + description: The number of failed produce requests + - name: request.fetch.failed + type: float + description: The number of client fetch request failures + - name: replication.leader_elections + type: float + description: The leader election rate + - name: replication.unclean_leader_elections + type: float + description: The unclean leader election rate + - name: session.zookeeper.disconnect + type: float + description: The ZooKeeper closed sessions per second + - name: session.zookeeper.expire + type: float + description: The ZooKeeper expired sessions per second + - name: session.zookeeper.readonly + type: float + description: The ZooKeeper readonly sessions per second + - name: session.zookeeper.sync + type: float + description: The ZooKeeper client connections per second + - name: log.flush_rate + type: float + description: The log flush rate + - name: topic.net.in.bytes_per_sec + type: float + description: The incoming byte rate per topic + - name: topic.net.out.bytes_per_sec + type: float + description: The outgoing byte rate per topic + - name: topic.net.rejected.bytes_per_sec + type: float + description: The rejected byte rate per topic + - name: topic.messages_in + type: float + description: The incoming message rate per topic + - name: net.in.bytes_per_sec + type: float + description: The incoming byte rate + - name: net.out.bytes_per_sec + type: float + description: The outgoing byte rate + - name: net.rejected.bytes_per_sec + type: float + description: The rejected byte rate + - name: messages_in + type: float + description: The incoming message rate diff --git a/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/package-fields.yml new file mode 100644 index 00000000000..c784d3c1fe8 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/broker/fields/package-fields.yml @@ -0,0 +1,32 @@ +- name: kafka + type: group + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker advertised address + - name: topic.name + type: keyword + description: | + Topic name + - name: topic.error.code + type: long + description: | + Topic error code. + - name: partition.id + type: long + description: | + Partition id. + - name: partition.topic_id + type: keyword + description: Unique id of the partition in the topic. + - name: partition.topic_broker_id + type: keyword + description: Unique id of the partition in the topic and the broker. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/broker/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/broker/manifest.yml new file mode 100644 index 00000000000..1139b1f9994 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/broker/manifest.yml @@ -0,0 +1,7 @@ +title: Kafka broker metrics +release: experimental +type: metrics +streams: +- input: kafka/metrics + title: Kafka broker metrics + description: Collect Kafka broker metrics diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumer/agent/stream/stream.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/consumer/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3ba37ee0920 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumer/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["consumer"] diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/fields.yml new file mode 100644 index 00000000000..ecfaa9f3230 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/fields.yml @@ -0,0 +1,33 @@ +- name: kafka.consumer + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: fetch_rate + type: float + description: The minimum rate at which the consumer sends fetch requests to a + broker + - name: bytes_consumed + type: float + description: The average number of bytes consumed for a specific topic per second + - name: records_consumed + type: float + description: The average number of records consumed per second for a specific + topic + - name: in.bytes_per_sec + type: float + description: The rate of bytes coming in to the consumer + - name: max_lag + type: float + description: The maximum consumer lag + - name: zookeeper_commits + type: float + description: The rate of offset commits to ZooKeeper + - name: kafka_commits + type: float + description: The rate of offset commits to Kafka + - name: messages_in + type: float + description: The rate of consumer message consumption diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/package-fields.yml new file mode 100644 index 00000000000..c784d3c1fe8 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumer/fields/package-fields.yml @@ -0,0 +1,32 @@ +- name: kafka + type: group + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker advertised address + - name: topic.name + type: keyword + description: | + Topic name + - name: topic.error.code + type: long + description: | + Topic error code. + - name: partition.id + type: long + description: | + Partition id. + - name: partition.topic_id + type: keyword + description: Unique id of the partition in the topic. + - name: partition.topic_broker_id + type: keyword + description: Unique id of the partition in the topic and the broker. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumer/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumer/manifest.yml new file mode 100644 index 00000000000..f43dd8516fd --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumer/manifest.yml @@ -0,0 +1,7 @@ +title: Kafka consumer metrics +release: experimental +type: metrics +streams: +- input: kafka/metrics + title: Kafka consumer metrics + description: Collect Kafka consumer metrics diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/agent/stream/stream.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..7171c367ca6 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["consumergroup"] diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/fields.yml new file mode 100644 index 00000000000..b86b46d89d9 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/fields.yml @@ -0,0 +1,50 @@ +- name: kafka.consumergroup + type: group + release: ga + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker address + - name: id + type: keyword + description: Consumer Group ID + - name: topic + type: keyword + description: Topic name + - name: partition + type: long + description: Partition ID + - name: offset + type: long + description: consumer offset into partition being read + - name: meta + type: keyword + description: custom consumer meta data string + - name: consumer_lag + type: long + description: consumer lag for partition/topic calculated as the difference between + the partition offset and consumer offset + - name: error.code + type: long + description: | + kafka consumer/partition error code. + - name: client + type: group + fields: + - name: id + type: keyword + description: Client ID (kafka setting client.id) + - name: host + type: keyword + description: Client host + - name: member_id + type: keyword + description: internal consumer group member ID diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/package-fields.yml new file mode 100644 index 00000000000..c784d3c1fe8 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/fields/package-fields.yml @@ -0,0 +1,32 @@ +- name: kafka + type: group + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker advertised address + - name: topic.name + type: keyword + description: | + Topic name + - name: topic.error.code + type: long + description: | + Topic error code. + - name: partition.id + type: long + description: | + Partition id. + - name: partition.topic_id + type: keyword + description: Unique id of the partition in the topic. + - name: partition.topic_broker_id + type: keyword + description: Unique id of the partition in the topic and the broker. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/manifest.yml new file mode 100644 index 00000000000..b74742b2b76 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/consumergroup/manifest.yml @@ -0,0 +1,7 @@ +title: Kafka consumergroup metrics +release: experimental +type: metrics +streams: +- input: kafka/metrics + title: Kafka consumergroup metrics + description: Collect Kafka consumergroup metrics diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..bcf5daecd11 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,11 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\[' + negate: true + match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/kafka/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..dbebe051ec3 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,74 @@ +--- +description: Pipeline for parsing Kafka log messages +processors: +- grok: + field: message + trace_match: true + patterns: + - (?m)%{TIMESTAMP_ISO8601:kafka.log.timestamp}. %{LOGLEVEL:log.level} +%{JAVALOGMESSAGE:message} + \(%{JAVACLASS:kafka.log.class}\)$[ \n]*(?'kafka.log.trace.full'.*) +- grok: + field: message + pattern_definitions: + KAFKA_COMPONENT: '[^\]]*' + patterns: + - \[%{KAFKA_COMPONENT:kafka.log.component}\][,:.]? +%{JAVALOGMESSAGE:message} + on_failure: + - set: + field: kafka.log.component + value: unknown +- grok: + field: kafka.log.trace.full + ignore_missing: true + patterns: + - '%{JAVACLASS:kafka.log.trace.class}:\s*%{JAVALOGMESSAGE:kafka.log.trace.message}' + on_failure: + - remove: + field: kafka.log.trace +- remove: + field: kafka.log.trace.full + ignore_missing: true +- rename: + field: '@timestamp' + target_field: event.created +- date: + if: ctx.event.timezone == null + field: kafka.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: kafka.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: kafka.log.timestamp +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["ERROR", "FATAL"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } +on_failure: +- set: + field: error.log + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..5a9d3f87edf --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,22 @@ +- name: kafka.log + type: group + fields: + - name: component + type: keyword + description: | + Component the log is coming from. + - name: class + type: keyword + description: | + Java class the log is coming from. + - name: trace + type: group + fields: + - name: class + type: keyword + description: | + Java class the trace is coming from. + - name: message + type: text + description: | + Message part of the trace. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..6608a051c30 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kafka + type: group diff --git a/dev/packages/beats/kafka/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..bde10cf1929 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,20 @@ +title: Kafka log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - '{{.kafka_home}}/logs/controller.log*' + - '{{.kafka_home}}/logs/server.log*' + - '{{.kafka_home}}/logs/state-change.log*' + - '{{.kafka_home}}/logs/kafka-*.log*' + template_path: log.yml.hbs + title: Kafka log logs (log) + description: Collect Kafka log logs using log input diff --git a/dev/packages/beats/kafka/0.0.1/dataset/partition/agent/stream/stream.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/partition/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..31dec06a6bb --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/partition/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["partition"] diff --git a/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/fields.yml new file mode 100644 index 00000000000..0f7af4ed624 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/fields.yml @@ -0,0 +1,62 @@ +- name: kafka.partition + type: group + release: ga + fields: + - name: offset + type: group + fields: + - name: newest + type: long + description: | + Newest offset of the partition. + - name: oldest + type: long + description: | + Oldest offset of the partition. + - name: partition + type: group + fields: + - name: id + type: long + description: | + Partition id. + - name: leader + type: long + description: | + Leader id (broker). + - name: isr + type: keyword + description: | + List of isr ids. + - name: replica + type: long + description: | + Replica id (broker). + - name: insync_replica + type: boolean + description: | + Indicates if replica is included in the in-sync replicate set (ISR). + - name: is_leader + type: boolean + description: | + Indicates if replica is the leader + - name: error.code + type: long + description: | + Error code from fetching partition. + - name: topic.error.code + type: long + description: | + topic error code. + - name: topic.name + type: keyword + description: | + Topic name + - name: broker.id + type: long + description: | + Broker id + - name: broker.address + type: keyword + description: | + Broker address diff --git a/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/package-fields.yml new file mode 100644 index 00000000000..c784d3c1fe8 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/partition/fields/package-fields.yml @@ -0,0 +1,32 @@ +- name: kafka + type: group + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker advertised address + - name: topic.name + type: keyword + description: | + Topic name + - name: topic.error.code + type: long + description: | + Topic error code. + - name: partition.id + type: long + description: | + Partition id. + - name: partition.topic_id + type: keyword + description: Unique id of the partition in the topic. + - name: partition.topic_broker_id + type: keyword + description: Unique id of the partition in the topic and the broker. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/partition/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/partition/manifest.yml new file mode 100644 index 00000000000..55be0ff11bf --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/partition/manifest.yml @@ -0,0 +1,7 @@ +title: Kafka partition metrics +release: experimental +type: metrics +streams: +- input: kafka/metrics + title: Kafka partition metrics + description: Collect Kafka partition metrics diff --git a/dev/packages/beats/kafka/0.0.1/dataset/producer/agent/stream/stream.yml.hbs b/dev/packages/beats/kafka/0.0.1/dataset/producer/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..40ceb8646ad --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/producer/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["producer"] diff --git a/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/fields.yml new file mode 100644 index 00000000000..c8e37da3fbb --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/fields.yml @@ -0,0 +1,49 @@ +- name: kafka.producer + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: available_buffer_bytes + type: float + description: The total amount of buffer memory + - name: batch_size_avg + type: float + description: The average number of bytes sent + - name: batch_size_max + type: long + description: The maximum number of bytes sent + - name: record_send_rate + type: float + description: The average number of records sent per second + - name: record_retry_rate + type: float + description: The average number of retried record sends per second + - name: record_error_rate + type: float + description: The average number of retried record sends per second + - name: records_per_request + type: float + description: The average number of records sent per second + - name: record_size_avg + type: float + description: The average record size + - name: record_size_max + type: long + description: The maximum record size + - name: request_rate + type: float + description: The number of producer requests per second + - name: response_rate + type: float + description: The number of producer responses per second + - name: io_wait + type: float + description: The producer I/O wait time + - name: out.bytes_per_sec + type: float + description: The rate of bytes going out for the producer + - name: message_rate + type: float + description: The producer message rate diff --git a/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/package-fields.yml b/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/package-fields.yml new file mode 100644 index 00000000000..c784d3c1fe8 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/producer/fields/package-fields.yml @@ -0,0 +1,32 @@ +- name: kafka + type: group + fields: + - name: broker + type: group + fields: + - name: id + type: long + description: | + Broker id + - name: address + type: keyword + description: | + Broker advertised address + - name: topic.name + type: keyword + description: | + Topic name + - name: topic.error.code + type: long + description: | + Topic error code. + - name: partition.id + type: long + description: | + Partition id. + - name: partition.topic_id + type: keyword + description: Unique id of the partition in the topic. + - name: partition.topic_broker_id + type: keyword + description: Unique id of the partition in the topic and the broker. diff --git a/dev/packages/beats/kafka/0.0.1/dataset/producer/manifest.yml b/dev/packages/beats/kafka/0.0.1/dataset/producer/manifest.yml new file mode 100644 index 00000000000..1315a989f23 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/dataset/producer/manifest.yml @@ -0,0 +1,7 @@ +title: Kafka producer metrics +release: experimental +type: metrics +streams: +- input: kafka/metrics + title: Kafka producer metrics + description: Collect Kafka producer metrics diff --git a/dev/packages/beats/kafka/0.0.1/docs/README.md b/dev/packages/beats/kafka/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/img/filebeat-kafka-logs-overview.png b/dev/packages/beats/kafka/0.0.1/img/filebeat-kafka-logs-overview.png new file mode 100644 index 00000000000..b04697a4b33 Binary files /dev/null and b/dev/packages/beats/kafka/0.0.1/img/filebeat-kafka-logs-overview.png differ diff --git a/dev/packages/beats/kafka/0.0.1/img/logo_kafka.svg b/dev/packages/beats/kafka/0.0.1/img/logo_kafka.svg new file mode 100644 index 00000000000..e88f77cb55b --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/img/logo_kafka.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/kafka/0.0.1/img/metricbeat_kafka_dashboard.png b/dev/packages/beats/kafka/0.0.1/img/metricbeat_kafka_dashboard.png new file mode 100644 index 00000000000..ecf3fdfbe4d Binary files /dev/null and b/dev/packages/beats/kafka/0.0.1/img/metricbeat_kafka_dashboard.png differ diff --git a/dev/packages/beats/kafka/0.0.1/kibana/dashboard/943caca0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/dashboard/943caca0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json new file mode 100644 index 00000000000..1f957bb43c3 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/dashboard/943caca0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "description": "Logs Kafka integration dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "kafka.log.class", + "kafka.log.trace.class", + "kafka.log.trace.full" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "log.level", + "kafka.log.component", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "3", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Kafka] Overview ECS", + "version": 1 + }, + "id": "943caca0-87ee-11e7-ad9c-db80de0bf8d3-ecs", + "references": [ + { + "id": "number-of-kafka-stracktraces-by-class-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Kafka stacktraces-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "All Kafka logs-ecs", + "name": "panel_2", + "type": "search" + }, + { + "id": "3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/dashboard/ea488d90-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/dashboard/ea488d90-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..67afa68abd6 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/dashboard/ea488d90-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,221 @@ +{ + "attributes": { + "description": "Kafka analysis of topics and consumer groups", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "1", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Kafka Topic \u0026 Consumer Offsets", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "3", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "title": "Kafka Controls", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "6", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "6", + "panelRefName": "panel_2", + "title": "Consumer Group Lag by Topic", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "spy": null + }, + "gridData": { + "h": 6, + "i": "10", + "w": 25, + "x": 16, + "y": 0 + }, + "panelIndex": "10", + "panelRefName": "panel_3", + "title": "Kafka Metrics", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "12", + "w": 24, + "x": 0, + "y": 33 + }, + "panelIndex": "12", + "panelRefName": "panel_4", + "title": "Consumer Partition Reassignments", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "13", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "13", + "panelRefName": "panel_5", + "title": "Consumer Metrics", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "spy": null, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 13, + "i": "14", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "14", + "panelRefName": "panel_6", + "title": "Kafka Consumer Group Clients", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "15", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "15", + "panelRefName": "panel_7", + "title": "Kafka Brokers", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "table": { + "sort": { + "column": "26d2cd90-d2f5-11e8-9dd4-c5f03280d7b0", + "order": "desc" + } + } + }, + "gridData": { + "h": 11, + "i": "16", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "16", + "panelRefName": "panel_8", + "title": "Kafka Topic Details", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kafka] Overview ECS", + "version": 1 + }, + "id": "ea488d90-8e63-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [ + { + "id": "b9d12c80-8e63-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8d2f79a0-8e65-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "944188f0-8e79-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "dc89f8d0-8e8e-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "587f2360-8f21-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "1681f1a0-90e7-11e8-8fa2-3d5f811fbd0f-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "9a7576e0-d231-11e8-8766-dbbdc39e7ba9-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "27dd5960-d2ed-11e8-8766-dbbdc39e7ba9-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "491fee50-d2f5-11e8-8766-dbbdc39e7ba9-ecs", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/search/All Kafka logs-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/search/All Kafka logs-ecs.json new file mode 100644 index 00000000000..ada0c5ef49b --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/search/All Kafka logs-ecs.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "columns": [ + "log.level", + "kafka.log.component", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"kafka.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "kafka." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "All logs [Logs Kafka] ECS", + "version": 1 + }, + "id": "All Kafka logs-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/search/Kafka stacktraces-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/search/Kafka stacktraces-ecs.json new file mode 100644 index 00000000000..9c67e56ef33 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/search/Kafka stacktraces-ecs.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "kafka.log.class", + "kafka.log.trace.class", + "kafka.log.trace.full" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "kafka.log.trace.class:*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Stacktraces [Logs Kafka] ECS", + "version": 1 + }, + "id": "Kafka stacktraces-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/1681f1a0-90e7-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/1681f1a0-90e7-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..cfe9ec4c914 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/1681f1a0-90e7-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,103 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "kafka.topic.name", + "negate": true, + "params": { + "query": "__consumer_offsets", + "type": "phrase" + }, + "type": "phrase", + "value": "__consumer_offsets" + }, + "query": { + "match": { + "kafka.topic.name": { + "query": "__consumer_offsets", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Consumer Metrics [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Consumer Groups", + "field": "kafka.consumergroup.id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 32, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Consumer Metrics [Metrics Kafka] ECS", + "type": "metric" + } + }, + "id": "1681f1a0-90e7-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/27dd5960-d2ed-11e8-8766-dbbdc39e7ba9-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/27dd5960-d2ed-11e8-8766-dbbdc39e7ba9-ecs.json new file mode 100644 index 00000000000..c97801892d6 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/27dd5960-d2ed-11e8-8766-dbbdc39e7ba9-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Kafka Broker Details [Metrics Kafka] ECS", + "uiStateJSON": { + "table": { + "sort": { + "column": "cf09c940-d2ec-11e8-88c8-af5b2a9ee6b2", + "order": "asc" + } + } + }, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "7fb31e00-d2ec-11e8-88c8-af5b2a9ee6b2" + } + ], + "filter": "", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "pivot_id": "kafka.partition.partition.replica", + "pivot_label": "Broker ID", + "pivot_rows": "256", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Topics", + "line_width": 1, + "metrics": [ + { + "field": "kafka.topic.name", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kafka.broker.id", + "terms_size": "100" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "7e9ee780-d2ef-11e8-9dd4-c5f03280d7b0" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "kafka.partition.partition.is_leader: true" + }, + "formatter": "number", + "id": "b38e91a0-d2ec-11e8-88c8-af5b2a9ee6b2", + "label": "Leader Partitions", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.topic_id", + "id": "b38eb8b0-d2ec-11e8-88c8-af5b2a9ee6b2", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "d4d9d2c0-d2ec-11e8-88c8-af5b2a9ee6b2" + } + ], + "fill": 0.5, + "filter": "", + "formatter": "number", + "id": "cf09c940-d2ec-11e8-88c8-af5b2a9ee6b2", + "label": "Replicas", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.topic_broker_id", + "id": "cf09f050-d2ec-11e8-88c8-af5b2a9ee6b2", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "table" + }, + "title": "Kafka Broker Details [Metrics Kafka] ECS", + "type": "metrics" + } + }, + "id": "27dd5960-d2ed-11e8-8766-dbbdc39e7ba9-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json new file mode 100644 index 00000000000..91dbcc06944 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Log levels over time [Logs Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Log Level", + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per day" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Log levels over time [Logs Kafka] ECS", + "type": "histogram" + } + }, + "id": "3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3-ecs", + "references": [ + { + "id": "All Kafka logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/491fee50-d2f5-11e8-8766-dbbdc39e7ba9-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/491fee50-d2f5-11e8-8766-dbbdc39e7ba9-ecs.json new file mode 100644 index 00000000000..cac6ebb77c6 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/491fee50-d2f5-11e8-8766-dbbdc39e7ba9-ecs.json @@ -0,0 +1,236 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Kafka Topic Details [Metrics Kafka] ECS", + "uiStateJSON": { + "table": { + "sort": { + "column": "_default_", + "order": "asc" + } + } + }, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "f81e47a0-d2f3-11e8-9dd4-c5f03280d7b0" + } + ], + "filter": { + "language": "lucene", + "query": "NOT kafka.topic.name: __consumer_offsets" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "pivot_id": "kafka.topic.name", + "pivot_label": "Topic Name", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "f07881d0-d2f5-11e8-95b9-eb9260148efc" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: partition" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Brokers", + "line_width": 1, + "metrics": [ + { + "field": "kafka.broker.id", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "fb759e10-d2f5-11e8-95b9-eb9260148efc" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: partition" + }, + "formatter": "number", + "id": "7d640440-d2f4-11e8-9dd4-c5f03280d7b0", + "label": "Partitions", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.id", + "id": "7d640441-d2f4-11e8-9dd4-c5f03280d7b0", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "fdb1ab60-d2f5-11e8-95b9-eb9260148efc" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: partition" + }, + "formatter": "number", + "id": "ad26e260-d2f4-11e8-9dd4-c5f03280d7b0", + "label": "Replicas", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.topic_broker_id", + "id": "ad26e261-d2f4-11e8-9dd4-c5f03280d7b0", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "ff90f2b0-d2f5-11e8-95b9-eb9260148efc" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: consumergroup" + }, + "formatter": "number", + "id": "26d2cd90-d2f5-11e8-9dd4-c5f03280d7b0", + "label": "Consumers", + "line_width": 1, + "metrics": [ + { + "field": "kafka.consumergroup.client.id", + "id": "26d2cd91-d2f5-11e8-9dd4-c5f03280d7b0", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "ea4984e0-d2f4-11e8-9dd4-c5f03280d7b0" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: partition" + }, + "formatter": "number", + "id": "dc390e20-d2f4-11e8-9dd4-c5f03280d7b0", + "label": "Newest Offset", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.offset.newest", + "id": "dc393530-d2f4-11e8-9dd4-c5f03280d7b0", + "type": "max" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "color_rules": [ + { + "id": "043b67f0-d2f6-11e8-95b9-eb9260148efc" + } + ], + "fill": 0.5, + "filter": { + "language": "lucene", + "query": " metricset.name: partition" + }, + "formatter": "number", + "id": "11366c80-d2f5-11e8-9dd4-c5f03280d7b0", + "label": "Oldest Offset", + "line_width": 1, + "metrics": [ + { + "field": "kafka.partition.offset.oldest", + "id": "11366c81-d2f5-11e8-9dd4-c5f03280d7b0", + "type": "min" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "table" + }, + "title": "Kafka Topic Details [Metrics Kafka] ECS", + "type": "metrics" + } + }, + "id": "491fee50-d2f5-11e8-8766-dbbdc39e7ba9-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/587f2360-8f21-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/587f2360-8f21-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..fa8753ddced --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/587f2360-8f21-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Consumer Partition Reassignments [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_max": "1", + "axis_min": "-1", + "axis_position": "right", + "filter": { + "language": "lucene", + "query": "NOT kafka.topic.name:__consumer_offsets" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consumer -\u003e Partition Reassignment", + "line_width": "1", + "metrics": [ + { + "field": "kafka.consumergroup.partition", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "6b69c760-8f20-11e8-8927-d7e991b5b6ab", + "type": "derivative", + "unit": "" + }, + { + "id": "976f9d80-8f20-11e8-8927-d7e991b5b6ab", + "script": "if (params.sum_partition \u003c 0) { return -1 } else if (params.sum_partition \u003e 0) { return 1 }", + "type": "calculation", + "variables": [ + { + "field": "6b69c760-8f20-11e8-8927-d7e991b5b6ab", + "id": "99cc2b20-8f20-11e8-8927-d7e991b5b6ab", + "name": "sum_partition" + } + ] + } + ], + "point_size": "20", + "seperate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kafka.consumergroup.id", + "value_template": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Consumer Partition Reassignments [Metrics Kafka] ECS", + "type": "metrics" + } + }, + "id": "587f2360-8f21-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/8d2f79a0-8e65-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/8d2f79a0-8e65-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..5996a155b12 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/8d2f79a0-8e65-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Kafka Controls [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "kafka.topic.name", + "id": "1532342651170", + "indexPatternRefName": "control_0_index_pattern", + "label": "Topic Name", + "options": { + "multiselect": true, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "kafka.partition.id", + "id": "1539799686678", + "indexPatternRefName": "control_1_index_pattern", + "label": "Partition", + "options": { + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "1532342651170", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Kafka Controls [Metrics Kafka] ECS", + "type": "input_control_vis" + } + }, + "id": "8d2f79a0-8e65-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/944188f0-8e79-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/944188f0-8e79-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..78994b34e05 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/944188f0-8e79-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Kafka Consumer Group Lag vs Time [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "1966adf0-1298-11ea-abd7-b5bb8e05b5d6" + } + ], + "bar_color_rules": [ + { + "id": "1dbe6f50-1298-11ea-abd7-b5bb8e05b5d6" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "lucene", + "query": "(metricset.name: consumergroup) AND NOT kafka.consumergroup.topic.name:__consumer_offsets" + }, + "gauge_color_rules": [ + { + "id": "1eee15b0-1298-11ea-abd7-b5bb8e05b5d6" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.2", + "formatter": "number", + "id": "0dcb8020-8e6d-11e8-bfab-6f29bad3a6f2", + "label": "Consumer Groups", + "line_width": 1, + "metrics": [ + { + "field": "kafka.consumergroup.consumer_lag", + "id": "0dcb8021-8e6d-11e8-bfab-6f29bad3a6f2", + "type": "max" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kafka.consumergroup.topic", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Kafka Consumer Group Lag vs Time [Metrics Kafka] ECS", + "type": "metrics" + } + }, + "id": "944188f0-8e79-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/9a7576e0-d231-11e8-8766-dbbdc39e7ba9-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/9a7576e0-d231-11e8-8766-dbbdc39e7ba9-ecs.json new file mode 100644 index 00000000000..a3040accc35 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/9a7576e0-d231-11e8-8766-dbbdc39e7ba9-ecs.json @@ -0,0 +1,114 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Kafka Consumer Group Clients [Metrics Kafka] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Newest Offset", + "field": "kafka.consumergroup.offset" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Consumer group client", + "field": "kafka.consumergroup.client.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_term", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 64 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Topic", + "field": "kafka.topic.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 64 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Partition", + "field": "kafka.partition.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 256 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Kafka Consumer Group Clients [Metrics Kafka] ECS", + "type": "table" + } + }, + "id": "9a7576e0-d231-11e8-8766-dbbdc39e7ba9-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/b9d12c80-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/b9d12c80-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..95637ac5f6d --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/b9d12c80-8e63-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Kafka Topic \u0026 Consumer Offsets [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "8b27e6a0-8e61-11e8-b741-c3e458b74a68" + } + ], + "filter": { + "language": "lucene", + "query": "NOT kafka.topic.name:__consumer_offsets" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(244,78,59,1)", + "fill": "0.1", + "filter": { + "language": "lucene", + "query": "metricset.name: partition AND kafka.partition.partition.is_leader: true" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Topic Offsets", + "line_width": "0.5", + "metrics": [ + { + "field": "kafka.partition.offset.newest", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kafka.topic.name", + "terms_order_by": "_term", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,0.52)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "metricset.name: consumergroup" + }, + "formatter": "number", + "id": "d43034c0-8f1e-11e8-8784-cd0acd161a28", + "label": "Consumer Offsets", + "line_width": "1", + "metrics": [ + { + "field": "kafka.consumergroup.offset", + "id": "d43034c1-8f1e-11e8-8784-cd0acd161a28", + "type": "sum" + } + ], + "point_size": "1.5", + "seperate_axis": 0, + "split_color_mode": "rainbow", + "split_filters": [ + { + "color": "#68BC00", + "id": "dd41ada0-8f1e-11e8-8784-cd0acd161a28" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "kafka.consumergroup.id", + "terms_order_by": "_term", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Kafka Topic \u0026 Consumer Offsets [Metrics Kafka] ECS", + "type": "metrics" + } + }, + "id": "b9d12c80-8e63-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/dc89f8d0-8e8e-11e8-8fa2-3d5f811fbd0f-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/dc89f8d0-8e8e-11e8-8fa2-3d5f811fbd0f-ecs.json new file mode 100644 index 00000000000..a4c6e317dda --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/dc89f8d0-8e8e-11e8-8fa2-3d5f811fbd0f-ecs.json @@ -0,0 +1,164 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Partition Metricset", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "metricset.name", + "negate": false, + "params": { + "query": "partition", + "type": "phrase" + }, + "type": "phrase", + "value": "partition" + }, + "query": { + "match": { + "metricset.name": { + "query": "partition", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "kafka.topic.name", + "negate": true, + "params": { + "query": "__consumer_offsets", + "type": "phrase" + }, + "type": "phrase", + "value": "__consumer_offsets" + }, + "query": { + "match": { + "kafka.topic.name": { + "query": "__consumer_offsets", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Kafka Metrics [Metrics Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Topics", + "field": "kafka.topic.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Brokers", + "field": "kafka.partition.broker.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Partitions", + "field": "kafka.partition.topic_id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Replicas", + "field": "kafka.partition.topic_broker_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 32, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Kafka Metrics [Metrics Kafka] ECS", + "type": "metric" + } + }, + "id": "dc89f8d0-8e8e-11e8-8fa2-3d5f811fbd0f-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/kibana/visualization/number-of-kafka-stracktraces-by-class-ecs.json b/dev/packages/beats/kafka/0.0.1/kibana/visualization/number-of-kafka-stracktraces-by-class-ecs.json new file mode 100644 index 00000000000..ce68dc7d9b3 --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/kibana/visualization/number-of-kafka-stracktraces-by-class-ecs.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Number of stracktraces by class [Logs Kafka] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "kafka.log.trace.class", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 minutes" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Number of Kafka stracktraces by class [Logs Kafka] ECS", + "type": "histogram" + } + }, + "id": "number-of-kafka-stracktraces-by-class-ecs", + "references": [ + { + "id": "Kafka stacktraces-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kafka/0.0.1/manifest.yml b/dev/packages/beats/kafka/0.0.1/manifest.yml new file mode 100644 index 00000000000..400296169af --- /dev/null +++ b/dev/packages/beats/kafka/0.0.1/manifest.yml @@ -0,0 +1,43 @@ +format_version: 1.0.0 +name: kafka +title: Kafka +version: 0.0.1 +license: basic +description: Kafka Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-kafka-logs-overview.png + title: filebeat kafka logs overview + size: 1363x657 + type: image/png +- src: /img/metricbeat_kafka_dashboard.png + title: metricbeat kafka dashboard + size: 1726x711 + type: image/png +icons: +- src: /img/logo_kafka.svg + title: logo kafka + size: 32x32 + type: image/svg+xml +datasources: +- name: kafka + title: Kafka logs and metrics + description: Collect logs and metrics from Kafka instances + inputs: + - type: logs + title: Collect logs from Kafka instances + description: Collecting Kafka log logs + - type: kafka/metrics + title: Collect metrics from Kafka instances + description: Collecting Kafka broker, consumer, consumergroup, partition and producer + metrics diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/kibana/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..3a012a3b5d9 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +json.keys_under_root: false +json.add_error_key: true \ No newline at end of file diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/kibana/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f836789dc6a --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,112 @@ +--- +description: Pipeline for parsing Kibana logs +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- rename: + field: '@timestamp' + target_field: event.created +- rename: + field: json + target_field: kibana.log.meta +- date: + field: kibana.log.meta.@timestamp + formats: + - ISO8601 + target_field: '@timestamp' +- remove: + field: kibana.log.meta.@timestamp +- rename: + field: kibana.log.meta.message + target_field: message +- rename: + field: kibana.log.meta.state + target_field: kibana.log.state + ignore_missing: true +- rename: + field: kibana.log.meta.pid + target_field: process.pid +- rename: + field: kibana.log.meta.tags + target_field: kibana.log.tags +- rename: + field: kibana.log.meta.res.statusCode + target_field: http.response.status_code + ignore_missing: true +- rename: + field: kibana.log.meta.res.responseTime + target_field: temp.duration + ignore_missing: true +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- rename: + field: kibana.log.meta.res.contentLength + target_field: http.response.body.bytes + ignore_missing: true +- rename: + field: kibana.log.meta.req.method + target_field: http.request.method + ignore_missing: true +- rename: + field: kibana.log.meta.req.headers.referer + target_field: http.request.referrer + ignore_missing: true +- rename: + field: kibana.log.meta.req.headers.user-agent + target_field: user_agent.original + ignore_missing: true +- rename: + field: kibana.log.meta.req.remoteAddress + target_field: source.address + ignore_missing: true +- set: + field: source.ip + value: '{{source.address}}' + if: ctx.source?.address != null +- rename: + field: kibana.log.meta.req.url + target_field: url.original + ignore_missing: true +- remove: + field: kibana.log.meta.req.referer + ignore_missing: true +- remove: + field: kibana.log.meta.statusCode + ignore_missing: true +- remove: + field: kibana.log.meta.method + ignore_missing: true +- append: + field: service.name + value: kibana +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + if (ctx?.kibana?.log?.state != null) { + if (ctx.kibana.log.state == "red") { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } + +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..3c54eede45f --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,66 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..b2a2a852caf --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,13 @@ +- name: kibana.log + type: group + fields: + - name: tags + type: keyword + description: | + Kibana logging tags. + - name: state + type: keyword + description: | + Current state of Kibana. + - name: meta + type: object diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..da76c81093f --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kibana + type: group diff --git a/dev/packages/beats/kibana/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/kibana/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..db095afbf79 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,17 @@ +title: kibana log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/kibana/kibana.stdout + template_path: log.yml.hbs + title: kibana log logs (log) + description: Collect kibana log logs using log input diff --git a/dev/packages/beats/kibana/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/kibana/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..68a21036233 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["stats"] diff --git a/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/ecs.yml b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/ecs.yml new file mode 100644 index 00000000000..5bc2681b798 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: service + title: Service + group: 2 + type: group + fields: + - name: id + level: core + type: keyword + description: |- + Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. + This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. + Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + ignore_above: 1024 + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..ae1a22035f3 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,79 @@ +- name: kibana.stats + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Kibana instance name + - name: index + type: keyword + description: | + Name of Kibana's internal index + - name: host.name + type: keyword + description: | + Kibana instance hostname + - name: snapshot + type: boolean + description: | + Whether the Kibana build is a snapshot build + - name: status + type: keyword + description: | + Kibana instance's health status + - name: concurrent_connections + type: long + description: | + Number of client connections made to the server. Note that browsers can send multiple simultaneous connections to request multiple server assets at once, and they can re-use established connections. + - name: process + type: group + fields: + - name: event_loop_delay.ms + type: scaled_float + description: | + Event loop delay in milliseconds + - name: memory.heap + type: group + fields: + - name: total.bytes + type: long + format: bytes + description: | + Total heap allocated to process in bytes + - name: used.bytes + type: long + format: bytes + description: | + Heap used by process in bytes + - name: size_limit.bytes + type: long + format: bytes + description: | + Max. old space size allocated to Node.js process, in bytes + - name: uptime.ms + type: long + description: | + Uptime of process in milliseconds + - name: request + type: group + fields: + - name: disconnects + type: long + description: | + Number of requests that were disconnected + - name: total + type: long + description: | + Total number of requests + - name: response_time + type: group + fields: + - name: avg.ms + type: long + description: | + Average response time in milliseconds + - name: max.ms + type: long + description: | + Maximum response time in milliseconds diff --git a/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..da76c81093f --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kibana + type: group diff --git a/dev/packages/beats/kibana/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/kibana/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..6ac00659b28 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,7 @@ +title: Kibana stats metrics +release: experimental +type: metrics +streams: +- input: kibana/metrics + title: Kibana stats metrics + description: Collect Kibana stats metrics diff --git a/dev/packages/beats/kibana/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/kibana/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..7e7944fa1d4 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["status"] +{{#if basepath}} +basepath: {{basepath}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kibana/0.0.1/dataset/status/fields/ecs.yml b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/ecs.yml new file mode 100644 index 00000000000..5bc2681b798 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: service + title: Service + group: 2 + type: group + fields: + - name: id + level: core + type: keyword + description: |- + Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. + This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. + Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + ignore_above: 1024 + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/kibana/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..25562dfab63 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,30 @@ +- name: kibana.status + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Kibana instance name. + - name: status.overall.state + type: keyword + description: | + Kibana overall state. + - name: metrics + type: group + fields: + - name: concurrent_connections + type: long + description: | + Current concurrent connections. + - name: requests + type: group + fields: + - name: disconnects + type: long + description: | + Total number of disconnected connections. + - name: total + type: long + description: | + Total number of connections. diff --git a/dev/packages/beats/kibana/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..da76c81093f --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kibana + type: group diff --git a/dev/packages/beats/kibana/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/kibana/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..dd29eb61b4a --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,30 @@ +title: Kibana status metrics +release: experimental +type: metrics +streams: +- input: kibana/metrics + vars: + - name: basepath + type: text + title: Basepath + multi: false + required: false + show_user: true + default: "" + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:5601 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kibana status metrics + description: Collect Kibana status metrics diff --git a/dev/packages/beats/kibana/0.0.1/docs/README.md b/dev/packages/beats/kibana/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/kibana/0.0.1/img/logo_kibana.svg b/dev/packages/beats/kibana/0.0.1/img/logo_kibana.svg new file mode 100644 index 00000000000..bafebd9368c --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/img/logo_kibana.svg @@ -0,0 +1,7 @@ + + + + + + + diff --git a/dev/packages/beats/kibana/0.0.1/manifest.yml b/dev/packages/beats/kibana/0.0.1/manifest.yml new file mode 100644 index 00000000000..a215670f8b0 --- /dev/null +++ b/dev/packages/beats/kibana/0.0.1/manifest.yml @@ -0,0 +1,32 @@ +format_version: 1.0.0 +name: kibana +title: Kibana +version: 0.0.1 +license: basic +description: Kibana Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: + versions: '>7.0.1' +icons: +- src: /img/logo_kibana.svg + title: logo kibana + size: 32x32 + type: image/svg+xml +datasources: +- name: kibana + title: Kibana logs and metrics + description: Collect logs and metrics from Kibana instances + inputs: + - type: logs + title: Collect logs from Kibana instances + description: Collecting Kibana log logs + - type: kibana/metrics + title: Collect metrics from Kibana instances + description: Collecting Kibana stats and status metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3752e30666a --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/agent/stream/stream.yml.hbs @@ -0,0 +1,5 @@ +metricsets: ["apiserver"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/fields.yml new file mode 100644 index 00000000000..1c60c1483e1 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/fields.yml @@ -0,0 +1,161 @@ +- name: kubernetes.apiserver + type: group + release: ga + fields: + - name: request.client + type: keyword + description: | + Client executing requests + - name: request.resource + type: keyword + description: | + Requested resource + - name: request.subresource + type: keyword + description: | + Requested subresource + - name: request.scope + type: keyword + description: | + Request scope (cluster, namespace, resource) + - name: request.verb + type: keyword + description: | + HTTP verb + - name: request.code + type: keyword + description: | + HTTP code + - name: request.content_type + type: keyword + description: | + Request HTTP content type + - name: request.dry_run + type: keyword + description: | + Wether the request uses dry run + - name: request.kind + type: keyword + description: | + Kind of request + - name: request.component + type: keyword + description: | + Component handling the request + - name: request.group + type: keyword + description: | + API group for the resource + - name: request.version + type: keyword + description: | + version for the group + - name: request.handler + type: keyword + description: | + Request handler + - name: request.method + type: keyword + description: | + HTTP method + - name: request.host + type: keyword + description: | + Request host + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count for response + - name: client.request.count + type: long + description: Number of requests as client + - name: request + type: group + fields: + - name: count + type: long + description: Number of requests + - name: latency.sum + type: long + description: Requests latency, sum of latencies in microseconds + - name: latency.count + type: long + description: Request latency, number of requests + - name: latency.bucket.* + type: object + description: Request latency histogram buckets + - name: duration.us.sum + type: long + description: Request duration, sum in microseconds + - name: duration.us.count + type: long + description: Request duration, number of operations + - name: duration.us.bucket.* + type: object + description: Request duration, histogram buckets + - name: current.count + type: long + description: Inflight requests + - name: longrunning.count + type: long + description: Number of requests active long running requests + - name: etcd.object.count + type: long + description: Number of kubernetes objects at etcd + - name: audit.event.count + type: long + description: Number of audit events + - name: audit.rejected.count + type: long + description: Number of audit rejected events diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/manifest.yml new file mode 100644 index 00000000000..c79e6badac5 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/apiserver/manifest.yml @@ -0,0 +1,16 @@ +title: Kubernetes apiserver metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT} + title: Kubernetes apiserver metrics + description: Collect Kubernetes apiserver metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/container/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/container/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..99706460c24 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/container/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["container"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +{{#if bearer_token_file}} +bearer_token_file: {{bearer_token_file}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if ssl.verification_mode}} +ssl.verification_mode: {{ssl.verification_mode}} +{{/if}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 00000000000..3057e6c3fff --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,164 @@ +- name: kubernetes.container + type: group + release: ga + fields: + - name: start_time + type: date + description: | + Start time + - name: cpu + type: group + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: | + Container CPU Core usage nanoseconds + - name: nanocores + type: long + description: | + CPU used nanocores + - name: node.pct + type: scaled_float + format: percent + description: | + CPU usage as a percentage of the total node allocatable CPU + - name: limit.pct + type: scaled_float + format: percent + description: | + CPU usage as a percentage of the defined limit for the container (or total node allocatable CPU if unlimited) + - name: logs + type: group + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Logs available capacity in bytes + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Logs total capacity in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Logs used capacity in bytes + - name: inodes + type: group + fields: + - name: count + type: long + description: | + Total available inodes + - name: free + type: long + description: | + Total free inodes + - name: used + type: long + description: | + Total used inodes + - name: memory + type: group + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total available memory + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total memory usage + - name: node.pct + type: scaled_float + format: percent + description: | + Memory usage as a percentage of the total node allocatable memory + - name: limit.pct + type: scaled_float + format: percent + description: | + Memory usage as a percentage of the defined limit for the container (or total node allocatable memory if unlimited) + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Working set memory usage + - name: pagefaults + type: long + description: | + Number of page faults + - name: majorpagefaults + type: long + description: | + Number of major page faults + - name: rootfs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Root filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Root filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Root filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: | + Used inodes diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/container/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/container/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/container/manifest.yml new file mode 100644 index 00000000000..00cbc3a2e92 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/container/manifest.yml @@ -0,0 +1,44 @@ +title: Kubernetes container metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: bearer_token_file + type: text + title: Bearer Token File + multi: false + required: true + show_user: true + default: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${NODE_NAME}:10250 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: ssl.verification_mode + type: text + title: Ssl Verification Mode + multi: false + required: true + show_user: true + default: none + title: Kubernetes container metrics + description: Collect Kubernetes container metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..150ccaa8254 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["controllermanager"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/fields.yml new file mode 100644 index 00000000000..65faa2858af --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/fields.yml @@ -0,0 +1,124 @@ +- name: kubernetes.controllermanager + type: group + release: ga + fields: + - name: handler + type: keyword + description: | + Request handler + - name: code + type: keyword + description: | + HTTP code + - name: method + type: keyword + description: | + HTTP method + - name: host + type: keyword + description: | + Request host + - name: name + type: keyword + description: | + Name for the resource + - name: zone + type: keyword + description: | + Infrastructure zone + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count for response + - name: client.request.count + type: long + description: | + Number of requests as client + - name: workqueue + type: group + fields: + - name: longestrunning.sec + type: double + description: Longest running processors + - name: unfinished.sec + type: double + description: Unfinished processors + - name: adds.count + type: long + description: Workqueue add count + - name: depth.count + type: long + description: Workqueue depth count + - name: retries.count + type: long + description: Workqueue number of retries + - name: node.collector + type: group + fields: + - name: eviction.count + type: long + description: Number of node evictions + - name: unhealthy.count + type: long + description: Number of unhealthy nodes + - name: count + type: long + description: Number of nodes + - name: health.pct + type: long + description: Percentage of healthy nodes + - name: leader.is_master + type: boolean + description: | + Whether the node is master diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/manifest.yml new file mode 100644 index 00000000000..b91e26db2d3 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/controllermanager/manifest.yml @@ -0,0 +1,23 @@ +title: Kubernetes controllermanager metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://localhost:10252 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes controllermanager metrics + description: Collect Kubernetes controllermanager metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/event/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/event/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..25b6be07996 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/event/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["event"] diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/fields.yml new file mode 100644 index 00000000000..3ea4325597f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/fields.yml @@ -0,0 +1,95 @@ +- name: kubernetes.event + type: group + release: ga + fields: + - name: count + type: long + description: | + Count field records the number of times the particular event has occurred + - name: timestamp + type: group + fields: + - name: first_occurrence + type: date + description: | + Timestamp of first occurrence of event + - name: last_occurrence + type: date + description: | + Timestamp of last occurrence of event + - name: message + type: text + description: | + Message recorded for the given event + - name: reason + type: keyword + description: | + Reason recorded for the given event + - name: type + type: keyword + description: | + Type of the given event + - name: source + type: group + fields: + - name: component + type: keyword + description: | + Component from which the event is generated + - name: host + type: keyword + description: | + Node name on which the event is generated + - name: metadata + type: group + fields: + - name: timestamp + type: group + fields: + - name: created + type: date + description: | + Timestamp of creation of the given event + - name: name + type: keyword + description: | + Name of the event + - name: namespace + type: keyword + description: | + Namespace in which event was generated + - name: resource_version + type: keyword + description: | + Version of the event resource + - name: uid + type: keyword + description: | + Unique identifier to the event object + - name: self_link + type: keyword + description: | + URL representing the event + - name: involved_object + type: group + fields: + - name: api_version + type: keyword + description: | + API version of the object + - name: kind + type: keyword + description: | + API kind of the object + - name: name + type: keyword + description: | + name of the object + - name: resource_version + type: keyword + description: | + resource version of the object + - name: uid + type: keyword + description: | + UUID version of the object diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/event/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/event/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/event/manifest.yml new file mode 100644 index 00000000000..324186ad909 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/event/manifest.yml @@ -0,0 +1,7 @@ +title: Kubernetes event metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + title: Kubernetes event metrics + description: Collect Kubernetes event metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6c8d94e47f4 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["node"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +{{#if bearer_token_file}} +bearer_token_file: {{bearer_token_file}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if ssl.verification_mode}} +ssl.verification_mode: {{ssl.verification_mode}} +{{/if}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..6d2864d2968 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,167 @@ +- name: kubernetes.node + type: group + release: ga + fields: + - name: start_time + type: date + description: | + Start time + - name: cpu + type: group + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: | + Node CPU Core usage nanoseconds + - name: nanocores + type: long + description: | + CPU used nanocores + - name: memory + type: group + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total available memory + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total memory usage + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Working set memory usage + - name: pagefaults + type: long + description: | + Number of page faults + - name: majorpagefaults + type: long + description: | + Number of major page faults + - name: network + type: group + fields: + - name: rx + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Received bytes + - name: errors + type: long + description: | + Rx errors + - name: tx + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Transmitted bytes + - name: errors + type: long + description: | + Tx errors + - name: fs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: | + Number of used inodes + - name: count + type: long + description: | + Number of inodes + - name: free + type: long + description: | + Number of free inodes + - name: runtime + type: group + fields: + - name: imagefs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Image filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Image filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Image filesystem total used in bytes diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..66c943ae65e --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,44 @@ +title: Kubernetes node metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: bearer_token_file + type: text + title: Bearer Token File + multi: false + required: true + show_user: true + default: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${NODE_NAME}:10250 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: ssl.verification_mode + type: text + title: Ssl Verification Mode + multi: false + required: true + show_user: true + default: none + title: Kubernetes node metrics + description: Collect Kubernetes node metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/pod/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e88171b0713 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["pod"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +{{#if bearer_token_file}} +bearer_token_file: {{bearer_token_file}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if ssl.verification_mode}} +ssl.verification_mode: {{ssl.verification_mode}} +{{/if}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/fields.yml new file mode 100644 index 00000000000..18829664b88 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/fields.yml @@ -0,0 +1,108 @@ +- name: kubernetes.pod + type: group + release: ga + fields: + - name: start_time + type: date + description: | + Start time + - name: network + type: group + fields: + - name: rx + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Received bytes + - name: errors + type: long + description: | + Rx errors + - name: tx + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Transmitted bytes + - name: errors + type: long + description: | + Tx errors + - name: cpu + type: group + fields: + - name: usage + type: group + fields: + - name: nanocores + type: long + description: | + CPU used nanocores + - name: node.pct + type: scaled_float + format: percent + description: | + CPU usage as a percentage of the total node CPU + - name: limit.pct + type: scaled_float + format: percent + description: | + CPU usage as a percentage of the defined limit for the pod containers (or total node CPU if one or more containers of the pod are unlimited) + - name: memory + type: group + fields: + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total memory usage + - name: node.pct + type: scaled_float + format: percent + description: | + Memory usage as a percentage of the total node allocatable memory + - name: limit.pct + type: scaled_float + format: percent + description: | + Memory usage as a percentage of the defined limit for the pod containers (or total node allocatable memory if unlimited) + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total memory available + - name: working_set + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total working set memory + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total resident set size memory + - name: page_faults + type: long + description: | + Total page faults + - name: major_page_faults + type: long + description: | + Total major page faults diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/pod/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/manifest.yml new file mode 100644 index 00000000000..37d6322a4c2 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/pod/manifest.yml @@ -0,0 +1,44 @@ +title: Kubernetes pod metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: bearer_token_file + type: text + title: Bearer Token File + multi: false + required: true + show_user: true + default: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${NODE_NAME}:10250 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: ssl.verification_mode + type: text + title: Ssl Verification Mode + multi: false + required: true + show_user: true + default: none + title: Kubernetes pod metrics + description: Collect Kubernetes pod metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1723efeec0b --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["proxy"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/fields.yml new file mode 100644 index 00000000000..909bed3a7e4 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/fields.yml @@ -0,0 +1,100 @@ +- name: kubernetes.proxy + type: group + release: ga + fields: + - name: handler + type: keyword + description: | + Request handler + - name: code + type: keyword + description: | + HTTP code + - name: method + type: keyword + description: | + HTTP method + - name: host + type: keyword + description: | + Request host + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count + - name: client.request.count + type: long + description: | + Number of requests as client + - name: sync + type: group + fields: + - name: rules.duration.us.sum + type: long + description: SyncProxyRules duration, sum of durations in microseconds + - name: rules.duration.us.count + type: long + description: SyncProxyRules duration, number of operations + - name: rules.duration.us.bucket.* + type: object + description: SyncProxyRules duration, histogram buckets + - name: networkprogramming.duration.us.sum + type: long + description: Network programming duration, sum in microseconds + - name: networkprogramming.duration.us.count + type: long + description: Network programming duration, number of operations + - name: networkprogramming.duration.us.bucket.* + type: object + description: Network programming duration, histogram buckets diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/manifest.yml new file mode 100644 index 00000000000..f84d7fbf4e5 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/proxy/manifest.yml @@ -0,0 +1,23 @@ +title: Kubernetes proxy metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:10249 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes proxy metrics + description: Collect Kubernetes proxy metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..39ea43ebec9 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["scheduler"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/fields.yml new file mode 100644 index 00000000000..6996459f891 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/fields.yml @@ -0,0 +1,122 @@ +- name: kubernetes.scheduler + type: group + release: ga + fields: + - name: handler + type: keyword + description: | + Request handler + - name: code + type: keyword + description: | + HTTP code + - name: method + type: keyword + description: | + HTTP method + - name: host + type: keyword + description: | + Request host + - name: name + type: keyword + description: | + Name for the resource + - name: result + type: keyword + description: | + Schedule attempt result + - name: operation + type: keyword + description: | + Scheduling operation + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count + - name: client.request.count + type: long + description: | + Number of requests as client + - name: leader.is_master + type: boolean + description: | + Whether the node is master + - name: scheduling + type: group + fields: + - name: e2e.duration.us.bucket.* + type: object + description: End to end scheduling duration microseconds + - name: e2e.duration.us.sum + type: long + description: End to end scheduling duration microseconds sum + - name: e2e.duration.us.count + type: long + description: End to end scheduling count + - name: pod.preemption.victims.count + type: long + description: Pod preemption victims + - name: pod.attempts.count + type: long + description: Pod attempts count + - name: duration.seconds.percentile.* + type: object + description: Scheduling duration percentiles + - name: duration.seconds.sum + type: double + description: Scheduling duration cumulative sum + - name: duration.seconds.count + type: long + description: Scheduling count diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/manifest.yml new file mode 100644 index 00000000000..6df05a9554c --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/scheduler/manifest.yml @@ -0,0 +1,23 @@ +title: Kubernetes scheduler metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:10251 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes scheduler metrics + description: Collect Kubernetes scheduler metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9dd7c455c41 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_container"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/fields.yml new file mode 100644 index 00000000000..1982202e848 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/fields.yml @@ -0,0 +1,58 @@ +- name: kubernetes.container + type: group + release: ga + fields: + - name: id + type: keyword + description: Container id + - name: status + type: group + fields: + - name: phase + type: keyword + description: | + Container phase (running, waiting, terminated) + - name: ready + type: boolean + description: | + Container ready status + - name: restarts + type: integer + description: | + Container restarts count + - name: reason + type: keyword + description: | + Waiting (ContainerCreating, CrashLoopBackoff, ErrImagePull, ImagePullBackoff) or termination (Completed, ContainerCannotRun, Error, OOMKilled) reason. + - name: cpu + type: group + fields: + - name: limit.cores + type: float + description: | + Container CPU cores limit + - name: request.cores + type: float + description: | + Container CPU requested cores + - name: limit.nanocores + type: long + description: | + Container CPU nanocores limit + - name: request.nanocores + type: long + description: | + Container CPU requested nanocores + - name: memory + type: group + fields: + - name: limit.bytes + type: long + format: bytes + description: | + Container memory limit in bytes + - name: request.bytes + type: long + format: bytes + description: | + Container requested memory in bytes diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/manifest.yml new file mode 100644 index 00000000000..6b1ef290a86 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_container/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_container metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_container metrics + description: Collect Kubernetes state_container metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ab7e92205c9 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_cronjob"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/fields.yml new file mode 100644 index 00000000000..3fe7741dd33 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/fields.yml @@ -0,0 +1,31 @@ +- name: kubernetes.cronjob + type: group + release: ga + fields: + - name: name + type: keyword + description: Cronjob name + - name: schedule + type: keyword + description: Cronjob schedule + - name: concurrency + type: keyword + description: Concurrency policy + - name: active.count + type: long + description: Number of active pods for the cronjob + - name: is_suspended + type: boolean + description: Whether the cronjob is suspended + - name: created.sec + type: double + description: Epoch seconds since the cronjob was created + - name: last_schedule.sec + type: double + description: Epoch seconds for last cronjob run + - name: next_schedule.sec + type: double + description: Epoch seconds for next cronjob run + - name: deadline.sec + type: long + description: Deadline seconds after schedule for considering failed diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/manifest.yml new file mode 100644 index 00000000000..22443fc730f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_cronjob/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_cronjob metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_cronjob metrics + description: Collect Kubernetes state_cronjob metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..240aa7cd1c8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_deployment"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/fields.yml new file mode 100644 index 00000000000..ec6705eac2f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/fields.yml @@ -0,0 +1,27 @@ +- name: kubernetes.deployment + type: group + release: ga + fields: + - name: paused + type: boolean + description: | + Kubernetes deployment paused status + - name: replicas + type: group + fields: + - name: desired + type: integer + description: | + Deployment number of desired replicas (spec) + - name: available + type: integer + description: | + Deployment available replicas + - name: unavailable + type: integer + description: | + Deployment unavailable replicas + - name: updated + type: integer + description: | + Deployment updated replicas diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/manifest.yml new file mode 100644 index 00000000000..e00449a9a03 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_deployment/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_deployment metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_deployment metrics + description: Collect Kubernetes state_deployment metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..130ea027bb5 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_node"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/fields.yml new file mode 100644 index 00000000000..dd3b240d450 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/fields.yml @@ -0,0 +1,50 @@ +- name: kubernetes.node + type: group + release: ga + fields: + - name: status + type: group + fields: + - name: ready + type: keyword + description: | + Node ready status (true, false or unknown) + - name: unschedulable + type: boolean + description: | + Node unschedulable status + - name: cpu + type: group + fields: + - name: allocatable.cores + type: float + description: | + Node CPU allocatable cores + - name: capacity.cores + type: long + description: | + Node CPU capacity cores + - name: memory + type: group + fields: + - name: allocatable.bytes + type: long + format: bytes + description: | + Node allocatable memory in bytes + - name: capacity.bytes + type: long + format: bytes + description: | + Node memory capacity in bytes + - name: pod + type: group + fields: + - name: allocatable.total + type: long + description: | + Node allocatable pods + - name: capacity.total + type: long + description: | + Node pod capacity diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/manifest.yml new file mode 100644 index 00000000000..594accb3c51 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_node/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_node metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_node metrics + description: Collect Kubernetes state_node metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..385b264793f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_persistentvolume"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/fields.yml new file mode 100644 index 00000000000..1f9737d23d7 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/fields.yml @@ -0,0 +1,16 @@ +- name: kubernetes.persistentvolume + type: group + release: experimental + fields: + - name: name + type: keyword + description: Volume name. + - name: capacity.bytes + type: long + description: Volume capacity + - name: phase + type: keyword + description: Volume phase according to kubernetes + - name: storage_class + type: keyword + description: Storage class for the volume diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/manifest.yml new file mode 100644 index 00000000000..8b2abd56697 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolume/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_persistentvolume metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_persistentvolume metrics + description: Collect Kubernetes state_persistentvolume metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..87156c5054b --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_persistentvolumeclaim"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml new file mode 100644 index 00000000000..5b51ac9950f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml @@ -0,0 +1,22 @@ +- name: kubernetes.persistentvolumeclaim + type: group + release: experimental + fields: + - name: name + type: keyword + description: PVC name. + - name: volume_name + type: keyword + description: Binded volume name. + - name: request_storage.bytes + type: long + description: Requested capacity. + - name: phase + type: keyword + description: PVC phase. + - name: access_mode + type: keyword + description: Access mode. + - name: storage_class + type: keyword + description: Storage class for the PVC. diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/manifest.yml new file mode 100644 index 00000000000..adab7c3d421 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_persistentvolumeclaim/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_persistentvolumeclaim metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_persistentvolumeclaim metrics + description: Collect Kubernetes state_persistentvolumeclaim metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..827feea4bd4 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_pod"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/fields.yml new file mode 100644 index 00000000000..9cedd05ecfd --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/fields.yml @@ -0,0 +1,27 @@ +- name: kubernetes.pod + type: group + release: ga + fields: + - name: ip + type: ip + description: | + Kubernetes pod IP + - name: host_ip + type: ip + description: | + Kubernetes pod host IP + - name: status + type: group + fields: + - name: phase + type: keyword + description: | + Kubernetes pod phase (Running, Pending...) + - name: ready + type: keyword + description: | + Kubernetes pod ready status (true, false or unknown) + - name: scheduled + type: keyword + description: | + Kubernetes pod scheduled status (true, false, unknown) diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/manifest.yml new file mode 100644 index 00000000000..9f7673a5803 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_pod/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_pod metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_pod metrics + description: Collect Kubernetes state_pod metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9b6eee12346 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_replicaset"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/fields.yml new file mode 100644 index 00000000000..39ccf48f8ce --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/fields.yml @@ -0,0 +1,27 @@ +- name: kubernetes.replicaset + type: group + release: ga + fields: + - name: replicas + type: group + fields: + - name: available + type: long + description: | + The number of replicas per ReplicaSet + - name: desired + type: long + description: | + The number of replicas per ReplicaSet + - name: ready + type: long + description: | + The number of ready replicas per ReplicaSet + - name: observed + type: long + description: | + The generation observed by the ReplicaSet controller + - name: labeled + type: long + description: | + The number of fully labeled replicas per ReplicaSet diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/manifest.yml new file mode 100644 index 00000000000..6cabc8b1be2 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_replicaset/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_replicaset metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_replicaset metrics + description: Collect Kubernetes state_replicaset metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..8af6931ee24 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_resourcequota"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/fields.yml new file mode 100644 index 00000000000..624b26b22de --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/fields.yml @@ -0,0 +1,19 @@ +- name: kubernetes.resourcequota + type: group + release: ga + fields: + - name: created.sec + type: double + description: Epoch seconds since the ResourceQuota was created + - name: quota + type: double + description: Quota informed (hard or used) for the resource + - name: name + type: keyword + description: ResourceQuota name + - name: type + type: keyword + description: Quota information type, `hard` or `used` + - name: resource + type: keyword + description: Resource name the quota applies to diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/manifest.yml new file mode 100644 index 00000000000..ea452c225ff --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_resourcequota/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_resourcequota metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_resourcequota metrics + description: Collect Kubernetes state_resourcequota metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e39a37e9181 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_service"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/fields.yml new file mode 100644 index 00000000000..7125827069e --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/fields.yml @@ -0,0 +1,31 @@ +- name: kubernetes.service + type: group + release: experimental + fields: + - name: name + type: keyword + description: Service name. + - name: cluster_ip + type: ip + description: Internal IP for the service. + - name: external_name + type: keyword + description: Service external DNS name + - name: external_ip + type: keyword + description: Service external IP + - name: load_balancer_ip + type: keyword + description: Load Balancer service IP + - name: type + type: keyword + description: Service type + - name: ingress_ip + type: keyword + description: Ingress IP + - name: ingress_hostname + type: ip + description: Ingress Hostname + - name: created + type: date + description: Service creation date diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/manifest.yml new file mode 100644 index 00000000000..b319fd64129 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_service/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_service metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_service metrics + description: Collect Kubernetes state_service metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..de53e7a3b9d --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_statefulset"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/fields.yml new file mode 100644 index 00000000000..6957b7e4070 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/fields.yml @@ -0,0 +1,30 @@ +- name: kubernetes.statefulset + type: group + release: ga + fields: + - name: created + type: long + description: | + The creation timestamp (epoch) for StatefulSet + - name: replicas + type: group + fields: + - name: observed + type: long + description: | + The number of observed replicas per StatefulSet + - name: desired + type: long + description: | + The number of desired replicas per StatefulSet + - name: generation + type: group + fields: + - name: observed + type: long + description: | + The observed generation per StatefulSet + - name: desired + type: long + description: | + The desired generation per StatefulSet diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/manifest.yml new file mode 100644 index 00000000000..4b68193ba2e --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_statefulset/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_statefulset metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_statefulset metrics + description: Collect Kubernetes state_statefulset metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1e3d6995de1 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["state_storageclass"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/fields.yml new file mode 100644 index 00000000000..76440a10422 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/fields.yml @@ -0,0 +1,19 @@ +- name: kubernetes.storageclass + type: group + release: experimental + fields: + - name: name + type: keyword + description: Storage class name. + - name: provisioner + type: keyword + description: Volume provisioner for the storage class. + - name: reclaim_policy + type: keyword + description: Reclaim policy for dynamically created volumes + - name: volume_binding_mode + type: keyword + description: Mode for default provisioning and binding + - name: created + type: date + description: Storage class creation date diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/manifest.yml new file mode 100644 index 00000000000..c1fe5dbda3a --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/state_storageclass/manifest.yml @@ -0,0 +1,30 @@ +title: Kubernetes state_storageclass metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - kube-state-metrics:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Kubernetes state_storageclass metrics + description: Collect Kubernetes state_storageclass metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/system/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/system/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..28008906ae9 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/system/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["system"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +{{#if bearer_token_file}} +bearer_token_file: {{bearer_token_file}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if ssl.verification_mode}} +ssl.verification_mode: {{ssl.verification_mode}} +{{/if}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/fields.yml new file mode 100644 index 00000000000..f84248f4667 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/fields.yml @@ -0,0 +1,64 @@ +- name: kubernetes.system + type: group + release: ga + fields: + - name: container + type: keyword + description: | + Container name + - name: start_time + type: date + description: | + Start time + - name: cpu + type: group + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: | + CPU Core usage nanoseconds + - name: nanocores + type: long + description: | + CPU used nanocores + - name: memory + type: group + fields: + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Total memory usage + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Working set memory usage + - name: pagefaults + type: long + description: | + Number of page faults + - name: majorpagefaults + type: long + description: | + Number of major page faults diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/system/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/system/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/system/manifest.yml new file mode 100644 index 00000000000..6da7ea8a91c --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/system/manifest.yml @@ -0,0 +1,44 @@ +title: Kubernetes system metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: bearer_token_file + type: text + title: Bearer Token File + multi: false + required: true + show_user: true + default: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${NODE_NAME}:10250 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: ssl.verification_mode + type: text + title: Ssl Verification Mode + multi: false + required: true + show_user: true + default: none + title: Kubernetes system metrics + description: Collect Kubernetes system metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/volume/agent/stream/stream.yml.hbs b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b672e13fd02 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["volume"] +{{#if add_metadata}} +add_metadata: {{add_metadata}} +{{/if}} +{{#if bearer_token_file}} +bearer_token_file: {{bearer_token_file}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if ssl.verification_mode}} +ssl.verification_mode: {{ssl.verification_mode}} +{{/if}} diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/fields.yml new file mode 100644 index 00000000000..18a466bdc8e --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/fields.yml @@ -0,0 +1,50 @@ +- name: kubernetes.volume + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Volume name + - name: fs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: | + Used inodes + - name: free + type: long + description: | + Free inodes + - name: count + type: long + description: | + Total inodes diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/package-fields.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/package-fields.yml new file mode 100644 index 00000000000..d39370fe7a8 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kubernetes + type: group diff --git a/dev/packages/beats/kubernetes/0.0.1/dataset/volume/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/manifest.yml new file mode 100644 index 00000000000..e1d24f6d88f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/dataset/volume/manifest.yml @@ -0,0 +1,44 @@ +title: Kubernetes volume metrics +release: experimental +type: metrics +streams: +- input: kubernetes/metrics + vars: + - name: add_metadata + type: bool + title: Add Metadata + multi: false + required: true + show_user: true + default: true + - name: bearer_token_file + type: text + title: Bearer Token File + multi: false + required: true + show_user: true + default: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://${NODE_NAME}:10250 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: ssl.verification_mode + type: text + title: Ssl Verification Mode + multi: false + required: true + show_user: true + default: none + title: Kubernetes volume metrics + description: Collect Kubernetes volume metrics diff --git a/dev/packages/beats/kubernetes/0.0.1/docs/README.md b/dev/packages/beats/kubernetes/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/img/logo_kubernetes.svg b/dev/packages/beats/kubernetes/0.0.1/img/logo_kubernetes.svg new file mode 100644 index 00000000000..7f3e86f5482 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/img/logo_kubernetes.svg @@ -0,0 +1 @@ + diff --git a/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-controllermanager.png b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-controllermanager.png new file mode 100644 index 00000000000..ba9120f2638 Binary files /dev/null and b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-controllermanager.png differ diff --git a/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-proxy.png b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-proxy.png new file mode 100644 index 00000000000..439473e0ca7 Binary files /dev/null and b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat-kubernetes-proxy.png differ diff --git a/dev/packages/beats/kubernetes/0.0.1/img/metricbeat_kubernetes_scheduler.png b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat_kubernetes_scheduler.png new file mode 100644 index 00000000000..8f296b7990c Binary files /dev/null and b/dev/packages/beats/kubernetes/0.0.1/img/metricbeat_kubernetes_scheduler.png differ diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json new file mode 100644 index 00000000000..ce01e26835d --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json @@ -0,0 +1,185 @@ +{ + "attributes": { + "description": "Kubernetes Proxy metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.proxy" + }, + "type": "phrase", + "value": "kubernetes.proxy" + }, + "query": { + "match": { + "stream.dataset": { + "query": "kubernetes.proxy", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 23, + "x": 0, + "y": 12 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 25, + "x": 23, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 9, + "x": 12, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 27, + "x": 21, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "5", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 48, + "x": 0, + "y": 37 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kubernetes] Proxy", + "version": 1 + }, + "id": "5e649d60-9901-11e9-ba57-b7ab4e2d4b58", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "e0ddd3e0-98fe-11e9-ba57-b7ab4e2d4b58", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cac89fb0-9906-11e9-ba57-b7ab4e2d4b58", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "09b404f0-99af-11e9-ba57-b7ab4e2d4b58", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "8c6c2690-9bd8-11e9-9dc8-fd27291d427f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b8a24790-9bf0-11e9-9dc8-fd27291d427f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ba7bf750-9bf5-11e9-9dc8-fd27291d427f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "bcb194a0-9bf8-11e9-9dc8-fd27291d427f", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/97312060-9c1b-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/97312060-9c1b-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..a0c2d137520 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/97312060-9c1b-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,221 @@ +{ + "attributes": { + "description": "Kubernetes Controller Manager metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.controllermanager" + }, + "type": "phrase", + "value": "kubernetes.controllermanager" + }, + "query": { + "match": { + "stream.dataset": { + "query": "kubernetes.controllermanager", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "1", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "2", + "w": 11, + "x": 11, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "3", + "w": 26, + "x": 22, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 0, + "y": 39 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 39 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "7", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "9", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "10", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "10", + "panelRefName": "panel_8", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kubernetes] Controller Manager", + "version": 1 + }, + "id": "97312060-9c1b-11e9-9dc8-fd27291d427f", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "bcb194a0-9bf8-11e9-9dc8-fd27291d427f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "3dbf6230-9c20-11e9-9dc8-fd27291d427f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d86b2da0-9c20-11e9-9dc8-fd27291d427f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0ca95350-9c24-11e9-9dc8-fd27291d427f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "3e1e1fd0-9c27-11e9-9dc8-fd27291d427f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2ba628e0-9c2a-11e9-9dc8-fd27291d427f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "8a95de50-9c38-11e9-9dc8-fd27291d427f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "485c8550-9c3a-11e9-9dc8-fd27291d427f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "7d80f790-9d96-11e9-b2ae-49acc4cbcea9", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/AV4RGUqo5NkDleZmzKuZ-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/AV4RGUqo5NkDleZmzKuZ-ecs.json new file mode 100644 index 00000000000..0bd3e286636 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/AV4RGUqo5NkDleZmzKuZ-ecs.json @@ -0,0 +1,264 @@ +{ + "attributes": { + "description": "Overview of Kubernetes cluster metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 8, + "x": 0, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "9", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "10", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "10", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "11", + "w": 24, + "x": 0, + "y": 48 + }, + "panelIndex": "11", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "12", + "w": 24, + "x": 24, + "y": 48 + }, + "panelIndex": "12", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "13", + "w": 8, + "x": 16, + "y": 12 + }, + "panelIndex": "13", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "14", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "15", + "w": 8, + "x": 8, + "y": 12 + }, + "panelIndex": "15", + "panelRefName": "panel_12", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kubernetes] Overview ECS", + "version": 1 + }, + "id": "AV4RGUqo5NkDleZmzKuZ-ecs", + "references": [ + { + "id": "022a54c0-2bf5-11e7-859b-f78b612cde28-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "44f12b40-2bf4-11e7-859b-f78b612cde28-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cd059410-2bfb-11e7-859b-f78b612cde28-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e1018b90-2bfb-11e7-859b-f78b612cde28-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d6564360-2bfc-11e7-859b-f78b612cde28-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "16fa4470-2bfd-11e7-859b-f78b612cde28-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "294546b0-30d6-11e7-8df8-6d3604a72912-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "408fccf0-30d6-11e7-8df8-6d3604a72912-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "58e644f0-30d6-11e7-8df8-6d3604a72912-ecs", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "a4c9d360-30df-11e7-8df8-6d3604a72912-ecs", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "174a6ad0-30e0-11e7-8df8-6d3604a72912-ecs", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "7aac4fd0-30e0-11e7-8df8-6d3604a72912-ecs", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "da1ff7c0-30ed-11e7-b9e5-2b5b07213ab3-ecs", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/af7225b0-5794-11e8-afa2-e9067ea62228-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/af7225b0-5794-11e8-afa2-e9067ea62228-ecs.json new file mode 100644 index 00000000000..f3fee126da6 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/af7225b0-5794-11e8-afa2-e9067ea62228-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "Kubernetes API server metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 24, + "i": "1", + "w": 24, + "x": 0, + "y": 22 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "3", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 24, + "i": "4", + "w": 24, + "x": 24, + "y": 22 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kubernetes] API server ECS", + "version": 1 + }, + "id": "af7225b0-5794-11e8-afa2-e9067ea62228-ecs", + "references": [ + { + "id": "7cbeb750-5794-11e8-afa2-e9067ea62228-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ec360ff0-57a0-11e8-afa2-e9067ea62228-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "95a7f110-57a2-11e8-afa2-e9067ea62228-ecs", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/f5ab5510-9c94-11e9-94fd-c91206cd5249.json b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/f5ab5510-9c94-11e9-94fd-c91206cd5249.json new file mode 100644 index 00000000000..53a06773ec5 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/dashboard/f5ab5510-9c94-11e9-94fd-c91206cd5249.json @@ -0,0 +1,185 @@ +{ + "attributes": { + "description": "Kubernetes Scheduler metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.scheduler" + }, + "type": "phrase", + "value": "kubernetes.scheduler" + }, + "query": { + "match": { + "stream.dataset": { + "query": "kubernetes.scheduler", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "1", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "2", + "w": 11, + "x": 14, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "3", + "w": 23, + "x": 25, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "4", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "5", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Kubernetes] Scheduler", + "version": 1 + }, + "id": "f5ab5510-9c94-11e9-94fd-c91206cd5249", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "bcb194a0-9bf8-11e9-9dc8-fd27291d427f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "826d80c0-9c97-11e9-94fd-c91206cd5249", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "15bd4420-9c9b-11e9-94fd-c91206cd5249", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d9fc1b80-9c9c-11e9-94fd-c91206cd5249", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "95595810-9ca8-11e9-94fd-c91206cd5249", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "382ace30-9d98-11e9-b2ae-49acc4cbcea9", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "84d9b200-9d98-11e9-b2ae-49acc4cbcea9", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/022a54c0-2bf5-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/022a54c0-2bf5-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..c6f00590640 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/022a54c0-2bf5-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Available pods per deployment [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "id": "117fadf0-30df-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "64456840-30df-11e7-8df8-6d3604a72912", + "label": "Available pods", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.replicas.available", + "id": "64456841-30df-11e7-8df8-6d3604a72912", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "53d35ad0-30df-11e7-8df8-6d3604a72912" + } + ], + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.deployment.name", + "terms_size": "10000" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Available pods per deployment [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "022a54c0-2bf5-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/09b404f0-99af-11e9-ba57-b7ab4e2d4b58.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/09b404f0-99af-11e9-ba57-b7ab4e2d4b58.json new file mode 100644 index 00000000000..3f3997bf8b6 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/09b404f0-99af-11e9-ba57-b7ab4e2d4b58.json @@ -0,0 +1,156 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy process [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "30s", + "markdown": "\n| | |\n|---|---|\n|**Days running**|{{ math.started.last.raw }}|\n|**File descriptors open**|{{ average_of_kubernetes_proxy_process_fds_open_count.fds.last.raw }}|\n|**Resident Memory**|{{ average_of_kubernetes_proxy_process_memory_resident_bytes.resident_memory.last.formatted }}|\n|**Virtual Memory**|{{ average_of_kubernetes_proxy_process_memory_virtual_bytes.virtual_memory.last.formatted }}|\n\n", + "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 table,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 tr,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 td,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 th{border:none}", + "markdown_less": "\ntable, tr, td, th {\n border: none;\n}\n\n", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.started.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "script": "", + "type": "max", + "variables": [ + { + "id": "1bbc4a20-99ac-11e9-8beb-c3bf9b9dfc43", + "name": "v" + } + ] + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "1f34f620-99ac-11e9-8beb-c3bf9b9dfc43", + "script": "round( (params._timestamp /1000 - params.started) / 86400, 2)", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "1f371900-99ac-11e9-8beb-c3bf9b9dfc43", + "name": "started" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "started" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "cc3b1700-99ac-11e9-8beb-c3bf9b9dfc43", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.fds.open.count", + "id": "cc3b1701-99ac-11e9-8beb-c3bf9b9dfc43", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "fds" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "da1b1270-99ad-11e9-8beb-c3bf9b9dfc43", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.memory.resident.bytes", + "id": "da1b1271-99ad-11e9-8beb-c3bf9b9dfc43", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "resident_memory" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "50f54000-99ae-11e9-8beb-c3bf9b9dfc43", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.memory.virtual.bytes", + "id": "50f54001-99ae-11e9-8beb-c3bf9b9dfc43", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "virtual_memory" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "markdown" + }, + "title": "Proxy process [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "09b404f0-99af-11e9-ba57-b7ab4e2d4b58", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/0ca95350-9c24-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/0ca95350-9c24-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..5b51f485c0d --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/0ca95350-9c24-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Longest running processor [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.workqueue.longestrunning.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_direction": "desc", + "terms_field": "kubernetes.controllermanager.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller Longest running processor [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "0ca95350-9c24-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/15bd4420-9c9b-11e9-94fd-c91206cd5249.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/15bd4420-9c9b-11e9-94fd-c91206cd5249.json new file mode 100644 index 00000000000..94a42f29e6f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/15bd4420-9c9b-11e9-94fd-c91206cd5249.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Scheduler HTTP request duration [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(165,228,85,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "P99", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.http.request.duration.us.percentile.99", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "708a5a50-9c9b-11e9-b248-53caaa33a2c5", + "label": "P90", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.http.request.duration.us.percentile.90", + "id": "708a8160-9c9b-11e9-b248-53caaa33a2c5", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(65,117,0,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "9ba449d0-9c9b-11e9-b248-53caaa33a2c5", + "label": "P50", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.http.request.duration.us.percentile.50", + "id": "9ba449d1-9c9b-11e9-b248-53caaa33a2c5", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Scheduler HTTP request duration [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "15bd4420-9c9b-11e9-94fd-c91206cd5249", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/16fa4470-2bfd-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/16fa4470-2bfd-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..8987985cbea --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/16fa4470-2bfd-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network in by node [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "12c1f2f0-2bf2-11e7-859b-f78b612cde28" + } + ], + "bar_color_rules": [ + { + "id": "1373ddd0-2bf2-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.pod" + }, + "gauge_color_rules": [ + { + "id": "140e4910-2bf2-11e7-859b-f78b612cde28" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "0d5c6b10-2bf2-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "0d5c9220-2bf2-11e7-859b-f78b612cde28", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.pod.network.rx.bytes", + "id": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "type": "max" + }, + { + "field": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "id": "494fc310-2bf7-11e7-859b-f78b612cde28", + "type": "derivative", + "unit": "" + }, + { + "field": "494fc310-2bf7-11e7-859b-f78b612cde28", + "id": "37c72a70-3598-11e7-aa4a-8313a0c92a88", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.node.name", + "terms_order_by": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "terms_size": "100000" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Network in by node [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "16fa4470-2bfd-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/174a6ad0-30e0-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/174a6ad0-30e0-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..aa1939c7520 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/174a6ad0-30e0-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unavailable pods [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "508ffb30-30d5-11e7-8df8-6d3604a72912" + } + ], + "bar_color_rules": [ + { + "id": "674d83b0-30d5-11e7-8df8-6d3604a72912" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "gauge_color_rules": [ + { + "id": "50f9b980-30d5-11e7-8df8-6d3604a72912" + } + ], + "gauge_inner_width": "10", + "gauge_max": "", + "gauge_style": "half", + "gauge_width": "10", + "id": "2fe9d3b0-30d5-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2fe9d3b1-30d5-11e7-8df8-6d3604a72912", + "label": "Unavailable Pods", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.replicas.unavailable", + "id": "54cf79a0-30d5-11e7-8df8-6d3604a72912", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_interval": "10s", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Unavailable pods [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "174a6ad0-30e0-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/294546b0-30d6-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/294546b0-30d6-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..0ec2593765a --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/294546b0-30d6-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network out by node [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "12c1f2f0-2bf2-11e7-859b-f78b612cde28" + } + ], + "bar_color_rules": [ + { + "id": "1373ddd0-2bf2-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.pod" + }, + "gauge_color_rules": [ + { + "id": "140e4910-2bf2-11e7-859b-f78b612cde28" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "0d5c6b10-2bf2-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "0d5c9220-2bf2-11e7-859b-f78b612cde28", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.pod.network.tx.bytes", + "id": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "type": "max" + }, + { + "field": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "id": "494fc310-2bf7-11e7-859b-f78b612cde28", + "type": "derivative", + "unit": "" + }, + { + "field": "494fc310-2bf7-11e7-859b-f78b612cde28", + "id": "244c70e0-3598-11e7-aa4a-8313a0c92a88", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.node.name", + "terms_order_by": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "terms_size": "10000" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Network out by node [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "294546b0-30d6-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/2ba628e0-9c2a-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/2ba628e0-9c2a-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..232926aad19 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/2ba628e0-9c2a-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Memory [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Resident", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.memory.resident.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "ac896b30-9c29-11e9-92c1-f7d03186c592", + "label": "Virtual", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.memory.virtual.bytes", + "id": "ac896b31-9c29-11e9-92c1-f7d03186c592", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller Memory [Metricset Kubernetes]", + "type": "metrics" + } + }, + "id": "2ba628e0-9c2a-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/382ace30-9d98-11e9-b2ae-49acc4cbcea9.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/382ace30-9d98-11e9-b2ae-49acc4cbcea9.json new file mode 100644 index 00000000000..436c16d7b1d --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/382ace30-9d98-11e9-b2ae-49acc4cbcea9.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Scheduler CPU [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "CPU time", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.cpu.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "11331120-9d98-11e9-9e81-115d18bcfeaa", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Scheduler CPU [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "382ace30-9d98-11e9-b2ae-49acc4cbcea9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3dbf6230-9c20-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3dbf6230-9c20-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..e72ba14e024 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3dbf6230-9c20-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,147 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Process [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "30s", + "markdown": "| | |\n|---|---|\n|**Days running**|{{ math.started.last.raw }}|\n|**File descriptors open**|{{ average_of_kubernetes_controllermanager_process_fds_open_count.fds.last.raw }}|\n|**Resident Memory**|{{ average_of_kubernetes_controllermanager_process_memory_resident_bytes.resident_memory.last.formatted }}|\n|**Virtual Memory**|{{ average_of_kubernetes_controllermanager_process_memory_virtual_bytes.virtual_memory.last.formatted }}|\n", + "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 table,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 tr,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 td,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 th{border:none}", + "markdown_less": "\ntable, tr, td, th {\n border: none;\n}\n\n", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.started.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "id": "ebfdb1c0-9c1c-11e9-b29f-d55be9348723", + "script": "round( (params._timestamp /1000 - params.started) / 86400, 2)", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "ef30a230-9c1c-11e9-b29f-d55be9348723", + "name": "started" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "started" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "1212ba80-9c1e-11e9-b29f-d55be9348723", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.fds.open.count", + "id": "1212ba81-9c1e-11e9-b29f-d55be9348723", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "fds" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "3f3b17a0-9c1e-11e9-b29f-d55be9348723", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.memory.resident.bytes", + "id": "3f3b17a1-9c1e-11e9-b29f-d55be9348723", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "resident_memory" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "b1a01b50-9c1f-11e9-b29f-d55be9348723", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.memory.virtual.bytes", + "id": "b1a01b51-9c1f-11e9-b29f-d55be9348723", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "virtual_memory" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "markdown" + }, + "title": "Controller Process [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "3dbf6230-9c20-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3e1e1fd0-9c27-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3e1e1fd0-9c27-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..b9099445ae4 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/3e1e1fd0-9c27-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Unfinished jobs sec [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.workqueue.unfinished.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.controllermanager.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller Unfinished jobs sec [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "3e1e1fd0-9c27-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/408fccf0-30d6-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/408fccf0-30d6-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..74e4dc95ffa --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/408fccf0-30d6-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Nodes [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "67ee7da0-30e0-11e7-8df8-6d3604a72912" + } + ], + "bar_color_rules": [ + { + "id": "68cdba10-30e0-11e7-8df8-6d3604a72912" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_node" + }, + "gauge_color_rules": [ + { + "id": "69765620-30e0-11e7-8df8-6d3604a72912" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "4c4690b0-30e0-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "4c4690b1-30e0-11e7-8df8-6d3604a72912", + "label": "Nodes", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.node.name", + "id": "4c4690b2-30e0-11e7-8df8-6d3604a72912", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "kubernetes.deployment.name" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Nodes [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "408fccf0-30d6-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/44f12b40-2bf4-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/44f12b40-2bf4-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..4dfddaec944 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/44f12b40-2bf4-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "CPU usage by node [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "12c1f2f0-2bf2-11e7-859b-f78b612cde28" + } + ], + "bar_color_rules": [ + { + "id": "1373ddd0-2bf2-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "(stream.dataset:kubernetes.container OR stream.dataset:kubernetes.state_node)" + }, + "gauge_color_rules": [ + { + "id": "140e4910-2bf2-11e7-859b-f78b612cde28" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "0d5c6b10-2bf2-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.5", + "formatter": "0.0a", + "id": "0d5c9220-2bf2-11e7-859b-f78b612cde28", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.container.cpu.usage.nanocores", + "id": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "type": "sum" + } + ], + "override_index_pattern": 0, + "point_size": 1, + "seperate_axis": 0, + "series_interval": "10s", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.node.name", + "terms_order_by": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "terms_size": "10000", + "value_template": "{{value}} nanocores" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "formatter": "0.0a", + "hide_in_legend": 1, + "id": "22f65d40-31a7-11e7-84cc-096d2b38e6e5", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.node.cpu.capacity.cores", + "id": "22f65d41-31a7-11e7-84cc-096d2b38e6e5", + "type": "avg" + }, + { + "id": "4af4c390-34d6-11e7-be88-cb6a123dc1bb", + "script": "params.cores * 1000000000", + "type": "calculation", + "variables": [ + { + "field": "22f65d41-31a7-11e7-84cc-096d2b38e6e5", + "id": "4cd32080-34d6-11e7-be88-cb6a123dc1bb", + "name": "cores" + } + ] + } + ], + "override_index_pattern": 0, + "point_size": "0", + "seperate_axis": 0, + "series_interval": "10s", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.node.name", + "terms_order_by": "22f65d41-31a7-11e7-84cc-096d2b38e6e5", + "terms_size": "10000", + "value_template": "{{value}} nanocores" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "CPU usage by node [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "44f12b40-2bf4-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/485c8550-9c3a-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/485c8550-9c3a-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..ffa0bbbba85 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/485c8550-9c3a-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Workqueue retries [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.workqueue.retries.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "b3107560-9c39-11e9-92c1-f7d03186c592", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_direction": "desc", + "terms_field": "kubernetes.controllermanager.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller Workqueue retries [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "485c8550-9c3a-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/58e644f0-30d6-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/58e644f0-30d6-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..f73adc042af --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/58e644f0-30d6-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top CPU intensive pods [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "802104d0-2bfc-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.container" + }, + "id": "5d3692a0-2bfc-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0 a", + "id": "5d3692a1-2bfc-11e7-859b-f78b612cde28", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.container.cpu.usage.core.ns", + "id": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "type": "max" + }, + { + "field": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "id": "6c905240-2bfc-11e7-859b-f78b612cde28", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6c905240-2bfc-11e7-859b-f78b612cde28", + "id": "9a51f710-359d-11e7-aa4a-8313a0c92a88", + "type": "positive_only", + "unit": "" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.pod.name", + "terms_order_by": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "value_template": "{{value}} ns" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top CPU intensive pods [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "58e644f0-30d6-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7aac4fd0-30e0-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7aac4fd0-30e0-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..67ea5f9086b --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7aac4fd0-30e0-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unavailable pods per deployment [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "id": "117fadf0-30df-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "64456840-30df-11e7-8df8-6d3604a72912", + "label": "Unavailable pods", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.replicas.unavailable", + "id": "64456841-30df-11e7-8df8-6d3604a72912", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "53d35ad0-30df-11e7-8df8-6d3604a72912" + } + ], + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.deployment.name", + "terms_size": "10000" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Unavailable pods per deployment [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "7aac4fd0-30e0-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7cbeb750-5794-11e8-afa2-e9067ea62228-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7cbeb750-5794-11e8-afa2-e9067ea62228-ecs.json new file mode 100644 index 00000000000..19bdaa495ca --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7cbeb750-5794-11e8-afa2-e9067ea62228-ecs.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "Overview of Kubernetes API Server", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "API Server Top clients by number of requests [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "61a13010-5794-11e8-8bd0-2180975e72dd" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Top clients by number of requests (5m)", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.apiserver.request.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "0e6ff4a0-5792-11e8-8bd0-2180975e72dd", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "9e4b8030-5792-11e8-8bd0-2180975e72dd" + } + ], + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.apiserver.request.client", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "10" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "API Server Top clients by number of requests [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "7cbeb750-5794-11e8-afa2-e9067ea62228-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7d80f790-9d96-11e9-b2ae-49acc4cbcea9.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7d80f790-9d96-11e9-b2ae-49acc4cbcea9.json new file mode 100644 index 00000000000..5bf36b59f99 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/7d80f790-9d96-11e9-b2ae-49acc4cbcea9.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller CPU [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "CPU time", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.process.cpu.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "47731390-9d96-11e9-9e81-115d18bcfeaa", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Controller CPU [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "7d80f790-9d96-11e9-b2ae-49acc4cbcea9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/826d80c0-9c97-11e9-94fd-c91206cd5249.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/826d80c0-9c97-11e9-94fd-c91206cd5249.json new file mode 100644 index 00000000000..5b2a9d2d0d0 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/826d80c0-9c97-11e9-94fd-c91206cd5249.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Process summary [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "_exists_:\"kubernetes.scheduler.process.started.sec\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "30s", + "markdown": "| | |\n|---|---|\n|**Days running**|{{ math.started.last.raw }}|\n|**File descriptors open**|{{ max_of_kubernetes_scheduler_process_fds_open_count.fds.last.raw }}|\n|**Resident Memory**|{{ max_of_kubernetes_scheduler_process_memory_resident_bytes.resident_memory.last.formatted }}|\n|**Virtual Memory**|{{ max_of_kubernetes_scheduler_process_memory_virtual_bytes.virtual_memory.last.formatted }}|\n", + "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 table,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 tr,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 td,#markdown-61ca57f0-469d-11e7-af02-69e470af7417 th{border:none}", + "markdown_less": "\ntable, tr, td, th {\n border: none;\n}\n\n", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.started.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "id": "94b52370-9c95-11e9-87bc-455cc45f013a", + "script": "round( (params._timestamp /1000 - params.started) / 86400, 2)", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "97cc0060-9c95-11e9-87bc-455cc45f013a", + "name": "started" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "started" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "a8475ca0-9c95-11e9-87bc-455cc45f013a", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.fds.open.count", + "id": "a8475ca1-9c95-11e9-87bc-455cc45f013a", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "fds" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "cdc6d190-9c95-11e9-87bc-455cc45f013a", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.memory.resident.bytes", + "id": "cdc6d191-9c95-11e9-87bc-455cc45f013a", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "resident_memory" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "dfa0fa80-9c95-11e9-87bc-455cc45f013a", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.memory.virtual.bytes", + "id": "dfa0fa81-9c95-11e9-87bc-455cc45f013a", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "var_name": "virtual_memory" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "markdown" + }, + "title": "Process summary [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "826d80c0-9c97-11e9-94fd-c91206cd5249", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/84d9b200-9d98-11e9-b2ae-49acc4cbcea9.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/84d9b200-9d98-11e9-b2ae-49acc4cbcea9.json new file mode 100644 index 00000000000..ea74b02d7f9 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/84d9b200-9d98-11e9-b2ae-49acc4cbcea9.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Scheduler Memory [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Resident", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.memory.resident.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "a14defa0-9d98-11e9-9e81-115d18bcfeaa", + "label": "Virtual", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.process.memory.virtual.bytes", + "id": "a14defa1-9d98-11e9-9e81-115d18bcfeaa", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Scheduler Memory [Metricset Kubernetes]", + "type": "metrics" + } + }, + "id": "84d9b200-9d98-11e9-b2ae-49acc4cbcea9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8a95de50-9c38-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8a95de50-9c38-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..8d6523300c3 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8a95de50-9c38-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller Workqueue adds [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.workqueue.adds.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "9b5d85d0-9c38-11e9-92c1-f7d03186c592", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.controllermanager.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller Workqueue adds [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "8a95de50-9c38-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8c6c2690-9bd8-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8c6c2690-9bd8-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..0268381b043 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/8c6c2690-9bd8-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy HTTP request duration [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(165,228,85,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "05a03f20-9bd8-11e9-871d-d3c7d4c337ef", + "label": "P99", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.http.request.duration.us.percentile.99", + "id": "05a06630-9bd8-11e9-871d-d3c7d4c337ef", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "dc0faec0-9bd7-11e9-871d-d3c7d4c337ef", + "label": "P90", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.http.request.duration.us.percentile.90", + "id": "dc0faec1-9bd7-11e9-871d-d3c7d4c337ef", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(65,117,0,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "P50", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.http.request.duration.us.percentile.50", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Proxy HTTP request duration [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "8c6c2690-9bd8-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95595810-9ca8-11e9-94fd-c91206cd5249.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95595810-9ca8-11e9-94fd-c91206cd5249.json new file mode 100644 index 00000000000..cea9c345167 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95595810-9ca8-11e9-94fd-c91206cd5249.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Scheduler scheduling attempts [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Attempts", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.pod.attempts.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "18aae5d0-9ca9-11e9-b8ef-3ddf5d748ddb", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.scheduler.result", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Scheduler scheduling attempts [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "95595810-9ca8-11e9-94fd-c91206cd5249", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95a7f110-57a2-11e8-afa2-e9067ea62228-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95a7f110-57a2-11e8-afa2-e9067ea62228-ecs.json new file mode 100644 index 00000000000..a0b58614df3 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/95a7f110-57a2-11e8-afa2-e9067ea62228-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "API Server Top clients by resource [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "61a13010-5794-11e8-8bd0-2180975e72dd" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "filter": "", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Top clients by number of requests (5m)", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.apiserver.request.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "0e6ff4a0-5792-11e8-8bd0-2180975e72dd", + "type": "derivative", + "unit": "" + } + ], + "override_index_pattern": 0, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "9e4b8030-5792-11e8-8bd0-2180975e72dd" + } + ], + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "kubernetes.apiserver.request.resource", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "10" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "API Server Top clients by resource [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "95a7f110-57a2-11e8-afa2-e9067ea62228-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/a4c9d360-30df-11e7-8df8-6d3604a72912-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/a4c9d360-30df-11e7-8df8-6d3604a72912-ecs.json new file mode 100644 index 00000000000..e79c144c4fb --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/a4c9d360-30df-11e7-8df8-6d3604a72912-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top memory intensive pods [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "802104d0-2bfc-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.container" + }, + "id": "5d3692a0-2bfc-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "5d3692a1-2bfc-11e7-859b-f78b612cde28", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.container.memory.usage.bytes", + "id": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "type": "sum" + }, + { + "field": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "id": "3972e9f0-256f-11e8-84e6-87221f87ae3b", + "type": "cumulative_sum" + }, + { + "field": "3972e9f0-256f-11e8-84e6-87221f87ae3b", + "id": "3e9fd5a0-256f-11e8-84e6-87221f87ae3b", + "type": "derivative", + "unit": "10s" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.pod.name", + "terms_order_by": "5d3692a2-2bfc-11e7-859b-f78b612cde28", + "terms_size": "10", + "value_template": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top memory intensive pods [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "a4c9d360-30df-11e7-8df8-6d3604a72912-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/b8a24790-9bf0-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/b8a24790-9bf0-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..ccc3aa57ab1 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/b8a24790-9bf0-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,259 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy network programming [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4fb3cbb0-9be5-11e9-871d-d3c7d4c337ef" + } + ], + "bar_color_rules": [ + { + "id": "4b459c20-9be5-11e9-871d-d3c7d4c337ef" + } + ], + "default_index_pattern": "metrics-*", + "gauge_color_rules": [ + { + "id": "4de1cad0-9be5-11e9-871d-d3c7d4c337ef" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(63,112,2,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Under 16ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.16000", + "id": "4dbb3a90-9be6-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "4dbb3a90-9be6-11e9-871d-d3c7d4c337ef", + "id": "189688a0-9be7-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(138,223,24,1)", + "fill": "0.4", + "formatter": "number", + "hidden": false, + "id": "a60dbe60-9be7-11e9-871d-d3c7d4c337ef", + "label": "Under 512ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.512000", + "id": "a60dbe61-9be7-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "a60dbe61-9be7-11e9-871d-d3c7d4c337ef", + "id": "b55a1080-9be7-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": "0.4", + "formatter": "number", + "hidden": false, + "id": "c5cc4f90-9be8-11e9-871d-d3c7d4c337ef", + "label": "Under 1024 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.1024000", + "id": "c5cc4f91-9be8-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "c5cc4f91-9be8-11e9-871d-d3c7d4c337ef", + "id": "f17cb2b0-9be8-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0.2", + "formatter": "number", + "hidden": false, + "id": "e0901380-9be7-11e9-871d-d3c7d4c337ef", + "label": "Under 4096 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.4096000", + "id": "e0901381-9be7-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "e0901381-9be7-11e9-871d-d3c7d4c337ef", + "id": "f2b6fce0-9be7-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0.2", + "formatter": "number", + "id": "882fa5a0-9be9-11e9-871d-d3c7d4c337ef", + "label": "Under 8192 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.8192000", + "id": "882fccb0-9be9-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "882fccb0-9be9-11e9-871d-d3c7d4c337ef", + "id": "9adb9d80-9be9-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(209,119,103,1)", + "fill": "0", + "formatter": "number", + "id": "86549550-9bef-11e9-871d-d3c7d4c337ef", + "label": "Under 16384 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.16384000", + "id": "86549551-9bef-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "86549551-9bef-11e9-871d-d3c7d4c337ef", + "id": "86549552-9bef-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "c66bf580-9be9-11e9-871d-d3c7d4c337ef", + "label": "All", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.+Inf", + "id": "c66bf581-9be9-11e9-871d-d3c7d4c337ef", + "type": "avg" + }, + { + "field": "c66bf581-9be9-11e9-871d-d3c7d4c337ef", + "id": "d48b3950-9be9-11e9-871d-d3c7d4c337ef", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Proxy network programming [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "b8a24790-9bf0-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ba7bf750-9bf5-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ba7bf750-9bf5-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..15b38b878f4 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ba7bf750-9bf5-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,242 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy sync rules [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(63,112,2,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Under 16 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.16000", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "038a94d0-9bf4-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(138,223,24,1)", + "fill": "0.4", + "formatter": "number", + "hidden": false, + "id": "250daed0-9bf4-11e9-9f03-d58417b2a60d", + "label": "Under 512 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.512000", + "id": "250dd5e0-9bf4-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "250dd5e0-9bf4-11e9-9f03-d58417b2a60d", + "id": "250dd5e1-9bf4-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": "0.3", + "formatter": "number", + "hidden": false, + "id": "744141b0-9bf4-11e9-9f03-d58417b2a60d", + "label": "Under 1024 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.1024000", + "id": "744141b1-9bf4-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "744141b1-9bf4-11e9-9f03-d58417b2a60d", + "id": "744141b2-9bf4-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0.2", + "formatter": "number", + "hidden": false, + "id": "e4454060-9bf4-11e9-9f03-d58417b2a60d", + "label": "Under 4096 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.4096000", + "id": "e4454061-9bf4-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "e4454061-9bf4-11e9-9f03-d58417b2a60d", + "id": "e4456770-9bf4-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0.1", + "formatter": "number", + "hidden": false, + "id": "1ac14f80-9bf5-11e9-9f03-d58417b2a60d", + "label": "Under 8192 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.8192000", + "id": "1ac17690-9bf5-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "1ac17690-9bf5-11e9-9f03-d58417b2a60d", + "id": "1ac17691-9bf5-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(209,119,103,1)", + "fill": "0", + "formatter": "number", + "hidden": false, + "id": "3cbf17c0-9bf5-11e9-9f03-d58417b2a60d", + "label": "Under 16384 ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.16384000", + "id": "3cbf17c1-9bf5-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "3cbf17c1-9bf5-11e9-9f03-d58417b2a60d", + "id": "3cbf17c2-9bf5-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "formatter": "number", + "id": "58fb7c80-9bf5-11e9-9f03-d58417b2a60d", + "label": "All", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.sync.rules.duration.us.bucket.+Inf", + "id": "58fb7c81-9bf5-11e9-9f03-d58417b2a60d", + "type": "avg" + }, + { + "field": "58fb7c81-9bf5-11e9-9f03-d58417b2a60d", + "id": "58fb7c82-9bf5-11e9-9f03-d58417b2a60d", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Proxy sync rules [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "ba7bf750-9bf5-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/bcb194a0-9bf8-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/bcb194a0-9bf8-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..b379a247e2a --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/bcb194a0-9bf8-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Host selector [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "host.hostname", + "id": "1561982488150", + "indexPatternRefName": "control_0_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "service.address", + "id": "1561982723711", + "indexPatternRefName": "control_1_index_pattern", + "label": "Service address", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Host selector [Metrics Kubernetes]", + "type": "input_control_vis" + } + }, + "id": "bcb194a0-9bf8-11e9-9dc8-fd27291d427f", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cac89fb0-9906-11e9-ba57-b7ab4e2d4b58.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cac89fb0-9906-11e9-ba57-b7ab4e2d4b58.json new file mode 100644 index 00000000000..0b0176969ba --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cac89fb0-9906-11e9-ba57-b7ab4e2d4b58.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy memory [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Resident", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.memory.resident.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "1ea6cee0-9907-11e9-b4e1-6dc893538542", + "label": "Virtual", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.memory.virtual.bytes", + "id": "1ea6cee1-9907-11e9-b4e1-6dc893538542", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Proxy memory [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "cac89fb0-9906-11e9-ba57-b7ab4e2d4b58", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cd059410-2bfb-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cd059410-2bfb-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..720b51b4555 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/cd059410-2bfb-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Deployments [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "67ee7da0-30e0-11e7-8df8-6d3604a72912" + } + ], + "bar_color_rules": [ + { + "id": "68cdba10-30e0-11e7-8df8-6d3604a72912" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "gauge_color_rules": [ + { + "id": "69765620-30e0-11e7-8df8-6d3604a72912" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "4c4690b0-30e0-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "4c4690b1-30e0-11e7-8df8-6d3604a72912", + "label": "Deployments", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.name", + "id": "4c4690b2-30e0-11e7-8df8-6d3604a72912", + "type": "cardinality" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "kubernetes.deployment.name" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Deployments [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "cd059410-2bfb-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d6564360-2bfc-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d6564360-2bfc-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..dee44b38adf --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d6564360-2bfc-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Memory usage by node [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "12c1f2f0-2bf2-11e7-859b-f78b612cde28" + } + ], + "bar_color_rules": [ + { + "id": "1373ddd0-2bf2-11e7-859b-f78b612cde28" + } + ], + "filter": { + "language": "lucene", + "query": "(stream.dataset:kubernetes.container OR stream.dataset:kubernetes.state_node)" + }, + "gauge_color_rules": [ + { + "id": "140e4910-2bf2-11e7-859b-f78b612cde28" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "0d5c6b10-2bf2-11e7-859b-f78b612cde28", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "0d5c9220-2bf2-11e7-859b-f78b612cde28", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.container.memory.usage.bytes", + "id": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "type": "sum" + }, + { + "field": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "id": "9f0cf900-1ffb-11e8-81f2-43be86397500", + "type": "cumulative_sum" + }, + { + "field": "9f0cf900-1ffb-11e8-81f2-43be86397500", + "id": "a926e130-1ffb-11e8-81f2-43be86397500", + "type": "derivative", + "unit": "10s" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.node.name", + "terms_order_by": "0d5c9221-2bf2-11e7-859b-f78b612cde28", + "terms_size": "10000" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "formatter": "bytes", + "hide_in_legend": 1, + "id": "8ba3b270-31a7-11e7-84cc-096d2b38e6e5", + "label": "Node capacity", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.node.memory.capacity.bytes", + "id": "8ba3b271-31a7-11e7-84cc-096d2b38e6e5", + "type": "sum" + }, + { + "field": "8ba3b271-31a7-11e7-84cc-096d2b38e6e5", + "id": "d1fb2670-1ffb-11e8-81f2-43be86397500", + "type": "cumulative_sum" + }, + { + "field": "d1fb2670-1ffb-11e8-81f2-43be86397500", + "id": "dc8b01f0-1ffb-11e8-81f2-43be86397500", + "type": "derivative", + "unit": "10s" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "kubernetes.node.name", + "terms_order_by": "8ba3b271-31a7-11e7-84cc-096d2b38e6e5", + "terms_size": "10000" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Memory usage by node [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "d6564360-2bfc-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d86b2da0-9c20-11e9-9dc8-fd27291d427f.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d86b2da0-9c20-11e9-9dc8-fd27291d427f.json new file mode 100644 index 00000000000..a556d244e9f --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d86b2da0-9c20-11e9-9dc8-fd27291d427f.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controller HTTP request duration [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(165,228,85,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "P99", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.http.request.duration.us.percentile.99", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "24fb4960-9c22-11e9-b29f-d55be9348723", + "label": "P90", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.http.request.duration.us.percentile.90", + "id": "24fb4961-9c22-11e9-b29f-d55be9348723", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(65,117,0,1)", + "fill": 0.5, + "formatter": "us,ms,2", + "id": "2e397790-9c22-11e9-b29f-d55be9348723", + "label": "P50", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.controllermanager.http.request.duration.us.percentile.50", + "id": "2e397791-9c22-11e9-b29f-d55be9348723", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Controller HTTP request duration [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "d86b2da0-9c20-11e9-9dc8-fd27291d427f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d9fc1b80-9c9c-11e9-94fd-c91206cd5249.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d9fc1b80-9c9c-11e9-94fd-c91206cd5249.json new file mode 100644 index 00000000000..0cadba32732 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/d9fc1b80-9c9c-11e9-94fd-c91206cd5249.json @@ -0,0 +1,245 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Scheduler end to end scheduling duration [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(63,112,2,1)", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Under 16ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.16000", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "2a21d690-9c9d-11e9-8174-4589c2c40897", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(138,223,24,1)", + "fill": "0.4", + "formatter": "number", + "hidden": false, + "id": "a0344a80-9ca1-11e9-9b2f-4dae0cc2bdf1", + "label": "Under 512ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.512000", + "id": "a0347190-9ca1-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "a0347190-9ca1-11e9-9b2f-4dae0cc2bdf1", + "id": "9a865d10-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(174,161,255,1)", + "fill": "0.3", + "formatter": "number", + "hidden": false, + "id": "c456c780-9ca1-11e9-9b2f-4dae0cc2bdf1", + "label": "Under 1024ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.1024000", + "id": "c456c781-9ca1-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "c456c781-9ca1-11e9-9b2f-4dae0cc2bdf1", + "id": "a77cd850-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0.2", + "formatter": "number", + "hidden": false, + "id": "127a9810-9ca2-11e9-9b2f-4dae0cc2bdf1", + "label": "Under 4096ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.4096000", + "id": "127a9811-9ca2-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "127a9811-9ca2-11e9-9b2f-4dae0cc2bdf1", + "id": "b48a0fe0-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0.1", + "formatter": "number", + "hidden": false, + "id": "6a2ba130-9ca2-11e9-9b2f-4dae0cc2bdf1", + "label": "Under 8192ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.8192000", + "id": "6a2ba131-9ca2-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "6a2ba131-9ca2-11e9-9b2f-4dae0cc2bdf1", + "id": "c727fe00-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(209,119,103,1)", + "fill": "0", + "formatter": "number", + "hidden": false, + "id": "f93a66e0-9ca2-11e9-9b2f-4dae0cc2bdf1", + "label": "Under 16384ms", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.16384000", + "id": "f93a66e1-9ca2-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "f93a66e1-9ca2-11e9-9b2f-4dae0cc2bdf1", + "id": "ce42d700-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": "0", + "formatter": "number", + "hidden": false, + "id": "310452c0-9ca3-11e9-9b2f-4dae0cc2bdf1", + "label": "All", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.+Inf", + "id": "310452c1-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "avg" + }, + { + "field": "310452c1-9ca3-11e9-9b2f-4dae0cc2bdf1", + "id": "e0692420-9ca3-11e9-9b2f-4dae0cc2bdf1", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Scheduler end to end scheduling duration [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "d9fc1b80-9c9c-11e9-94fd-c91206cd5249", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/da1ff7c0-30ed-11e7-b9e5-2b5b07213ab3-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/da1ff7c0-30ed-11e7-b9e5-2b5b07213ab3-ecs.json new file mode 100644 index 00000000000..e9d18a75f60 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/da1ff7c0-30ed-11e7-b9e5-2b5b07213ab3-ecs.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Available pods [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "508ffb30-30d5-11e7-8df8-6d3604a72912" + } + ], + "bar_color_rules": [ + { + "id": "674d83b0-30d5-11e7-8df8-6d3604a72912" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "gauge_color_rules": [ + { + "id": "50f9b980-30d5-11e7-8df8-6d3604a72912" + } + ], + "gauge_inner_width": "10", + "gauge_max": "5", + "gauge_style": "half", + "gauge_width": "10", + "id": "2fe9d3b0-30d5-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2fe9d3b1-30d5-11e7-8df8-6d3604a72912", + "label": "Available Pods", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.replicas.available", + "id": "54cf79a0-30d5-11e7-8df8-6d3604a72912", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_index_pattern": "*", + "series_interval": "10s", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Available pods [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "da1ff7c0-30ed-11e7-b9e5-2b5b07213ab3-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e0ddd3e0-98fe-11e9-ba57-b7ab4e2d4b58.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e0ddd3e0-98fe-11e9-ba57-b7ab4e2d4b58.json new file mode 100644 index 00000000000..29ddc1fd182 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e0ddd3e0-98fe-11e9-ba57-b7ab4e2d4b58.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Proxy CPU [Metrics Kubernetes]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "CPU time", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.proxy.process.cpu.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "35da60d0-98fe-11e9-b4e1-6dc893538542", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Proxy CPU [Metrics Kubernetes]", + "type": "metrics" + } + }, + "id": "e0ddd3e0-98fe-11e9-ba57-b7ab4e2d4b58", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e1018b90-2bfb-11e7-859b-f78b612cde28-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e1018b90-2bfb-11e7-859b-f78b612cde28-ecs.json new file mode 100644 index 00000000000..8debba40bde --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/e1018b90-2bfb-11e7-859b-f78b612cde28-ecs.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Desired pods [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "508ffb30-30d5-11e7-8df8-6d3604a72912" + } + ], + "bar_color_rules": [ + { + "id": "674d83b0-30d5-11e7-8df8-6d3604a72912" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:kubernetes.state_deployment" + }, + "gauge_color_rules": [ + { + "id": "50f9b980-30d5-11e7-8df8-6d3604a72912" + } + ], + "gauge_inner_width": "10", + "gauge_max": "5", + "gauge_style": "half", + "gauge_width": "10", + "id": "2fe9d3b0-30d5-11e7-8df8-6d3604a72912", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2fe9d3b1-30d5-11e7-8df8-6d3604a72912", + "label": "Desired Pods", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.deployment.replicas.desired", + "id": "54cf79a0-30d5-11e7-8df8-6d3604a72912", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_interval": "10s", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Desired pods [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "e1018b90-2bfb-11e7-859b-f78b612cde28-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ec360ff0-57a0-11e8-afa2-e9067ea62228-ecs.json b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ec360ff0-57a0-11e8-afa2-e9067ea62228-ecs.json new file mode 100644 index 00000000000..be1c7bece09 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/kibana/visualization/ec360ff0-57a0-11e8-afa2-e9067ea62228-ecs.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "API Server Requests [Metrics Kubernetes] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "NOT (kubernetes.apiserver.request.verb: WATCH or kubernetes.apiserver.request.verb: CONNECT)" + }, + "formatter": "us,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Avg response time", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.apiserver.request.latency.sum", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + }, + { + "field": "kubernetes.apiserver.request.count", + "id": "a2185e50-57a0-11e8-af57-a1d645d2b569", + "type": "max" + }, + { + "id": "b09133d0-57a0-11e8-af57-a1d645d2b569", + "script": "params.sum / params.count", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "b27c8910-57a0-11e8-af57-a1d645d2b569", + "name": "sum" + }, + { + "field": "a2185e50-57a0-11e8-af57-a1d645d2b569", + "id": "b5fc8810-57a0-11e8-af57-a1d645d2b569", + "name": "count" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} ms" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": 0.5, + "formatter": "number", + "id": "c0019340-57a1-11e8-a049-ff54cef064a2", + "label": "Requests rate", + "line_width": 1, + "metrics": [ + { + "field": "kubernetes.apiserver.request.count", + "id": "c001ba50-57a1-11e8-a049-ff54cef064a2", + "type": "max" + }, + { + "field": "c001ba50-57a1-11e8-a049-ff54cef064a2", + "id": "dc83b390-57a1-11e8-a049-ff54cef064a2", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "API Server Requests [Metrics Kubernetes] ECS", + "type": "metrics" + } + }, + "id": "ec360ff0-57a0-11e8-afa2-e9067ea62228-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/kubernetes/0.0.1/manifest.yml b/dev/packages/beats/kubernetes/0.0.1/manifest.yml new file mode 100644 index 00000000000..c2033180685 --- /dev/null +++ b/dev/packages/beats/kubernetes/0.0.1/manifest.yml @@ -0,0 +1,45 @@ +format_version: 1.0.0 +name: kubernetes +title: Kubernetes +version: 0.0.1 +license: basic +description: Kubernetes Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-kubernetes-controllermanager.png + title: metricbeat kubernetes controllermanager + size: 1896x961 + type: image/png +- src: /img/metricbeat_kubernetes_scheduler.png + title: metricbeat kubernetes scheduler + size: 1856x897 + type: image/png +- src: /img/metricbeat-kubernetes-proxy.png + title: metricbeat kubernetes proxy + size: 1854x920 + type: image/png +icons: +- src: /img/logo_kubernetes.svg + title: logo kubernetes + size: 32x32 + type: image/svg+xml +datasources: +- name: kubernetes + title: Kubernetes metrics + description: Collect metrics from Kubernetes instances + inputs: + - type: kubernetes/metrics + title: Collect metrics from Kubernetes instances + description: Collecting Kubernetes apiserver, container, controllermanager, event, + node, pod, proxy, scheduler, state_container, state_cronjob, state_deployment, + state_node, state_persistentvolume, state_persistentvolumeclaim, state_pod, + state_replicaset, state_resourcequota, state_service, state_statefulset, state_storageclass, + system and volume metrics diff --git a/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/agent/stream/stream.yml.hbs b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b4b47fc33c0 --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["dommemstat"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/fields.yml b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/fields.yml new file mode 100644 index 00000000000..391edf43614 --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/fields.yml @@ -0,0 +1,23 @@ +- name: kvm.dommemstat + type: group + release: beta + fields: + - name: stat + type: group + fields: + - name: name + type: keyword + description: | + Memory stat name + - name: value + type: long + description: | + Memory stat value + - name: id + type: long + description: | + Domain id + - name: name + type: keyword + description: | + Domain name diff --git a/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/package-fields.yml b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/package-fields.yml new file mode 100644 index 00000000000..22d430d3f5e --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: kvm + type: group diff --git a/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/manifest.yml b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/manifest.yml new file mode 100644 index 00000000000..89ad17a5f62 --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/dataset/dommemstat/manifest.yml @@ -0,0 +1,15 @@ +title: kvm dommemstat metrics +release: experimental +type: metrics +streams: +- input: kvm/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: kvm dommemstat metrics + description: Collect kvm dommemstat metrics diff --git a/dev/packages/beats/kvm/0.0.1/docs/README.md b/dev/packages/beats/kvm/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/kvm/0.0.1/manifest.yml b/dev/packages/beats/kvm/0.0.1/manifest.yml new file mode 100644 index 00000000000..24f8ac54ab6 --- /dev/null +++ b/dev/packages/beats/kvm/0.0.1/manifest.yml @@ -0,0 +1,31 @@ +format_version: 1.0.0 +name: kvm +title: kvm +version: 0.0.1 +license: basic +description: kvm Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: kvm + title: kvm metrics + description: Collect metrics from kvm instances + inputs: + - type: kvm/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - unix:///var/run/libvirt/libvirt-sock + title: Collect metrics from kvm instances + description: Collecting kvm dommemstat metrics diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/logstash/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..3ea88099bbd --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +{{#if eq .format "plain"}} +multiline: + pattern: ^\[[0-9]{4}-[0-9]{2}-[0-9]{2} + negate: true + match: after +{{/if}} +processors: +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/logstash/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..27fb8a350b2 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,51 @@ +--- +description: Pipeline for parsing logstash logs +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- json: + field: message + target_field: logstash.log +- rename: + field: '@timestamp' + target_field: event.created +- convert: + field: logstash.log.timeMillis + type: string +- date: + field: logstash.log.timeMillis + formats: + - UNIX_MS + target_field: '@timestamp' +- rename: + field: logstash.log.loggerName + target_field: logstash.log.module +- remove: + field: + - message + - logstash.log.timeMillis +- rename: + field: logstash.log.logEvent.message + target_field: message +- rename: + field: logstash.log.logEvent + target_field: logstash.log.log_event +- rename: + field: logstash.log.level + target_field: log.level +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["ERROR", "FATAL"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..8cf29aad9cc --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,23 @@ +- name: logstash.log + title: Logstash + type: group + fields: + - name: module + type: keyword + description: | + The module or class where the event originate. + - name: thread + type: keyword + description: | + Information about the running thread where the log originate. + multi_fields: + - name: text + type: text + - name: log_event + type: object + description: | + key and value debugging information. + - name: pipeline_id + type: keyword + description: | + The ID of the pipeline. diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..ee56c0bc5bc --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: logstash + type: group diff --git a/dev/packages/beats/logstash/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/logstash/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..dff987e2dc5 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,28 @@ +title: logstash log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: format + type: text + title: Format + multi: false + required: true + show_user: true + default: plain + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/logstash/logstash-{{.format}}*.log + os: + windows: + default: + - c:/programdata/logstash/logs/logstash-{{.format}}*.log + template_path: log.yml.hbs + title: logstash log logs (log) + description: Collect logstash log logs using log input diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/logstash/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node/fields/ecs.yml b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/ecs.yml new file mode 100644 index 00000000000..7fdd2b03802 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/ecs.yml @@ -0,0 +1,34 @@ +- name: host + title: Host + group: 2 + type: group + fields: + - name: hostname + level: core + type: keyword + description: |- + Hostname of the host. + It normally contains what the `hostname` command returns on the host machine. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. +- name: service + title: Service + group: 2 + type: group + fields: + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..378254bb792 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,11 @@ +- name: logstash.node + type: group + release: ga + fields: + - name: jvm + type: group + fields: + - name: version + type: keyword + description: | + Version diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..ee56c0bc5bc --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: logstash + type: group diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/logstash/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..af062ddd003 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,15 @@ +title: Logstash node metrics +release: experimental +type: metrics +streams: +- input: logstash/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Logstash node metrics + description: Collect Logstash node metrics diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..7ae7fc933eb --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node_stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/fields.yml new file mode 100644 index 00000000000..5fb93ab0e02 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/fields.yml @@ -0,0 +1,19 @@ +- name: logstash.node.stats + type: group + release: ga + fields: + - name: events + type: group + fields: + - name: in + type: long + description: | + Incoming events counter. + - name: out + type: long + description: | + Outgoing events counter. + - name: filtered + type: long + description: | + Filtered events counter. diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/package-fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/package-fields.yml new file mode 100644 index 00000000000..ee56c0bc5bc --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: logstash + type: group diff --git a/dev/packages/beats/logstash/0.0.1/dataset/node_stats/manifest.yml b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/manifest.yml new file mode 100644 index 00000000000..e42b6dafd17 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/node_stats/manifest.yml @@ -0,0 +1,15 @@ +title: Logstash node_stats metrics +release: experimental +type: metrics +streams: +- input: logstash/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Logstash node_stats metrics + description: Collect Logstash node_stats metrics diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ce65833452f --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs @@ -0,0 +1,8 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..651c9bca41f --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,62 @@ +--- +description: Pipeline for parsing logstash slowlogs +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- json: + field: message + target_field: logstash.slowlog +- rename: + field: '@timestamp' + target_field: event.created +- convert: + field: logstash.slowlog.timeMillis + type: string +- date: + field: logstash.slowlog.timeMillis + formats: + - UNIX_MS + target_field: '@timestamp' +- rename: + field: logstash.slowlog.loggerName + target_field: logstash.slowlog.module +- rename: + field: logstash.slowlog.logEvent.took_in_millis + target_field: logstash.slowlog.took_in_millis +- rename: + field: logstash.slowlog.logEvent.took_in_nanos + target_field: event.duration +- rename: + field: logstash.slowlog.logEvent.event + target_field: logstash.slowlog.event +- rename: + field: logstash.slowlog.logEvent.plugin_params + target_field: logstash.slowlog.plugin_params_object +- grok: + field: logstash.slowlog.module + patterns: + - slowlog.logstash.%{WORD:logstash.slowlog.plugin_type}.%{WORD:logstash.slowlog.plugin_name} +- remove: + field: + - message + - logstash.slowlog.timeMillis + - logstash.slowlog.logEvent +- rename: + field: logstash.slowlog.level + target_field: log.level +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["ERROR", "FATAL"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/ecs.yml b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/ecs.yml new file mode 100644 index 00000000000..54260703444 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/ecs.yml @@ -0,0 +1,25 @@ +- name: event + title: Event + group: 2 + type: group + fields: + - name: duration + level: core + type: long + format: duration + description: |- + Duration of the event in nanoseconds. + If event.start and event.end are known this value should be the difference between the end and start time. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 00000000000..39a063b232a --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,44 @@ +- name: logstash.slowlog + type: group + fields: + - name: module + type: keyword + description: | + The module or class where the event originate. + - name: thread + type: keyword + description: | + Information about the running thread where the log originate. + multi_fields: + - name: text + type: text + - name: event + type: keyword + description: | + Raw dump of the original event + multi_fields: + - name: text + type: text + - name: plugin_name + type: keyword + description: | + Name of the plugin + - name: plugin_type + type: keyword + description: | + Type of the plugin: Inputs, Filters, Outputs or Codecs. + - name: took_in_millis + type: long + description: | + Execution time for the plugin in milliseconds. + - name: plugin_params + type: keyword + description: | + String value of the plugin configuration + multi_fields: + - name: text + type: text + - name: plugin_params_object + type: object + description: | + key -> value of the configuration used by the plugin. diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/package-fields.yml b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/package-fields.yml new file mode 100644 index 00000000000..ee56c0bc5bc --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: logstash + type: group diff --git a/dev/packages/beats/logstash/0.0.1/dataset/slowlog/manifest.yml b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/manifest.yml new file mode 100644 index 00000000000..246b545b4ae --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/dataset/slowlog/manifest.yml @@ -0,0 +1,21 @@ +title: logstash slowlog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/logstash/logstash-slowlog-{{.format}}*.log + os: + windows: + default: + - c:/programdata/logstash/logs/logstash-slowlog-{{.format}}*.log + template_path: log.yml.hbs + title: logstash slowlog logs (log) + description: Collect logstash slowlog logs using log input diff --git a/dev/packages/beats/logstash/0.0.1/docs/README.md b/dev/packages/beats/logstash/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-log.png b/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-log.png new file mode 100644 index 00000000000..ebc5e928a2b Binary files /dev/null and b/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-log.png differ diff --git a/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-slowlog.png b/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-slowlog.png new file mode 100644 index 00000000000..ad8b9c0285b Binary files /dev/null and b/dev/packages/beats/logstash/0.0.1/img/kibana-logstash-slowlog.png differ diff --git a/dev/packages/beats/logstash/0.0.1/img/logo_logstash.svg b/dev/packages/beats/logstash/0.0.1/img/logo_logstash.svg new file mode 100644 index 00000000000..df5dec21780 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/img/logo_logstash.svg @@ -0,0 +1,7 @@ + + + + + + + diff --git a/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Log-Dashboard-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Log-Dashboard-ecs.json new file mode 100644 index 00000000000..b60f1dd723d --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Log-Dashboard-ecs.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "Overview of Logstash logs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "log.level", + "logstash.log.integration", + "message", + "source" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 40, + "i": "4", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Logstash] Logstash Logs ECS", + "version": 1 + }, + "id": "Logs-Logstash-Log-Dashboard-ecs", + "references": [ + { + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Slowlog-Dashboard-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Slowlog-Dashboard-ecs.json new file mode 100644 index 00000000000..f99972f99fd --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/dashboard/Filebeat-Logstash-Slowlog-Dashboard-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "Overview of Logstash Slowlogs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "columns": [ + "log.level", + "logstash.slowlog.plugin_type", + "logstash.slowlog.plugin_name", + "logstash.slowlog.message", + "logstash.slowlog.plugin_params", + "logstash.slowlog.execution_time_ns" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 36, + "i": "1", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Logstash] Slowlogs ECS", + "version": 1 + }, + "id": "Logs-Logstash-Slowlog-Dashboard-ecs", + "references": [ + { + "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_0", + "type": "search" + }, + { + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b3315630-cbdf-11e7-9852-73e0a9df1bb6-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/search/742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/search/742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs.json new file mode 100644 index 00000000000..0ea82e860ca --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/search/742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "columns": [ + "log.level", + "logstash.slowlog.plugin_type", + "logstash.slowlog.plugin_name", + "logstash.slowlog.message", + "logstash.slowlog.plugin_params", + "logstash.slowlog.execution_time_ns" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"logstash.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "logstash." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "slowlog", + "type": "phrase" + }, + "type": "phrase", + "value": "slowlog" + }, + "query": { + "match": { + "fileset.name": { + "query": "slowlog", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "log.level", + "asc" + ] + ], + "title": "Slow logs [Logs Logstash] ECS", + "version": 1 + }, + "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/search/cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/search/cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs.json new file mode 100644 index 00000000000..b53bea6a50d --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/search/cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "columns": [ + "log.level", + "logstash.log.integration", + "message", + "source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"logstash.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "logstash." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "logs [Logs Logstash] ECS", + "version": 1 + }, + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/visualization/0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/visualization/0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs.json new file mode 100644 index 00000000000..5daf1111e63 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/visualization/0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Logs Severity [Logs Logstash] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Logs Severity [Logs Logstash] ECS", + "type": "pie" + } + }, + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6-ecs", + "references": [ + { + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/visualization/b3315630-cbdf-11e7-9852-73e0a9df1bb6-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/visualization/b3315630-cbdf-11e7-9852-73e0a9df1bb6-ecs.json new file mode 100644 index 00000000000..225c1bd4181 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/visualization/b3315630-cbdf-11e7-9852-73e0a9df1bb6-ecs.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Slowest plugins [Logs Logstash] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Average", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Min", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Plugin Name", + "field": "logstash.slowlog.plugin_name", + "order": "desc", + "orderBy": "5", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Max", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Plugin Type", + "field": "logstash.slowlog.plugin_type", + "order": "desc", + "orderBy": "5", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Slowest plugins [Logs Logstash] ECS", + "type": "table" + } + }, + "id": "b3315630-cbdf-11e7-9852-73e0a9df1bb6-ecs", + "references": [ + { + "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/kibana/visualization/e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs.json b/dev/packages/beats/logstash/0.0.1/kibana/visualization/e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs.json new file mode 100644 index 00000000000..53b5f183e9b --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/kibana/visualization/e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "logs over time [Logs Logstash] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "logs over time [Logs Logstash] ECS", + "type": "histogram" + } + }, + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6-ecs", + "references": [ + { + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/logstash/0.0.1/manifest.yml b/dev/packages/beats/logstash/0.0.1/manifest.yml new file mode 100644 index 00000000000..7c0549c2790 --- /dev/null +++ b/dev/packages/beats/logstash/0.0.1/manifest.yml @@ -0,0 +1,51 @@ +format_version: 1.0.0 +name: logstash +title: Logstash +version: 0.0.1 +license: basic +description: Logstash Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-logstash-log.png + title: kibana logstash log + size: 1266x1343 + type: image/png +- src: /img/kibana-logstash-slowlog.png + title: kibana logstash slowlog + size: 1265x1341 + type: image/png +icons: +- src: /img/logo_logstash.svg + title: logo logstash + size: 32x32 + type: image/svg+xml +datasources: +- name: logstash + title: Logstash logs and metrics + description: Collect logs and metrics from Logstash instances + inputs: + - type: logs + title: Collect logs from Logstash instances + description: Collecting Logstash log and slowlog logs + - type: logstash/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:9600 + title: Collect metrics from Logstash instances + description: Collecting Logstash node and node_stats metrics diff --git a/dev/packages/beats/memcached/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/memcached/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..5f6496eedc7 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,68 @@ +- name: memcached.stats + type: group + release: ga + fields: + - name: pid + type: long + description: | + Current process ID of the Memcached task. + - name: uptime.sec + type: long + description: | + Memcached server uptime. + - name: threads + type: long + description: | + Number of threads used by the current Memcached server process. + - name: connections.current + type: long + description: | + Number of open connections to this Memcached server, should be the same value on all servers during normal operation. + - name: connections.total + type: long + description: | + Numer of successful connect attempts to this server since it has been started. + - name: get.hits + type: long + description: | + Number of successful "get" commands (cache hits) since startup, divide them by the "cmd_get" value to get the cache hitrate. + - name: get.misses + type: long + description: | + Number of failed "get" requests because nothing was cached for this key or the cached value was too old. + - name: cmd.get + type: long + description: | + Number of "get" commands received since server startup not counting if they were successful or not. + - name: cmd.set + type: long + description: | + Number of "set" commands serviced since startup. + - name: read.bytes + type: long + description: | + Total number of bytes received from the network by this server. + - name: written.bytes + type: long + description: | + Total number of bytes send to the network by this server. + - name: items.current + type: long + description: | + Number of items currently in this server's cache. + - name: items.total + type: long + description: | + Number of items stored ever stored on this server. This is no "maximum item count" value but a counted increased by every new item stored in the cache. + - name: evictions + type: long + description: | + Number of objects removed from the cache to free up memory for new items because Memcached reached it's maximum memory setting (limit_maxbytes). + - name: bytes.current + type: long + description: | + Number of bytes currently used for caching items. + - name: bytes.limit + type: long + description: | + Number of bytes this server is allowed to use for storage. diff --git a/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..b4104d6d314 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: memcached + type: group diff --git a/dev/packages/beats/memcached/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/memcached/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..cd104707d60 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: Memcached stats metrics +release: experimental +type: metrics +streams: +- input: memcached/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Memcached stats metrics + description: Collect Memcached stats metrics diff --git a/dev/packages/beats/memcached/0.0.1/docs/README.md b/dev/packages/beats/memcached/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/memcached/0.0.1/img/logo_memcached.svg b/dev/packages/beats/memcached/0.0.1/img/logo_memcached.svg new file mode 100644 index 00000000000..f09f3a125a8 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/img/logo_memcached.svg @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/memcached/0.0.1/manifest.yml b/dev/packages/beats/memcached/0.0.1/manifest.yml new file mode 100644 index 00000000000..bc63cc1c492 --- /dev/null +++ b/dev/packages/beats/memcached/0.0.1/manifest.yml @@ -0,0 +1,36 @@ +format_version: 1.0.0 +name: memcached +title: Memcached +version: 0.0.1 +license: basic +description: Memcached Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/logo_memcached.svg + title: logo memcached + size: 32x32 + type: image/svg+xml +datasources: +- name: memcached + title: Memcached metrics + description: Collect metrics from Memcached instances + inputs: + - type: memcached/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:11211 + title: Collect metrics from Memcached instances + description: Collecting Memcached stats metrics diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/httpjson.yml.hbs b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/httpjson.yml.hbs new file mode 100644 index 00000000000..dd9cd7c2fda --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/httpjson.yml.hbs @@ -0,0 +1,21 @@ +api_key: {{api_key}} +http_client_timeout: {{http_client_timeout}} +http_method: {{http_method}} +http_headers: {{http_headers}} +http_request_body: {{http_request_body}} +interval: {{interval}} +json_objects_array: {{json_objects_array}} +pagination: {{pagination}} +url: {{url}} +ssl: {{ssl}} +processors: + - script: + lang: javascript + id: misp_script + file: ${path.home}/module/misp/threat/config/pipeline.js + - timestamp: + field: json.timestamp + layouts: + - UNIX + - drop_fields: + fields: [json] \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/log.yml.hbs b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..2f631383529 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/log.yml.hbs @@ -0,0 +1,16 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - script: + lang: javascript + id: misp_script + file: ${path.home}/module/misp/threat/config/pipeline.js + - timestamp: + field: json.timestamp + layouts: + - UNIX + - drop_fields: + fields: [json] \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/pipeline.js b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/pipeline.js new file mode 100644 index 00000000000..ff798a42d7f --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/agent/stream/pipeline.js @@ -0,0 +1,214 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var threat = (function () { + var processor = require("processor"); + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "threat-intel", + type: "indicator", + }, + }); + + var setThreatFeedField = function (evt) { + evt.Put("misp.threat_indicator.feed", "misp"); + }; + + var convertFields = new processor.Convert({ + fields: [ + { from: "json.Event.id", to: "rule.id" }, + { from: "json.Event.info", to: "misp.threat_indicator.description" }, + { from: "json.Event.info", to: "rule.description" }, + { from: "json.Event.uuid", to: "misp.threat_indicator.id" }, + { from: "json.Event.uuid", to: "rule.uuid" }, + { from: "json.category", to: "rule.category" }, + { from: "json.uuid", to: "event.id" }, + ], + mode: "rename", + ignore_missing: true, + }); + + var setAttackPattern = function (evt) { + var indicator_type = evt.Get("json.type"); + var attackPattern; + var attackPatternKQL; + var arr; + var ip; + var filename; + var v = evt.Get("json.value"); + evt.Put("message", v); + evt.Put("misp.threat_indicator.type", indicator_type); + switch (indicator_type) { + case "AS": + var asn; + if (v.substring(0, 2) == "AS") { + asn = v.substring(2, v.length); + } else { + asn = v; + } + attackPattern = '[' + 'source:as:number = ' + '\'' + asn + '\'' + ' OR destination:as:number = ' + '\'' + asn + '\'' + ']'; + attackPatternKQL = 'source.as.number: ' + asn + ' OR destination.as.number: ' + asn; + break; + case 'btc': + attackPattern = '[' + 'bitcoin:address = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'bitcoin.address: ' + '"' + v + '"'; + break; + case "domain": + attackPattern = '[' + 'dns:question:name = ' + '\'' + v + '\'' + ' OR url:domain = ' + '\'' + v + '\'' + ' OR source:domain = ' + '\'' + v + '\'' + ' OR destination:domain = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'dns.question.name: ' + '"' + v + '"' + ' OR url.domain: ' + '"' + v + '"' + ' OR source.domain: ' + '"' + v + '"' + ' OR destination.domain: ' + '"' + v + '"'; + break; + case "domain|ip": + arr = v.split("|"); + if (arr.length == 2) { + var domain = arr[0]; + ip = arr[1].split("/")[0]; + attackPattern = '[' + '(' + 'dns:question:name = ' + '\'' + domain + '\'' + ' OR url:domain = ' + '\'' + domain + '\'' + ')' + + ' AND ' + '(' + 'source:ip = ' + '\'' + ip + '\'' + ' OR destination:ip = ' + '\'' + ip + '\'' + ')' + ']'; + attackPatternKQL = '(' + 'dns.question.name :' + '"' + domain + '"' + ' OR url.domain: ' + '"' + domain + '"' + ')' + ' AND ' + '(' + 'source.ip: ' + '"' + ip + '"' + ' OR destination.ip: ' + '"' + ip + '"' + ')'; + } + break; + case 'email-src': + attackPattern = '[' + 'user:email = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'user.email: ' + '"' + v + '"'; + evt.Put("user.email", v); + break; + case "filename": + attackPattern = '[' + 'file:path = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.path: ' + '"' + v + '"'; + evt.Put("file.path", v); + break; + case "filename|md5": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var md5 = arr[1]; + attackPattern = '[' + 'file:hash:md5 = ' + '\'' + md5 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.md5: ' + '"' + md5 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.md5", md5); + evt.Put("file.path", filename); + } + break; + case "filename|sha1": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var sha1 = arr[1]; + attackPattern = '[' + 'file:hash:sha1 = ' + '\'' + sha1 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.sha1: ' + '"' + sha1 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.sha1", sha1); + evt.Put("file.path", filename); + } + break; + case "filename|sha256": + arr = v.split("|"); + if (arr.length == 2) { + filename = arr[0]; + var sha256 = arr[1]; + attackPattern = '[' + 'file:hash:sha256 = ' + '\'' + sha256 + '\'' + ' AND file:path = ' + '\'' + filename + '\'' + ']'; + attackPatternKQL = 'file.hash.sha256: ' + '"' + sha256 + '"' + ' AND file.path: ' + '"' + filename + '"'; + evt.Put("file.hash.sha256", sha256); + evt.Put("file.path", filename); + } + break; + case 'github-username': + attackPattern = '[' + 'user:name = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'user.name: ' + '"' + v + '"'; + evt.Put("user.name", v); + break; + case "hostname": + attackPattern = '[' + 'source:domain = ' + '\'' + v + '\'' + ' OR destination:domain = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'source.domain: ' + '"' + v + '"' + ' OR destination.domain: ' + '"' + v + '"'; + break; + case "ip-dst": + ip = v.split("/")[0]; + attackPattern = '[destination:ip = ' + '\'' + ip + '\'' + ']'; + attackPatternKQL = 'destination.ip: ' + '"' + ip + '"'; + evt.Put("destination.ip", ip); + break; + case "ip-dst|port": + arr = v.split("|"); + if (arr.length == 2) { + attackPattern = '[destination:ip = ' + '\'' + arr[0] + '\'' + ' AND destination:port = ' + '\'' + arr[1] + '\'' + ']'; + attackPatternKQL = 'destination.ip: ' + '"' + arr[0] + '"' + ' AND destination.port: ' + arr[1]; + evt.Put("destination.ip", arr[0]); + evt.Put("destination.port", arr[1]); + } + break; + case "ip-src": + ip = v.split("/")[0]; + attackPattern = '[' + 'source:ip = ' + '\'' + ip + '\'' + ']'; + attackPatternKQL = 'source.ip: ' + '"' + ip + '"'; + evt.Put("source.ip", ip); + break; + case "link": + attackPattern = '[' + 'url:full = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'url.full: ' + '"' + v + '"'; + evt.Put("url.full", v); + break; + case "md5": + attackPattern = '[' + 'file:hash:md5 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.md5: ' + '"' + v + '"'; + evt.Put("file.hash.md5", v); + break; + case 'regkey': + attackPattern = '[' + 'regkey = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'regkey: ' + '"' + v + '"'; + evt.Put("registry.key", v); + break; + case "sha1": + attackPattern = '[' + 'file:hash:sha1 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha1: ' + '"' + v + '"'; + evt.Put("file.hash.sha1", v); + break; + case "sha256": + attackPattern = '[' + 'file:hash:sha256 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha256: ' + '"' + v + '"'; + evt.Put("file.hash.sha256", v); + break; + case "sha512": + attackPattern = '[' + 'file:hash:sha512 = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'file.hash.sha512: ' + '"' + v + '"'; + evt.Put("file.hash.sha512", v); + break; + case "url": + attackPattern = '[' + 'url:full = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'url.full: ' + '"' + v + '"'; + evt.Put("url.full", v); + break; + case 'yara': + attackPattern = '[' + 'yara:rule = ' + '\'' + v + '\'' + ']'; + attackPatternKQL = 'yara.rule: ' + '"' + v + '"'; + break; + } + if (attackPattern == undefined || attackPatternKQL == undefined) { + evt.Put("error.message", 'Unsupported type: ' + indicator_type); + } + evt.Put("misp.threat_indicator.attack_pattern", attackPattern); + evt.Put("misp.threat_indicator.attack_pattern_kql", attackPatternKQL); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(categorizeEvent) + .Add(setThreatFeedField) + .Add(convertFields) + .Add(setAttackPattern) + .Build(); + + return { + process: pipeline.Run, + }; +})(); + +function process(evt) { + return threat.process(evt); +} diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/misp/0.0.1/dataset/threat/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..0d710feeb24 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,26 @@ +{ + "description": "Pipeline for normalizing MISP threat", + "processors": [ + { + "geoip": { + "field": "destination.ip", + "target_field": "destination.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] + } + \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/fields/fields.yml b/dev/packages/beats/misp/0.0.1/dataset/threat/fields/fields.yml new file mode 100644 index 00000000000..f13ab9126aa --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/fields/fields.yml @@ -0,0 +1,515 @@ +- name: misp.attack_pattern + title: Attack Pattern + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the threat indicator. + - name: name + level: core + type: keyword + description: | + Name of the attack pattern. + - name: description + level: extended + type: text + description: | + Description of the attack pattern. + - name: kill_chain_phases + level: extended + type: keyword + description: | + The kill chain phase(s) to which this attack pattern corresponds. +- name: misp.campaign + title: Campaign + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the campaign. + - name: name + level: core + type: keyword + description: | + Name of the campaign. + - name: description + level: extended + type: text + description: | + Description of the campaign. + - name: aliases + level: extended + type: text + description: | + Alternative names used to identify this campaign. + - name: first_seen + level: core + type: date + description: | + The time that this Campaign was first seen, in RFC3339 format. + - name: last_seen + level: core + type: date + description: | + The time that this Campaign was last seen, in RFC3339 format. + - name: objective + level: core + type: keyword + description: | + This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. +- name: misp.course_of_action + title: Course of Action + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Course of Action. + - name: name + level: core + type: keyword + description: | + The name used to identify the Course of Action. + - name: description + level: extended + type: text + description: | + Description of the Course of Action. +- name: misp.identity + title: Identity + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Identity. + - name: name + level: core + type: keyword + description: | + The name used to identify the Identity. + - name: description + level: extended + type: text + description: | + Description of the Identity. + - name: identity_class + level: core + type: keyword + description: "The type of entity that this Identity describes, e.g., an individual + or organization. Open Vocab - identity-class-ov \n" + - name: labels + level: extended + type: keyword + description: "The list of roles that this Identity performs. \n" + - name: sectors + level: extended + type: keyword + description: "The list of sectors that this Identity belongs to. Open Vocab - + industry-sector-ov \n" + - name: contact_information + level: extended + type: text + description: | + The contact information (e-mail, phone number, etc.) for this Identity. +- name: misp.intrusion_set + title: Intrusion Set + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Intrusion Set. + - name: name + level: core + type: keyword + description: | + The name used to identify the Intrusion Set. + - name: description + level: extended + type: text + description: | + Description of the Intrusion Set. + - name: aliases + level: extended + type: text + description: | + Alternative names used to identify the Intrusion Set. + - name: first_seen + level: extended + type: date + description: | + The time that this Intrusion Set was first seen, in RFC3339 format. + - name: last_seen + level: extended + type: date + description: | + The time that this Intrusion Set was last seen, in RFC3339 format. + - name: goals + level: extended + type: text + description: | + The high level goals of this Intrusion Set, namely, what are they trying to do. + - name: resource_level + level: extended + type: text + description: | + This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov + - name: primary_motivation + level: extended + type: text + description: | + The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov + - name: secondary_motivations + level: extended + type: text + description: | + The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov +- name: misp.malware + title: Malware + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Malware. + - name: name + level: core + type: keyword + description: | + The name used to identify the Malware. + - name: description + level: extended + type: text + description: | + Description of the Malware. + - name: labels + level: core + type: keyword + description: | + The type of malware being described. Open Vocab - malware-label-ov. adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm + - name: kill_chain_phases + level: extended + type: keyword + format: string + description: | + The list of kill chain phases for which this Malware instance can be used. +- name: misp.note + title: Note + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Note. + - name: summary + level: extended + type: keyword + description: | + A brief description used as a summary of the Note. + - name: description + level: extended + type: text + description: | + The content of the Note. + - name: authors + level: extended + type: keyword + description: | + The name of the author(s) of this Note. + - name: object_refs + level: extended + type: keyword + description: | + The STIX Objects (SDOs and SROs) that the note is being applied to. +- name: misp.threat_indicator + title: Threat Indicator + type: group + fields: + - name: labels + level: core + type: keyword + description: "list of type open-vocab that specifies the type of indicator. \n" + - name: id + level: core + type: keyword + description: | + Identifier of the threat indicator. + - name: version + level: core + type: keyword + description: | + Version of the threat indicator. + - name: type + level: core + type: keyword + description: | + Type of the threat indicator. + - name: description + level: core + type: text + description: | + Description of the threat indicator. + - name: feed + level: core + type: text + description: | + Name of the threat feed. + - name: valid_from + level: core + type: date + description: | + The time from which this Indicator should be considered valuable intelligence, in RFC3339 format. + - name: valid_until + level: core + type: date + description: | + The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. + - name: severity + level: core + type: keyword + format: string + description: | + Threat severity to which this indicator corresponds. + - name: confidence + level: core + type: keyword + description: | + Confidence level to which this indicator corresponds. + - name: kill_chain_phases + level: extended + type: keyword + format: string + description: | + The kill chain phase(s) to which this indicator corresponds. + - name: mitre_tactic + level: extended + type: keyword + format: string + description: | + MITRE tactics to which this indicator corresponds. + - name: mitre_technique + level: extended + type: keyword + format: string + description: | + MITRE techniques to which this indicator corresponds. + - name: attack_pattern + level: core + type: keyword + description: "The attack_pattern for this indicator is a STIX Pattern as specified + in STIX Version 2.0 Part 5 - STIX Patterning. \n" + - name: attack_pattern_kql + level: core + type: keyword + description: "The attack_pattern for this indicator is KQL query that matches + the attack_pattern specified in the STIX Pattern format. \n" + - name: negate + level: core + type: boolean + description: | + When set to true, it specifies the absence of the attack_pattern. + - name: intrusion_set + level: extended + type: keyword + description: | + Name of the intrusion set if known. + - name: campaign + level: extended + type: keyword + description: | + Name of the attack campaign if known. + - name: threat_actor + level: extended + type: keyword + description: | + Name of the threat actor if known. +- name: misp.observed_data + title: Observed Data + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Observed Data. + - name: first_observed + level: core + type: date + description: | + The beginning of the time window that the data was observed, in RFC3339 format. + - name: last_observed + level: core + type: date + description: | + The end of the time window that the data was observed, in RFC3339 format. + - name: number_observed + level: core + type: integer + description: | + The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. + - name: objects + level: core + type: keyword + description: | + A dictionary of Cyber Observable Objects that describes the single fact that was observed. +- name: misp.report + title: Report + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Report. + - name: labels + level: core + type: keyword + description: | + This field is an Open Vocabulary that specifies the primary subject of this report. Open Vocab - report-label-ov. threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability + - name: name + level: core + type: keyword + description: | + The name used to identify the Report. + - name: description + level: extended + type: text + description: | + A description that provides more details and context about Report. + - name: published + level: extended + type: date + description: | + The date that this report object was officially published by the creator of this report, in RFC3339 format. + - name: object_refs + level: core + type: text + description: | + Specifies the STIX Objects that are referred to by this Report. +- name: misp.threat_actor + title: Threat Actor + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Threat Actor. + - name: labels + level: core + type: keyword + description: | + This field specifies the type of threat actor. Open Vocab - threat-actor-label-ov. activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist + - name: name + level: core + type: keyword + description: | + The name used to identify this Threat Actor or Threat Actor group. + - name: description + level: extended + type: text + description: | + A description that provides more details and context about the Threat Actor. + - name: aliases + level: extended + type: text + description: | + A list of other names that this Threat Actor is believed to use. + - name: roles + level: extended + type: text + description: | + This is a list of roles the Threat Actor plays. Open Vocab - threat-actor-role-ov. agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author + - name: goals + level: extended + type: text + description: | + The high level goals of this Threat Actor, namely, what are they trying to do. + - name: sophistication + level: extended + type: text + description: | + The skill, specific knowledge, special training, or expertise a Threat Actor must have to perform the attack. Open Vocab - threat-actor-sophistication-ov. none,minimal,intermediate,advanced,strategic,expert,innovator + - name: resource_level + level: extended + type: text + description: | + This defines the organizational level at which this Threat Actor typically works. Open Vocab - attack-resource-level-ov. individual,club,contest,team,organization,government + - name: primary_motivation + level: extended + type: text + description: | + The primary reason, motivation, or purpose behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + - name: secondary_motivations + level: extended + type: text + description: | + The secondary reasons, motivations, or purposes behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + - name: personal_motivations + level: extended + type: text + description: | + The personal reasons, motivations, or purposes of the Threat Actor regardless of organizational goals. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable +- name: misp.tool + title: Tool + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Tool. + - name: labels + level: core + type: keyword + description: | + The kind(s) of tool(s) being described. Open Vocab - tool-label-ov. denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning + - name: name + level: core + type: keyword + description: | + The name used to identify the Tool. + - name: description + level: extended + type: text + description: | + A description that provides more details and context about the Tool. + - name: tool_version + level: extended + type: keyword + description: | + The version identifier associated with the Tool. + - name: kill_chain_phases + level: extended + type: text + description: | + The list of kill chain phases for which this Tool instance can be used. +- name: misp.vulnerability + title: Vulnerability + type: group + fields: + - name: id + level: core + type: keyword + description: | + Identifier of the Vulnerability. + - name: name + level: core + type: keyword + description: | + The name used to identify the Vulnerability. + - name: description + level: extended + type: text + description: | + A description that provides more details and context about the Vulnerability. diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/fields/package-fields.yml b/dev/packages/beats/misp/0.0.1/dataset/threat/fields/package-fields.yml new file mode 100644 index 00000000000..302b280ca23 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: misp + type: group diff --git a/dev/packages/beats/misp/0.0.1/dataset/threat/manifest.yml b/dev/packages/beats/misp/0.0.1/dataset/threat/manifest.yml new file mode 100644 index 00000000000..1757c3dd516 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/dataset/threat/manifest.yml @@ -0,0 +1,12 @@ +title: MISP threat logs +release: experimental +type: logs +streams: +- input: httpjson + template_path: httpjson.yml.hbs + title: MISP threat logs (httpjson) + description: Collect MISP threat logs using httpjson input +- input: logs + template_path: log.yml.hbs + title: MISP threat logs (log) + description: Collect MISP threat logs using log input diff --git a/dev/packages/beats/misp/0.0.1/docs/README.md b/dev/packages/beats/misp/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/img/kibana-misp.png b/dev/packages/beats/misp/0.0.1/img/kibana-misp.png new file mode 100644 index 00000000000..a02068ddf30 Binary files /dev/null and b/dev/packages/beats/misp/0.0.1/img/kibana-misp.png differ diff --git a/dev/packages/beats/misp/0.0.1/kibana/dashboard/c6cac9e0-f105-11e9-9a88-690b10c8ee99.json b/dev/packages/beats/misp/0.0.1/kibana/dashboard/c6cac9e0-f105-11e9-9a88-690b10c8ee99.json new file mode 100644 index 00000000000..f7ccacac422 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/kibana/dashboard/c6cac9e0-f105-11e9-9a88-690b10c8ee99.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "Overview dashboard for Logs MSIP integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "mapCenter": [ + 24.686952411999155, + 12.128906250000002 + ], + "mapZoom": 3 + }, + "gridData": { + "h": 24, + "i": "3", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs MISP] Overview", + "version": 1 + }, + "id": "c6cac9e0-f105-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "8fc4b140-ed36-11e9-9a88-690b10c8ee99", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "7d369390-f105-11e9-9a88-690b10c8ee99", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "73287f70-f1fb-11e9-9a88-690b10c8ee99", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/kibana/visualization/73287f70-f1fb-11e9-9a88-690b10c8ee99.json b/dev/packages/beats/misp/0.0.1/kibana/visualization/73287f70-f1fb-11e9-9a88-690b10c8ee99.json new file mode 100644 index 00000000000..88f08cb5dd3 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/kibana/visualization/73287f70-f1fb-11e9-9a88-690b10c8ee99.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicator Geo Map [Logs MISP]", + "uiStateJSON": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 2 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapBounds": { + "bottom_right": { + "lat": -42.68243539838622, + "lon": 60.99609375000001 + }, + "top_left": { + "lat": 42.35854391749705, + "lon": -60.99609375000001 + } + }, + "mapCenter": { + "lat": -0.17578097424708533, + "lon": 0 + }, + "mapZoom": 4, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"https://www.openstreetmap.org/copyright\"\u003eOpenStreetMap contributors\u003c/a\u003e|\u003ca href=\"https://openmaptiles.org\"\u003eOpenMapTiles\u003c/a\u003e|\u003ca href=\"https://www.maptiler.com\"\u003eMapTiler\u003c/a\u003e|\u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "origin": "elastic_maps_service" + } + } + }, + "title": "Threat Indicator Geo Map [Logs MISP]", + "type": "tile_map" + } + }, + "id": "73287f70-f1fb-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/kibana/visualization/7d369390-f105-11e9-9a88-690b10c8ee99.json b/dev/packages/beats/misp/0.0.1/kibana/visualization/7d369390-f105-11e9-9a88-690b10c8ee99.json new file mode 100644 index 00000000000..b2566a490aa --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/kibana/visualization/7d369390-f105-11e9-9a88-690b10c8ee99.json @@ -0,0 +1,141 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicators per Month [Logs MISP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Indicators Per Month" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "M", + "min_doc_count": 1, + "timeRange": { + "from": "now-15M", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "misp.threat_indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Indicators Per Month" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Indicators Per Month" + }, + "type": "value" + } + ] + }, + "title": "Threat Indicators per Month [Logs MISP]", + "type": "histogram" + } + }, + "id": "7d369390-f105-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/kibana/visualization/8fc4b140-ed36-11e9-9a88-690b10c8ee99.json b/dev/packages/beats/misp/0.0.1/kibana/visualization/8fc4b140-ed36-11e9-9a88-690b10c8ee99.json new file mode 100644 index 00000000000..a201e624b65 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/kibana/visualization/8fc4b140-ed36-11e9-9a88-690b10c8ee99.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Threat Indicator Type [Logs MISP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "misp.threat_indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Threat Indicator Type [Logs MISP]", + "type": "pie" + } + }, + "id": "8fc4b140-ed36-11e9-9a88-690b10c8ee99", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/misp/0.0.1/manifest.yml b/dev/packages/beats/misp/0.0.1/manifest.yml new file mode 100644 index 00000000000..0fffdd228d2 --- /dev/null +++ b/dev/packages/beats/misp/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: misp +title: MISP +version: 0.0.1 +license: basic +description: MISP Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-misp.png + title: kibana misp + size: 1280x882 + type: image/png +datasources: +- name: misp + title: MISP logs + description: Collect logs from MISP instances + inputs: + - type: logs + title: Collect logs from MISP instances + description: Collecting MISP threat logs diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/collstats/agent/stream/stream.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1670170dc8b --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["collstats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/fields.yml new file mode 100644 index 00000000000..9f88a5c0e1a --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/fields.yml @@ -0,0 +1,91 @@ +- name: mongodb.collstats + type: group + release: ga + fields: + - name: db + type: keyword + description: | + Database name. + - name: collection + type: keyword + description: | + Collection name. + - name: name + type: keyword + description: | + Combination of database and collection name. + - name: total.time.us + type: long + description: | + Total waiting time for locks in microseconds. + - name: total.count + type: long + description: | + Total number of lock wait events. + - name: lock + type: group + fields: + - name: read.time.us + type: long + description: | + Time waiting for read locks in microseconds. + - name: read.count + type: long + description: | + Number of read lock wait events. + - name: write.time.us + type: long + description: | + Time waiting for write locks in microseconds. + - name: write.count + type: long + description: | + Number of write lock wait events. + - name: queries.time.us + type: long + description: | + Time running queries in microseconds. + - name: queries.count + type: long + description: | + Number of queries executed. + - name: getmore.time.us + type: long + description: | + Time asking for more cursor rows in microseconds. + - name: getmore.count + type: long + description: | + Number of times a cursor asked for more data. + - name: insert.time.us + type: long + description: | + Time inserting new documents in microseconds. + - name: insert.count + type: long + description: | + Number of document insert events. + - name: update.time.us + type: long + description: | + Time updating documents in microseconds. + - name: update.count + type: long + description: | + Number of document update events. + - name: remove.time.us + type: long + description: | + Time deleting documents in microseconds. + - name: remove.count + type: long + description: | + Number of document delete events. + - name: commands.time.us + type: long + description: | + Time executing database commands in microseconds. + - name: commands.count + type: long + description: | + Number of database commands executed. diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/collstats/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/manifest.yml new file mode 100644 index 00000000000..9578e3944ec --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/collstats/manifest.yml @@ -0,0 +1,15 @@ +title: MongoDB collstats metrics +release: experimental +type: metrics +streams: +- input: mongodb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MongoDB collstats metrics + description: Collect MongoDB collstats metrics diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/agent/stream/stream.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c6b0a9427f8 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["dbstats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/fields.yml new file mode 100644 index 00000000000..687eb183dd7 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/fields.yml @@ -0,0 +1,46 @@ +- name: mongodb.dbstats + type: group + release: ga + fields: + - name: avg_obj_size.bytes + type: long + format: bytes + - name: collections + type: integer + - name: data_size.bytes + type: long + format: bytes + - name: db + type: keyword + - name: file_size.bytes + type: long + format: bytes + - name: index_size.bytes + type: long + format: bytes + - name: indexes + type: long + - name: num_extents + type: long + - name: objects + type: long + - name: storage_size.bytes + type: long + format: bytes + - name: ns_size_mb.mb + type: long + - name: data_file_version + type: group + fields: + - name: major + type: long + - name: minor + type: long + - name: extent_free_list + type: group + fields: + - name: num + type: long + - name: size.bytes + type: long + format: bytes diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/manifest.yml new file mode 100644 index 00000000000..4a5e5c4eae5 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/dbstats/manifest.yml @@ -0,0 +1,15 @@ +title: MongoDB dbstats metrics +release: experimental +type: metrics +streams: +- input: mongodb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MongoDB dbstats metrics + description: Collect MongoDB dbstats metrics diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/mongodb/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f27ae0dafeb --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,44 @@ +--- +description: Pipeline for parsing MongoDB logs +processors: +- grok: + field: message + patterns: + - '%{TIMESTAMP_ISO8601:mongodb.log.timestamp}%{SPACE}%{MONGO3_SEVERITY:log.level}%{SPACE}%{MONGO3_COMPONENT:mongodb.log.component}%{SPACE}(?:\[%{DATA:mongodb.log.context}\])?%{SPACE}%{GREEDYDATA:message}' + ignore_missing: true +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: mongodb.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd'T'HH:mm:ss.SSSZZ +- remove: + field: mongodb.log.timestamp +- set: + field: event.kind + value: event +- append: + field: event.category + value: database +- append: + field: event.type + value: access + if: "ctx?.mongodb?.log?.component == 'ACCESS'" +- append: + field: event.type + value: change + if: "ctx?.mongodb?.log?.component == 'WRITE'" +- append: + field: event.type + value: info + if: "ctx?.mongodb?.log?.component != 'WRITE' && ctx?.mongodb?.log?.component != 'ACCESS'" +- append: + field: event.type + value: error + if: "ctx?.log?.level == 'F' || ctx?.log?.level == 'E'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..2f0d14127b3 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,11 @@ +- name: mongodb.log + type: group + fields: + - name: component + type: keyword + description: | + Functional categorization of message + - name: context + type: keyword + description: | + Context of message diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..7295f547f75 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,21 @@ +title: mongodb log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/mongodb/mongodb.log + os: + windows: + default: + - c:\data\log\mongod.log + template_path: log.yml.hbs + title: mongodb log logs (log) + description: Collect mongodb log logs using log input diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..19efa88816b --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["metrics"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/fields.yml new file mode 100644 index 00000000000..8fc52165357 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/fields.yml @@ -0,0 +1,472 @@ +- name: mongodb.metrics + type: group + release: ga + fields: + - name: commands + type: group + fields: + - name: is_self + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: aggregate + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: build_info + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: coll_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: connection_pool_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: count + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: db_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: distinct + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: find + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_cmd_line_opts + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_last_error + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_log + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_more + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_parameter + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: host_info + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: insert + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: is_master + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: last_collections + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: last_commands + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: list_databased + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: list_indexes + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: ping + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: profile + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_get_rbid + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_get_status + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_heartbeat + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_update_position + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: server_status + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: update + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: whatsmyuri + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: cursor + type: group + fields: + - name: timed_out + type: long + description: | + The total number of cursors that have timed out since the server process started. + - name: open + type: group + fields: + - name: no_timeout + type: long + description: | + The number of open cursors with the option DBQuery.Option.noTimeout set to prevent timeout. + - name: pinned + type: long + description: | + The number of `pinned` open cursors. + - name: total + type: long + description: | + The number of cursors that MongoDB is maintaining for clients. + - name: document + type: group + fields: + - name: deleted + type: long + description: | + The total number of documents deleted. + - name: inserted + type: long + description: | + The total number of documents inserted. + - name: returned + type: long + description: | + The total number of documents returned by queries. + - name: updated + type: long + description: | + The total number of documents updated. + - name: get_last_error + type: group + fields: + - name: write_wait.ms + type: long + description: | + The total amount of time in milliseconds that the mongod has spent performing getLastError operations with write concern (i.e. w) greater than 1. + - name: write_wait.count + type: long + description: | + The total number of getLastError operations with a specified write concern (i.e. w) greater than 1. + - name: write_timeouts + type: long + description: | + The number of times that write concern operations have timed out as a result of the wtimeout threshold to getLastError. + - name: operation + type: group + fields: + - name: scan_and_order + type: long + description: | + The total number of queries that return sorted numbers that cannot perform the sort operation using an index. + - name: write_conflicts + type: long + description: | + The total number of queries that encountered write conflicts. + - name: query_executor + type: group + fields: + - name: scanned_indexes.count + type: long + description: | + The total number of index items scanned during queries and query-plan evaluation. + - name: scanned_documents.count + type: long + description: | + The total number of documents scanned during queries and query-plan evaluation. + - name: replication + type: group + fields: + - name: executor + type: group + fields: + - name: counters + type: group + fields: + - name: event_created + type: long + - name: event_wait + type: long + - name: cancels + type: long + - name: waits + type: long + - name: scheduled + type: group + fields: + - name: netcmd + type: long + - name: dbwork + type: long + - name: exclusive + type: long + - name: work_at + type: long + - name: work + type: long + - name: failures + type: long + - name: queues + type: group + fields: + - name: in_progress + type: group + fields: + - name: network + type: long + - name: dbwork + type: long + - name: exclusive + type: long + - name: sleepers + type: long + - name: ready + type: long + - name: free + type: long + - name: unsignaled_events + type: long + - name: event_waiters + type: long + - name: shutting_down + type: boolean + - name: network_interface + type: keyword + - name: apply + type: group + fields: + - name: attempts_to_become_secondary + type: long + - name: batches + type: group + fields: + - name: count + type: long + description: | + The total number of batches applied across all databases. + - name: time.ms + type: long + description: | + The total amount of time in milliseconds the mongod has spent applying operations from the oplog. + - name: ops + type: long + description: | + The total number of oplog operations applied. + - name: buffer + type: group + fields: + - name: count + type: long + description: | + The current number of operations in the oplog buffer. + - name: max_size.bytes + type: long + description: | + The maximum size of the buffer. This value is a constant setting in the mongod, and is not configurable. + - name: size.bytes + type: long + description: | + The current size of the contents of the oplog buffer. + - name: initial_sync + type: group + fields: + - name: completed + type: long + - name: failed_attempts + type: long + - name: failures + type: long + - name: network + type: group + fields: + - name: bytes + type: long + description: | + The total amount of data read from the replication sync source. + - name: getmores + type: group + fields: + - name: count + type: long + description: | + The total number of getmore operations + - name: time.ms + type: long + description: | + The total amount of time required to collect data from getmore operations. + - name: ops + type: long + description: | + The total number of operations read from the replication source. + - name: reders_created + type: long + description: | + The total number of oplog query processes created. + - name: preload + type: group + fields: + - name: docs + type: group + fields: + - name: count + type: long + description: | + The total number of documents loaded during the pre-fetch stage of replication. + - name: time.ms + type: long + - name: indexes + type: group + fields: + - name: count + type: long + description: | + The total number of index entries loaded by members before updating documents as part of the pre-fetch stage of replication. + - name: time.ms + type: long + description: | + The total amount of time, in milliseconds, spent loading index entries as part of the pre-fetch stage of replication. + - name: storage.free_list.search + type: group + fields: + - name: bucket_exhausted + type: long + description: | + The number of times that mongod has checked the free list without finding a suitably large record allocation. + - name: requests + type: long + description: | + The number of times mongod has searched for available record allocations. + - name: scanned + type: long + description: | + The number of available record allocations mongod has searched. + - name: ttl + type: group + fields: + - name: deleted_documents.count + type: long + description: | + The total number of documents deleted from collections with a ttl index. + - name: passes.count + type: long + description: | + The number of times the background process removes documents from collections with a ttl index. diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/metrics/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/manifest.yml new file mode 100644 index 00000000000..f3363508b14 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/metrics/manifest.yml @@ -0,0 +1,15 @@ +title: MongoDB metrics metrics +release: experimental +type: metrics +streams: +- input: mongodb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MongoDB metrics metrics + description: Collect MongoDB metrics metrics diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/agent/stream/stream.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..01ded63084c --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["replstatus"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/fields.yml new file mode 100644 index 00000000000..579297f2688 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/fields.yml @@ -0,0 +1,155 @@ +- name: mongodb.replstatus + type: group + release: ga + fields: + - name: oplog + type: group + fields: + - name: size.allocated + type: long + format: bytes + description: | + The total amount of space used by the replstatus in bytes. + - name: size.used + type: long + format: bytes + description: | + total amount of space allocated to the replstatus in bytes. + - name: first.timestamp + type: long + description: | + Timestamp of the first (i.e. earliest) operation in the replstatus + - name: last.timestamp + type: long + description: | + Timestamp of the last (i.e. latest) operation in the replstatus + - name: window + type: long + description: | + The difference between the first and last operation in the replstatus. + - name: set_name + type: keyword + description: | + The name of the replica set. + - name: server_date + type: date + description: | + Reflects the current time according to the server that processed the replSetGetStatus command. + - name: optimes + type: group + fields: + - name: last_committed + type: long + description: | + Information, from the viewpoint of this member, regarding the most recent operation that has been written to a majority of replica set members. + - name: applied + type: long + description: | + Information, from the viewpoint of this member, regarding the most recent operation that has been applied to this member of the replica set. + - name: durable + type: long + description: | + Information, from the viewpoint of this member, regarding the most recent operation that has been written to the journal of this member of the replica set. + - name: lag + type: group + fields: + - name: max + type: long + format: duration + description: | + Difference between optime of primary and slowest secondary + - name: min + type: long + format: duration + description: | + Difference between optime of primary and fastest secondary + - name: headroom + type: group + fields: + - name: max + type: long + format: duration + description: | + Difference between primary's oplog window and the replication lag of the fastest secondary + - name: min + type: long + format: duration + description: | + Difference between primary's oplog window and the replication lag of the slowest secondary + - name: members + type: group + fields: + - name: primary.host + type: keyword + description: | + Host address of the primary + - name: primary.optime + type: keyword + description: | + Optime of primary + - name: secondary.hosts + type: keyword + description: | + List of secondary hosts + - name: secondary.optimes + type: keyword + description: | + Optimes of secondaries + - name: secondary.count + type: long + - name: recovering.hosts + type: keyword + description: | + List of recovering members hosts + - name: recovering.count + type: long + description: | + Count of members in the `recovering` state + - name: unknown.hosts + type: keyword + description: | + List of members' hosts in the `unknown` state + - name: unknown.count + type: long + description: | + Count of members with `unknown` state + - name: startup2.hosts + type: keyword + description: | + List of initializing members hosts + - name: startup2.count + type: long + description: | + Count of members in the `startup2` state + - name: arbiter.hosts + type: keyword + description: | + List of arbiters hosts + - name: arbiter.count + type: long + description: | + Count of arbiters + - name: down.hosts + type: keyword + description: | + List of `down` members hosts + - name: down.count + type: long + description: | + Count of `down` members + - name: rollback.hosts + type: keyword + description: | + List of members in the `rollback` state + - name: rollback.count + type: long + description: | + Count of members in the `rollback` state + - name: unhealthy.hosts + type: keyword + description: | + List of members' hosts with healthy = false + - name: unhealthy.count + type: long + description: | + Count of unhealthy members diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/manifest.yml new file mode 100644 index 00000000000..5b38079c018 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/replstatus/manifest.yml @@ -0,0 +1,15 @@ +title: MongoDB replstatus metrics +release: experimental +type: metrics +streams: +- input: mongodb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MongoDB replstatus metrics + description: Collect MongoDB replstatus metrics diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/mongodb/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..576a3ad4b99 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["status"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/ecs.yml b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/ecs.yml new file mode 100644 index 00000000000..776b26eec2e --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/ecs.yml @@ -0,0 +1,29 @@ +- name: process + title: Process + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: service + title: Service + group: 2 + type: group + fields: + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..66bd6030a3d --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,578 @@ +- name: mongodb.status + type: group + release: ga + fields: + - name: uptime.ms + type: long + description: | + Instance uptime in milliseconds. + - name: local_time + type: date + description: | + Local time as reported by the MongoDB instance. + - name: asserts.regular + type: long + description: | + Number of regular assertions produced by the server. + - name: asserts.warning + type: long + description: | + Number of warning assertions produced by the server. + - name: asserts.msg + type: long + description: | + Number of msg assertions produced by the server. + - name: asserts.user + type: long + description: | + Number of user assertions produced by the server. + - name: asserts.rollovers + type: long + description: | + Number of rollovers assertions produced by the server. + - name: connections + type: group + fields: + - name: current + type: long + description: | + The number of connections to the database server from clients. This number includes the current shell session. Consider the value of `available` to add more context to this datum. + - name: available + type: long + description: | + The number of unused available incoming connections the database can provide. + - name: total_created + type: long + description: | + A count of all incoming connections created to the server. This number includes connections that have since closed. + - name: extra_info + type: group + fields: + - name: heap_usage.bytes + type: long + format: bytes + description: | + The total size in bytes of heap space used by the database process. Only available on Unix/Linux. + - name: page_faults + type: long + description: | + The total number of page faults that require disk operations. Page faults refer to operations that require the database server to access data that isn't available in active memory. + - name: global_lock + type: group + fields: + - name: total_time.us + type: long + description: | + The time, in microseconds, since the database last started and created the globalLock. This is roughly equivalent to total server uptime. + - name: current_queue + type: group + fields: + - name: total + type: long + description: | + The total number of operations queued waiting for the lock (i.e., the sum of current_queue.readers and current_queue.writers). + - name: readers + type: long + description: | + The number of operations that are currently queued and waiting for the read lock. + - name: writers + type: long + description: | + The number of operations that are currently queued and waiting for the write lock. + - name: active_clients + type: group + fields: + - name: total + type: long + description: | + Total number of the active client connections performing read or write operations. + - name: readers + type: long + description: | + The number of the active client connections performing read operations. + - name: writers + type: long + description: | + The number of the active client connections performing write operations. + - name: locks + type: group + fields: + - name: global + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: database + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: collection + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: meta_data + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: oplog + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: network + type: group + fields: + - name: in.bytes + type: long + format: bytes + description: | + The amount of network traffic, in bytes, received by this database. + - name: out.bytes + type: long + format: bytes + description: | + The amount of network traffic, in bytes, sent from this database. + - name: requests + type: long + description: | + The total number of requests received by the server. + - name: ops.latencies + type: group + fields: + - name: reads.latency + type: long + description: | + Total combined latency in microseconds. + - name: reads.count + type: long + description: | + Total number of read operations performed on the collection since startup. + - name: writes.latency + type: long + description: | + Total combined latency in microseconds. + - name: writes.count + type: long + description: | + Total number of write operations performed on the collection since startup. + - name: commands.latency + type: long + description: | + Total combined latency in microseconds. + - name: commands.count + type: long + description: | + Total number of commands performed on the collection since startup. + - name: ops.counters + type: group + fields: + - name: insert + type: long + description: | + The total number of insert operations received since the mongod instance last started. + - name: query + type: long + description: | + The total number of queries received since the mongod instance last started. + - name: update + type: long + description: | + The total number of update operations received since the mongod instance last started. + - name: delete + type: long + description: | + The total number of delete operations received since the mongod instance last started. + - name: getmore + type: long + description: | + The total number of getmore operations received since the mongod instance last started. + - name: command + type: long + description: | + The total number of commands issued to the database since the mongod instance last started. + - name: ops.replicated + type: group + fields: + - name: insert + type: long + description: | + The total number of replicated insert operations received since the mongod instance last started. + - name: query + type: long + description: | + The total number of replicated queries received since the mongod instance last started. + - name: update + type: long + description: | + The total number of replicated update operations received since the mongod instance last started. + - name: delete + type: long + description: | + The total number of replicated delete operations received since the mongod instance last started. + - name: getmore + type: long + description: | + The total number of replicated getmore operations received since the mongod instance last started. + - name: command + type: long + description: | + The total number of replicated commands issued to the database since the mongod instance last started. + - name: memory + type: group + fields: + - name: bits + type: long + description: | + Either 64 or 32, depending on which target architecture was specified during the mongod compilation process. + - name: resident.mb + type: long + description: | + The amount of RAM, in megabytes (MB), currently used by the database process. + - name: virtual.mb + type: long + description: | + The amount, in megabytes (MB), of virtual memory used by the mongod process. + - name: mapped.mb + type: long + description: | + The amount of mapped memory, in megabytes (MB), used by the database. Because MongoDB uses memory-mapped files, this value is likely to be to be roughly equivalent to the total size of your database or databases. + - name: mapped_with_journal.mb + type: long + description: | + The amount of mapped memory, in megabytes (MB), including the memory used for journaling. + - name: write_backs_queued + type: boolean + description: | + True when there are operations from a mongos instance queued for retrying. + - name: storage_engine.name + type: keyword + description: | + A string that represents the name of the current storage engine. + - name: wired_tiger + type: group + fields: + - name: concurrent_transactions + type: group + fields: + - name: write.out + type: long + description: | + Number of concurrent write transaction in progress. + - name: write.available + type: long + description: | + Number of concurrent write tickets available. + - name: write.total_tickets + type: long + description: | + Number of total write tickets. + - name: read.out + type: long + description: | + Number of concurrent read transaction in progress. + - name: read.available + type: long + description: | + Number of concurrent read tickets available. + - name: read.total_tickets + type: long + description: | + Number of total read tickets. + - name: cache + type: group + fields: + - name: maximum.bytes + type: long + format: bytes + description: | + Maximum cache size. + - name: used.bytes + type: long + format: bytes + description: | + Size in byte of the data currently in cache. + - name: dirty.bytes + type: long + format: bytes + description: | + Size in bytes of the dirty data in the cache. + - name: pages.read + type: long + description: | + Number of pages read into the cache. + - name: pages.write + type: long + description: | + Number of pages written from the cache. + - name: pages.evicted + type: long + description: | + Number of pages evicted from the cache. + - name: log + type: group + fields: + - name: size.bytes + type: long + format: bytes + description: | + Total log size in bytes. + - name: write.bytes + type: long + format: bytes + description: | + Number of bytes written into the log. + - name: max_file_size.bytes + type: long + format: bytes + description: | + Maximum file size. + - name: flushes + type: long + description: | + Number of flush operations. + - name: writes + type: long + description: | + Number of write operations. + - name: scans + type: long + description: | + Number of scan operations. + - name: syncs + type: long + description: | + Number of sync operations. + - name: background_flushing + type: group + fields: + - name: flushes + type: long + description: | + A counter that collects the number of times the database has flushed all writes to disk. + - name: total.ms + type: long + description: | + The total number of milliseconds (ms) that the mongod processes have spent writing (i.e. flushing) data to disk. Because this is an absolute value, consider the value of `flushes` and `average_ms` to provide better context for this datum. + - name: average.ms + type: long + description: | + The average time spent flushing to disk per flush event. + - name: last.ms + type: long + description: | + The amount of time, in milliseconds, that the last flush operation took to complete. + - name: last_finished + type: date + description: | + A timestamp of the last completed flush operation. + - name: journaling + type: group + fields: + - name: commits + type: long + description: | + The number of transactions written to the journal during the last journal group commit interval. + - name: journaled.mb + type: long + description: | + The amount of data in megabytes (MB) written to journal during the last journal group commit interval. + - name: write_to_data_files.mb + type: long + description: | + The amount of data in megabytes (MB) written from journal to the data files during the last journal group commit interval. + - name: compression + type: long + description: | + The compression ratio of the data written to the journal. + - name: commits_in_write_lock + type: long + description: | + Count of the commits that occurred while a write lock was held. Commits in a write lock indicate a MongoDB node under a heavy write load and call for further diagnosis. + - name: early_commits + type: long + description: | + The number of times MongoDB requested a commit before the scheduled journal group commit interval. + - name: times + type: group + fields: + - name: dt.ms + type: long + description: | + The amount of time over which MongoDB collected the times data. Use this field to provide context to the other times field values. + - name: prep_log_buffer.ms + type: long + description: | + The amount of time spent preparing to write to the journal. Smaller values indicate better journal performance. + - name: write_to_journal.ms + type: long + description: | + The amount of time spent actually writing to the journal. File system speeds and device interfaces can affect performance. + - name: write_to_data_files.ms + type: long + description: | + The amount of time spent writing to data files after journaling. File system speeds and device interfaces can affect performance. + - name: remap_private_view.ms + type: long + description: | + The amount of time spent remapping copy-on-write memory mapped views. Smaller values indicate better journal performance. + - name: commits.ms + type: long + description: | + The amount of time spent for commits. + - name: commits_in_write_lock.ms + type: long + description: | + The amount of time spent for commits that occurred while a write lock was held. diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..b8d0b1e202f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mongodb + type: group diff --git a/dev/packages/beats/mongodb/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/mongodb/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..51e2399164f --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,15 @@ +title: MongoDB status metrics +release: experimental +type: metrics +streams: +- input: mongodb/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MongoDB status metrics + description: Collect MongoDB status metrics diff --git a/dev/packages/beats/mongodb/0.0.1/docs/README.md b/dev/packages/beats/mongodb/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/img/filebeat-mongodb-overview.png b/dev/packages/beats/mongodb/0.0.1/img/filebeat-mongodb-overview.png new file mode 100644 index 00000000000..c77c37d5ce0 Binary files /dev/null and b/dev/packages/beats/mongodb/0.0.1/img/filebeat-mongodb-overview.png differ diff --git a/dev/packages/beats/mongodb/0.0.1/img/logo_mongodb.svg b/dev/packages/beats/mongodb/0.0.1/img/logo_mongodb.svg new file mode 100644 index 00000000000..1727f81d2f6 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/img/logo_mongodb.svg @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/Metricbeat-MongoDB-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/Metricbeat-MongoDB-ecs.json new file mode 100644 index 00000000000..7df473538f8 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/Metricbeat-MongoDB-ecs.json @@ -0,0 +1,182 @@ +{ + "attributes": { + "description": "Overview of MongoDB server status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 32, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 12, + "x": 24, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "5", + "w": 48, + "x": 0, + "y": 36 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "3", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics MongoDB] Overview ECS", + "version": 1 + }, + "id": "Metrics-MongoDB-ecs", + "references": [ + { + "id": "MongoDB-hosts-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "MongoDB-Engine-ampersand-Version-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "MongoDB-operation-counters-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "MongoDB-Concurrent-transactions-Read-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "MongoDB-Concurrent-transactions-Write-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "MongoDB-memory-stats-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "MongoDB-asserts-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "MongoDB-WiredTiger-Cache-ecs", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/abcf35b0-0a82-11e8-bffe-ff7d4f68cf94-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/abcf35b0-0a82-11e8-bffe-ff7d4f68cf94-ecs.json new file mode 100644 index 00000000000..cd1c8fe14fb --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/dashboard/abcf35b0-0a82-11e8-bffe-ff7d4f68cf94-ecs.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "Logs MongoDB integration overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "mongodb.log.timestamp", + "log.level", + "mongodb.log.component", + "mongodb.log.context", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "2", + "w": 32, + "x": 16, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "mongodb.log.timestamp", + "log.level", + "mongodb.log.component", + "mongodb.log.context", + "message" + ], + "sort": [ + "mongodb.log.timestamp", + "asc" + ] + }, + "gridData": { + "h": 24, + "i": "3", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs MongoDB] Overview ECS", + "version": 1 + }, + "id": "abcf35b0-0a82-11e8-bffe-ff7d4f68cf94-ecs", + "references": [ + { + "id": "0fef5710-0a82-11e8-bffe-ff7d4f68cf94-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "e49fe000-0a7e-11e8-bffe-ff7d4f68cf94-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/search/MongoDB-search-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/search/MongoDB-search-ecs.json new file mode 100644 index 00000000000..d837a8ba013 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/search/MongoDB-search-ecs.json @@ -0,0 +1,49 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:mongodb.collstats OR stream.dataset:mongodb.dbstats OR stream.dataset:mongodb.metrics OR stream.dataset:mongodb.replstatus OR stream.dataset:mongodb.status)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "MongoDB search ECS", + "version": 1 + }, + "id": "MongoDB-search-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/search/bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/search/bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs.json new file mode 100644 index 00000000000..661f32a132a --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/search/bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs.json @@ -0,0 +1,42 @@ +{ + "attributes": { + "columns": [ + "mongodb.log.timestamp", + "log.level", + "mongodb.log.component", + "mongodb.log.context", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "log.level: *" + }, + "version": true + } + }, + "sort": [ + [ + "mongodb.log.timestamp", + "asc" + ] + ], + "title": "All logs [Logs MongoDB] ECS", + "version": 1 + }, + "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/search/e49fe000-0a7e-11e8-bffe-ff7d4f68cf94-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/search/e49fe000-0a7e-11e8-bffe-ff7d4f68cf94-ecs.json new file mode 100644 index 00000000000..014c3076827 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/search/e49fe000-0a7e-11e8-bffe-ff7d4f68cf94-ecs.json @@ -0,0 +1,42 @@ +{ + "attributes": { + "columns": [ + "mongodb.log.timestamp", + "log.level", + "mongodb.log.component", + "mongodb.log.context", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "log.level: F or log.level: W" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Error logs [Logs MongoDB] ECS", + "version": 1 + }, + "id": "e49fe000-0a7e-11e8-bffe-ff7d4f68cf94-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/0fef5710-0a82-11e8-bffe-ff7d4f68cf94-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/0fef5710-0a82-11e8-bffe-ff7d4f68cf94-ecs.json new file mode 100644 index 00000000000..3f56ce277c6 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/0fef5710-0a82-11e8-bffe-ff7d4f68cf94-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Logs Severity [Logs MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log severity", + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Logs Severity [Logs MongoDB] ECS", + "type": "pie" + } + }, + "id": "0fef5710-0a82-11e8-bffe-ff7d4f68cf94-ecs", + "references": [ + { + "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Read-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Read-ecs.json new file mode 100644 index 00000000000..371a8ac33ec --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Read-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Concurrent transactions Read [Metrics MongoDB] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Read Available": "#508642", + "Read Used": "#BF1B00" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Read Available", + "field": "mongodb.status.wired_tiger.concurrent_transactions.read.available" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Read Used", + "field": "mongodb.status.wired_tiger.concurrent_transactions.read.out" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Concurrent transactions Read [Metrics MongoDB] ECS", + "type": "area" + } + }, + "id": "MongoDB-Concurrent-transactions-Read-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Write-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Write-ecs.json new file mode 100644 index 00000000000..60109974d9d --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Concurrent-transactions-Write-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Concurrent transactions Write [Metrics MongoDB] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Write Available": "#629E51", + "Write Used": "#BF1B00" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Write Available", + "field": "mongodb.status.wired_tiger.concurrent_transactions.write.available" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Write Used", + "field": "mongodb.status.wired_tiger.concurrent_transactions.write.out" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Concurrent transactions Write [Metrics MongoDB] ECS", + "type": "area" + } + }, + "id": "MongoDB-Concurrent-transactions-Write-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Engine-ampersand-Version-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Engine-ampersand-Version-ecs.json new file mode 100644 index 00000000000..b10d5bb89ba --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-Engine-ampersand-Version-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Engine \u0026 Version [Metrics MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "service.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Engine", + "field": "mongodb.status.storage_engine.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Version", + "field": "service.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true, + "type": "pie" + }, + "title": "Engine \u0026 Version [Metrics MongoDB] ECS", + "type": "pie" + } + }, + "id": "MongoDB-Engine-ampersand-Version-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-WiredTiger-Cache-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-WiredTiger-Cache-ecs.json new file mode 100644 index 00000000000..e62a7af35b2 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-WiredTiger-Cache-ecs.json @@ -0,0 +1,148 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "WiredTiger Cache [Metrics MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "max", + "field": "mongodb.status.wired_tiger.cache.maximum.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "used", + "field": "mongodb.status.wired_tiger.cache.used.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "dirty", + "field": "mongodb.status.wired_tiger.cache.dirty.bytes" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "mode": "overlap", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "WiredTiger Cache [Metrics MongoDB] ECS", + "type": "area" + } + }, + "id": "MongoDB-WiredTiger-Cache-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-asserts-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-asserts-ecs.json new file mode 100644 index 00000000000..05c1ee81344 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-asserts-ecs.json @@ -0,0 +1,168 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Asserts [Metrics MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "message", + "field": "mongodb.status.asserts.msg" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "regular", + "field": "mongodb.status.asserts.regular" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "rollover", + "field": "mongodb.status.asserts.rollovers" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "user", + "field": "mongodb.status.asserts.user" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "warning", + "field": "mongodb.status.asserts.warning" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Asserts [Metrics MongoDB] ECS", + "type": "area" + } + }, + "id": "MongoDB-asserts-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-hosts-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-hosts-ecs.json new file mode 100644 index 00000000000..04eb312e6a7 --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-hosts-ecs.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Hosts [Metrics MongoDB] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of connections", + "field": "mongodb.status.connections.current" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "service.address", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Arch", + "field": "mongodb.status.memory.bits" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Resident memory", + "field": "mongodb.status.memory.resident.mb" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Virtual memory", + "field": "mongodb.status.memory.virtual.mb" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Hosts [Metrics MongoDB] ECS", + "type": "table" + } + }, + "id": "MongoDB-hosts-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-memory-stats-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-memory-stats-ecs.json new file mode 100644 index 00000000000..c3384f8899c --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-memory-stats-ecs.json @@ -0,0 +1,159 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Memory stats [Metrics MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Mapped", + "field": "mongodb.status.memory.mapped.mb" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Mapped with journal", + "field": "mongodb.status.memory.mapped_with_journal.mb" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Rezident", + "field": "mongodb.status.memory.resident.mb" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Virtual", + "field": "mongodb.status.memory.virtual.mb" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "radiusRatio": 9, + "scale": "log", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Memory stats [Metrics MongoDB] ECS", + "type": "line" + } + }, + "id": "MongoDB-memory-stats-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-operation-counters-ecs.json b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-operation-counters-ecs.json new file mode 100644 index 00000000000..aa793ffd3bb --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/kibana/visualization/MongoDB-operation-counters-ecs.json @@ -0,0 +1,178 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Operation counters [Metrics MongoDB] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "command", + "field": "mongodb.status.ops.counters.command" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "delete", + "field": "mongodb.status.ops.counters.delete" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "getmore", + "field": "mongodb.status.ops.counters.getmore" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "insert", + "field": "mongodb.status.ops.counters.insert" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "query", + "field": "mongodb.status.ops.counters.query" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "update", + "field": "mongodb.status.ops.replicated.update" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Operation counters [Metrics MongoDB] ECS", + "type": "area" + } + }, + "id": "MongoDB-operation-counters-ecs", + "references": [ + { + "id": "MongoDB-search-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mongodb/0.0.1/manifest.yml b/dev/packages/beats/mongodb/0.0.1/manifest.yml new file mode 100644 index 00000000000..0815eef7c5e --- /dev/null +++ b/dev/packages/beats/mongodb/0.0.1/manifest.yml @@ -0,0 +1,48 @@ +format_version: 1.0.0 +name: mongodb +title: MongoDB +version: 0.0.1 +license: basic +description: MongoDB Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-mongodb-overview.png + title: filebeat mongodb overview + size: 1920x1080 + type: image/png +icons: +- src: /img/logo_mongodb.svg + title: logo mongodb + size: 32x32 + type: image/svg+xml +datasources: +- name: mongodb + title: MongoDB logs and metrics + description: Collect logs and metrics from MongoDB instances + inputs: + - type: logs + title: Collect logs from MongoDB instances + description: Collecting MongoDB log logs + - type: mongodb/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:27017 + title: Collect metrics from MongoDB instances + description: Collecting MongoDB collstats, dbstats, metrics, replstatus and status + metrics diff --git a/dev/packages/beats/mssql/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/mssql/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..80a93b297fd --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,10 @@ +paths: + {{#each paths as |path i|}} +- {{path}} + {{/each}} +exclude_files: [".gz$"] +multiline.pattern: '^\d\d' +multiline.negate: true +multiline.match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/mssql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..c51a99a9427 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,51 @@ +--- +description: Pipeline to parse MSSQL logs +processors: +- grok: + field: message + patterns: + - '%{MSSQL_DATE:date} %{DATA:mssql.log.origin} [ ]*%{GREEDYDATA:msg_temp}' + pattern_definitions: + MSSQL_DATE: '%{DATA} %{DATA}' +- date: + if: ctx.event.timezone == null + field: date + formats: + - yyyy-MM-dd HH:mm:ss.SS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: date + formats: + - yyyy-MM-dd HH:mm:ss.SS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: date + ignore_missing: true +- rename: + field: message + target_field: log.original +- rename: + field: msg_temp + target_field: message + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: database +- append: + field: event.type + value: info +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/mssql/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..dc4f230e7c4 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,7 @@ +- name: mssql.log + type: group + fields: + - name: origin + type: keyword + description: Origin of the message, usually the server but it can also be a recovery + process diff --git a/dev/packages/beats/mssql/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..376ca58ce4a --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mssql + type: group diff --git a/dev/packages/beats/mssql/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/mssql/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..6b1724ea47e --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,24 @@ +title: mssql log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/opt/mssql/log/error* + os: + darwin: + default: + - /var/opt/mssql/log/error* + windows: + default: + - c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG* + template_path: log.yml.hbs + title: mssql log logs (log) + description: Collect mssql log logs using log input diff --git a/dev/packages/beats/mssql/0.0.1/dataset/performance/agent/stream/stream.yml.hbs b/dev/packages/beats/mssql/0.0.1/dataset/performance/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..abbbf37bd11 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/performance/agent/stream/stream.yml.hbs @@ -0,0 +1,12 @@ +metricsets: ["performance"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/fields.yml new file mode 100644 index 00000000000..03a4175b373 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/fields.yml @@ -0,0 +1,77 @@ +- name: mssql.performance + type: group + release: beta + fields: + - name: page_splits_per_sec + type: long + description: Number of page splits per second that occur as the result of overflowing + index pages. + - name: lock_waits_per_sec + type: long + description: Number of lock requests per second that required the caller to wait. + - name: user_connections + type: long + description: Total number of user connections + - name: transactions + type: long + description: Total number of transactions + - name: active_temp_tables + type: long + description: Number of temporary tables/table variables in use. + - name: connections_reset_per_sec + type: long + description: Total number of logins started from the connection pool. + - name: logins_per_sec + type: long + description: Total number of logins started per second. This does not include + pooled connections. + - name: logouts_per_sec + type: long + description: Total number of logout operations started per second. + - name: recompilations_per_sec + type: long + description: Number of statement recompiles per second. Counts the number of times + statement recompiles are triggered. Generally, you want the recompiles to be + low. + - name: compilations_per_sec + type: long + description: Number of SQL compilations per second. Indicates the number of times + the compile code path is entered. Includes compiles caused by statement-level + recompilations in SQL Server. After SQL Server user activity is stable, this + value reaches a steady state. + - name: batch_requests_per_sec + type: long + description: Number of Transact-SQL command batches received per second. This + statistic is affected by all constraints (such as I/O, number of users, cache + size, complexity of requests, and so on). High batch requests mean good throughput. + - name: buffer + type: group + fields: + - name: cache_hit + type: group + fields: + - name: pct + type: double + description: The ratio is the total number of cache hits divided by the total + number of cache lookups over the last few thousand page accesses. After + a long period of time, the ratio moves very little. Because reading from + the cache is much less expensive than reading from disk, you want this ratio + to be high + - name: page_life_expectancy + type: group + fields: + - name: sec + type: long + description: Indicates the number of seconds a page will stay in the buffer + pool without references (in seconds). + - name: checkpoint_pages_per_sec + type: long + description: Indicates the number of pages flushed to disk per second by a checkpoint + or other operation that require all dirty pages to be flushed. + - name: database_pages + type: long + description: Indicates the number of pages in the buffer pool with database + content. + - name: target_pages + type: long + description: Ideal number of pages in the buffer pool. diff --git a/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/package-fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/package-fields.yml new file mode 100644 index 00000000000..a14c58d381e --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/performance/fields/package-fields.yml @@ -0,0 +1,12 @@ +- name: mssql + type: group + fields: + - name: database + type: group + fields: + - name: id + type: long + description: Unique ID of the database inside MSSQL + - name: name + type: keyword + description: Name of the database diff --git a/dev/packages/beats/mssql/0.0.1/dataset/performance/manifest.yml b/dev/packages/beats/mssql/0.0.1/dataset/performance/manifest.yml new file mode 100644 index 00000000000..28bda7bc9a5 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/performance/manifest.yml @@ -0,0 +1,15 @@ +title: MSSQL performance metrics +release: experimental +type: metrics +streams: +- input: mssql/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MSSQL performance metrics + description: Collect MSSQL performance metrics diff --git a/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/agent/stream/stream.yml.hbs b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3c89c993372 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/agent/stream/stream.yml.hbs @@ -0,0 +1,12 @@ +metricsets: ["transaction_log"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/fields.yml new file mode 100644 index 00000000000..c297d96318c --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/fields.yml @@ -0,0 +1,59 @@ +- name: mssql.transaction_log + type: group + release: beta + fields: + - name: space_usage + type: group + fields: + - name: since_last_backup + type: group + fields: + - name: bytes + type: long + description: The amount of space used since the last log backup in bytes + - name: total + type: group + fields: + - name: bytes + type: long + description: The size of the log in bytes + - name: used + type: group + fields: + - name: bytes + type: long + description: The occupied size of the log in bytes + - name: pct + type: float + description: A percentage of the occupied size of the log as a percent of + the total log size + - name: stats + type: group + fields: + - name: active_size + type: group + fields: + - name: bytes + type: long + description: Total active transaction log size in bytes + - name: backup_time + type: date + description: Last transaction log backup time. + - name: recovery_size + type: group + fields: + - name: bytes + type: long + description: Log size in bytes since log recovery log sequence number (LSN). + - name: since_last_checkpoint + type: group + fields: + - name: bytes + type: long + description: Log size in bytes since last checkpoint log sequence number (LSN). + - name: total_size + type: group + fields: + - name: bytes + type: long + description: Total transaction log size in bytes. diff --git a/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/package-fields.yml b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/package-fields.yml new file mode 100644 index 00000000000..a14c58d381e --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/fields/package-fields.yml @@ -0,0 +1,12 @@ +- name: mssql + type: group + fields: + - name: database + type: group + fields: + - name: id + type: long + description: Unique ID of the database inside MSSQL + - name: name + type: keyword + description: Name of the database diff --git a/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/manifest.yml b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/manifest.yml new file mode 100644 index 00000000000..3f794e342f3 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/dataset/transaction_log/manifest.yml @@ -0,0 +1,15 @@ +title: MSSQL transaction_log metrics +release: experimental +type: metrics +streams: +- input: mssql/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MSSQL transaction_log metrics + description: Collect MSSQL transaction_log metrics diff --git a/dev/packages/beats/mssql/0.0.1/docs/README.md b/dev/packages/beats/mssql/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/img/mssql.svg b/dev/packages/beats/mssql/0.0.1/img/mssql.svg new file mode 100644 index 00000000000..738507c5809 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/img/mssql.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/dashboard/18d66970-1fb4-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/dashboard/18d66970-1fb4-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..07c31f48c93 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/dashboard/18d66970-1fb4-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,180 @@ +{ + "attributes": { + "description": "An overview of the transaction log of each database in a MSSQL instance", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Recovery size of transaction log", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "2", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Transaction log size since last checkpoint", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Percentage of used space of transaction log", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "4", + "w": 24, + "x": 0, + "y": 37 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Log space size since last backup", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "5", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Active size of transaction log", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Used space of transaction log", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 18, + "x": 12, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Total log space usage", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Metrics MSSQL] Transaction log ECS", + "version": 1 + }, + "id": "18d66970-1fb4-11e9-8a4d-eb34d2834f6b-ecs", + "references": [ + { + "id": "e9654a40-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1757d530-1fb3-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a55bb000-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "edb7a0c0-1f2b-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c9ead180-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "68fa61b0-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "6710ff20-1f2c-11e9-8a4d-eb34d2834f6b-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "82bf9480-260b-11e9-a46a-471d2a76b305-ecs", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/dashboard/a2ead240-18bb-11e9-9836-f37dedd3b411-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/dashboard/a2ead240-18bb-11e9-9836-f37dedd3b411-ecs.json new file mode 100644 index 00000000000..8b95bd79dfe --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/dashboard/a2ead240-18bb-11e9-9836-f37dedd3b411-ecs.json @@ -0,0 +1,140 @@ +{ + "attributes": { + "description": "A dashboard with key metrics about a MSSQL instance performance", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "User Connections", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 32, + "x": 16, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Transactions", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Lock Waits/sec", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Batch Requests/sec", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Buffer Cache Hit Ratio", + "version": "7.0.0-alpha2" + } + ], + "timeRestore": false, + "title": "[Metrics MSSQL] Performance ECS", + "version": 1 + }, + "id": "a2ead240-18bb-11e9-9836-f37dedd3b411-ecs", + "references": [ + { + "id": "7784db10-18ba-11e9-9836-f37dedd3b411-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "910f3f30-18ba-11e9-9836-f37dedd3b411-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5bd5c230-18ba-11e9-9836-f37dedd3b411-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b29a2160-18ba-11e9-9836-f37dedd3b411-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "2e795230-1b2a-11e9-8b36-136038bb307a-ecs", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/1757d530-1fb3-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/1757d530-1fb3-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..c37656f9791 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/1757d530-1fb3-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Transaction log size since last checkpoint [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Transaction log size since last checkpoint", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.stats.since_last_checkpoint.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Transaction log size since last checkpoint [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "1757d530-1fb3-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/2e795230-1b2a-11e9-8b36-136038bb307a-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/2e795230-1b2a-11e9-8b36-136038bb307a-ecs.json new file mode 100644 index 00000000000..304fc500930 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/2e795230-1b2a-11e9-8b36-136038bb307a-ecs.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buffer Cache Hit Ratio [Metrics MSSQL] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "mssql.performance.buffer.cache_hit.pct", + "percents": [ + 50 + ] + }, + "schema": "metric", + "type": "median" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 0, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true, + "style": { + "color": "#eee" + }, + "valueAxis": "ValueAxis-1" + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Median mssql.performance.buffer.cache_hit.pct" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Buffer Cache Hit Ratio [Metrics MSSQL] ECS", + "type": "line" + } + }, + "id": "2e795230-1b2a-11e9-8b36-136038bb307a-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/5bd5c230-18ba-11e9-9836-f37dedd3b411-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/5bd5c230-18ba-11e9-9836-f37dedd3b411-ecs.json new file mode 100644 index 00000000000..fa23d49c1bb --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/5bd5c230-18ba-11e9-9836-f37dedd3b411-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lock Waits/sec [Metrics MSSQL] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "", + "field": "mssql.performance.lock_waits_per_sec" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true, + "style": { + "color": "#eee" + }, + "valueAxis": "ValueAxis-1" + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Average mssql.performance.lock_waits_per_sec" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Lock Waits/sec [Metrics MSSQL] ECS", + "type": "line" + } + }, + "id": "5bd5c230-18ba-11e9-9836-f37dedd3b411-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/6710ff20-1f2c-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/6710ff20-1f2c-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..c8043a21410 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/6710ff20-1f2c-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total log space usage [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total log space usage", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.space_usage.total.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Total log space usage [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "6710ff20-1f2c-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/68fa61b0-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/68fa61b0-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..f64788e76cf --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/68fa61b0-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Used space of transaction log [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Used space of transaction log", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.space_usage.used.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Used space of transaction log [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "68fa61b0-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/7784db10-18ba-11e9-9836-f37dedd3b411-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/7784db10-18ba-11e9-9836-f37dedd3b411-ecs.json new file mode 100644 index 00000000000..b4099e19183 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/7784db10-18ba-11e9-9836-f37dedd3b411-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Connections [Metrics MSSQL] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "", + "field": "mssql.performance.user_connections" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true, + "style": { + "color": "#eee" + }, + "valueAxis": "ValueAxis-1" + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Average mssql.performance.user_connections" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "User Connections [Metrics MSSQL] ECS", + "type": "line" + } + }, + "id": "7784db10-18ba-11e9-9836-f37dedd3b411-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/82bf9480-260b-11e9-a46a-471d2a76b305-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/82bf9480-260b-11e9-a46a-471d2a76b305-ecs.json new file mode 100644 index 00000000000..23d25959106 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/82bf9480-260b-11e9-a46a-471d2a76b305-ecs.json @@ -0,0 +1,47 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Database selector [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "mssql.database.name", + "id": "1549016598264", + "indexPattern": "metrics-*", + "label": "", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Database selector [Metrics MSSQL] ECS", + "type": "input_control_vis" + } + }, + "id": "82bf9480-260b-11e9-a46a-471d2a76b305-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/910f3f30-18ba-11e9-9836-f37dedd3b411-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/910f3f30-18ba-11e9-9836-f37dedd3b411-ecs.json new file mode 100644 index 00000000000..39e9b503d4c --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/910f3f30-18ba-11e9-9836-f37dedd3b411-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Transactions [Metrics MSSQL] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "", + "field": "mssql.performance.transactions" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true, + "style": { + "color": "#eee" + }, + "valueAxis": "ValueAxis-1" + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Average mssql.performance.transactions" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Transactions [Metrics MSSQL] ECS", + "type": "line" + } + }, + "id": "910f3f30-18ba-11e9-9836-f37dedd3b411-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/a55bb000-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/a55bb000-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..be38e562fdf --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/a55bb000-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Percentage of used space of transaction log [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Percentage of used space of transaction log", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.space_usage.used.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "percent", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Percentage of used space of transaction log [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "a55bb000-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/b29a2160-18ba-11e9-9836-f37dedd3b411-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/b29a2160-18ba-11e9-9836-f37dedd3b411-ecs.json new file mode 100644 index 00000000000..567d4972608 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/b29a2160-18ba-11e9-9836-f37dedd3b411-ecs.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Batch Requests/sec [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "", + "customMetric": { + "enabled": true, + "id": "1-metric", + "params": { + "field": "mssql.performance.batch_requests_per_sec" + }, + "schema": "metricAgg", + "type": "avg" + }, + "metricAgg": "custom" + }, + "schema": "metric", + "type": "derivative" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 0, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true, + "style": { + "color": "#eee" + }, + "valueAxis": "ValueAxis-1" + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Derivative of Average mssql.performance.batch_requests_per_sec" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Batch Requests/sec [Metrics MSSQL] ECS", + "type": "line" + } + }, + "id": "b29a2160-18ba-11e9-9836-f37dedd3b411-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/c9ead180-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/c9ead180-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..ad14b411545 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/c9ead180-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Active size of transaction log [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Active size of transaction log", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.stats.active_size.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Active size of transaction log [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "c9ead180-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/e9654a40-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/e9654a40-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..45ce6177299 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/e9654a40-1fb2-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Recovery size of transaction log [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Recovery size of transaction log", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.stats.recovery_size.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "de4cb6c0-1fb2-11e9-9c8a-cb3f85dff2a3" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Recovery size of transaction log [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "e9654a40-1fb2-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/kibana/visualization/edb7a0c0-1f2b-11e9-8a4d-eb34d2834f6b-ecs.json b/dev/packages/beats/mssql/0.0.1/kibana/visualization/edb7a0c0-1f2b-11e9-8a4d-eb34d2834f6b-ecs.json new file mode 100644 index 00000000000..32ac4ccd6c8 --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/kibana/visualization/edb7a0c0-1f2b-11e9-8a4d-eb34d2834f6b-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Log space size since last backup [Metrics MSSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "mssql.transaction_log.space_usage.since_last_backup.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "mssql.database.name" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Log space size since last backup [Metrics MSSQL] ECS", + "type": "metrics" + } + }, + "id": "edb7a0c0-1f2b-11e9-8a4d-eb34d2834f6b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mssql/0.0.1/manifest.yml b/dev/packages/beats/mssql/0.0.1/manifest.yml new file mode 100644 index 00000000000..9fec16c68ea --- /dev/null +++ b/dev/packages/beats/mssql/0.0.1/manifest.yml @@ -0,0 +1,56 @@ +format_version: 1.0.0 +name: mssql +title: MSSQL +version: 0.0.1 +license: basic +description: MSSQL Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-alpha2 <8.0.0' + elasticsearch: + versions: '>7.0.1' +icons: +- src: /img/mssql.svg + title: mssql + size: 385x385 + type: image/svg+xml +datasources: +- name: mssql + title: MSSQL logs and metrics + description: Collect logs and metrics from MSSQL instances + inputs: + - type: logs + title: Collect logs from MSSQL instances + description: Collecting MSSQL log logs + - type: mssql/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - sqlserver://localhost + - name: password + type: password + title: Password + multi: false + required: true + show_user: true + default: verysecurepassword + - name: username + type: text + title: Username + multi: false + required: true + show_user: true + default: domain\username + title: Collect metrics from MSSQL instances + description: Collecting MSSQL performance and transaction_log metrics diff --git a/dev/packages/beats/munin/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/munin/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/munin/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/munin/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..62d94528261 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,3 @@ +- name: munin. + type: keyword + release: ga diff --git a/dev/packages/beats/munin/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/munin/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..b6ee9a39a78 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,10 @@ +- name: munin.metrics.* + type: object + description: | + Metrics exposed by a plugin of a munin node agent. +- name: munin.plugin.name + type: keyword + description: | + Name of the plugin collecting these metrics. +- name: munin + type: group diff --git a/dev/packages/beats/munin/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/munin/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..c7f4fc3e011 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,15 @@ +title: Munin node metrics +release: experimental +type: metrics +streams: +- input: munin/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Munin node metrics + description: Collect Munin node metrics diff --git a/dev/packages/beats/munin/0.0.1/docs/README.md b/dev/packages/beats/munin/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/munin/0.0.1/img/munin.svg b/dev/packages/beats/munin/0.0.1/img/munin.svg new file mode 100644 index 00000000000..b35a39498c9 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/img/munin.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/munin/0.0.1/manifest.yml b/dev/packages/beats/munin/0.0.1/manifest.yml new file mode 100644 index 00000000000..1018eae9319 --- /dev/null +++ b/dev/packages/beats/munin/0.0.1/manifest.yml @@ -0,0 +1,36 @@ +format_version: 1.0.0 +name: munin +title: Munin +version: 0.0.1 +license: basic +description: Munin Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/munin.svg + title: munin + size: 815x947 + type: image/svg+xml +datasources: +- name: munin + title: Munin metrics + description: Collect metrics from Munin instances + inputs: + - type: munin/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:4949 + title: Collect metrics from Munin instances + description: Collecting Munin node metrics diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/agent/stream/log.yml.hbs b/dev/packages/beats/mysql/0.0.1/dataset/error/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..f95497f94c7 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + # Consider lines without timestamp part of the previous message + pattern: '^([0-9]{4}-[0-9]{2}-[0-9]{2}|[0-9]{6})' + negate: true + match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/mysql/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..9362ef4c089 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,71 @@ +--- +description: Pipeline for parsing MySQL error logs +processors: +- grok: + field: message + patterns: + - '%{MYSQLDATETIME}%{SPACE}(%{NUMBER:mysql.thread_id:long}%{SPACE})?(\[%{DATA:log.level}\]%{SPACE})?%{GREEDYMULTILINE:message}' + - '%{GREEDYDATA:message}' + ignore_missing: true + pattern_definitions: + LOCALDATETIME: (?:%{YEAR}-%{MONTHNUM}-%{MONTHDAY}|%{NUMBER})%{SPACE}%{TIME} + MYSQLDATETIME: (?:%{LOCALDATETIME:_tmp.local_timestamp}|%{TIMESTAMP_ISO8601:_tmp.timestamp}) + GREEDYMULTILINE: |- + (.| + )+ +- grok: + field: message + patterns: + - '(\[%{DATA:event.code}\])%{SPACE}(\[%{DATA:event.provider}\])%{SPACE}%{GREEDYMULTILINE}' + - '%{GREEDYDATA}' + ignore_missing: true + ignore_failure: true + pattern_definitions: + GREEDYMULTILINE: |- + (.| + )+ +- rename: + field: '@timestamp' + target_field: event.created +- date: + if: ctx._tmp?.local_timestamp != null && ctx.event?.timezone == null + field: _tmp.local_timestamp + formats: + - yyMMdd H:m:s + - yyMMdd H:m:s + - yyyy-MM-dd H:m:s + - yyyy-MM-dd H:m:s +- date: + if: ctx._tmp?.local_timestamp != null && ctx.event?.timezone != null + field: _tmp.local_timestamp + timezone: '{{ event.timezone }}' + formats: + - yyMMdd H:m:s + - yyMMdd H:m:s + - yyyy-MM-dd H:m:s + - yyyy-MM-dd H:m:s +- date: + if: ctx._tmp?.timestamp != null + field: _tmp.timestamp + formats: + - ISO8601 +- remove: + field: _tmp + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: database +- append: + field: event.type + value: info +- append: + field: event.type + value: error + if: "ctx?.log?.level != null && ctx.log.level.toLowerCase() == 'error'" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/fields/ecs.yml b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/ecs.yml new file mode 100644 index 00000000000..42840dcb488 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/ecs.yml @@ -0,0 +1,20 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 00000000000..6f5883d4d12 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,23 @@ +- name: mysql.error + type: group +- name: event.code + type: keyword + description: Identification code for this event +- name: event.provider + type: keyword + description: Source of the event (e.g. Server) +- name: event.created + type: date + description: Date/time when the event was first read by an agent, or by your pipeline. +- name: event.timezone + type: keyword + description: Time zone information +- name: event.kind + type: keyword + description: Event kind (e.g. event) +- name: event.category + type: keyword + description: Event category (e.g. database) +- name: event.type + type: keyword + description: Event severity (e.g. info, error) diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/fields/package-fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/package-fields.yml new file mode 100644 index 00000000000..a35a72d6dd7 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: mysql + type: group + fields: + - name: thread_id + type: long + description: | + The connection or thread ID for the query. diff --git a/dev/packages/beats/mysql/0.0.1/dataset/error/manifest.yml b/dev/packages/beats/mysql/0.0.1/dataset/error/manifest.yml new file mode 100644 index 00000000000..bac2bd4dcec --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/error/manifest.yml @@ -0,0 +1,25 @@ +title: MySQL error logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/mysql/error.log* + - /var/log/mysqld.log* + os: + darwin: + default: + - /usr/local/var/mysql/{{.builtin.hostname}}.{{.builtin.domain}}.err* + windows: + default: + - c:/programdata/MySQL/MySQL Server*/error.log* + template_path: log.yml.hbs + title: MySQL error logs (log) + description: Collect MySQL error logs using log input diff --git a/dev/packages/beats/mysql/0.0.1/dataset/galera_status/agent/stream/stream.yml.hbs b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..cd1e5c57c2c --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["galera_status"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if raw}} +raw: {{raw}} +{{/if}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/fields.yml new file mode 100644 index 00000000000..56458b40882 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/fields.yml @@ -0,0 +1,201 @@ +- name: mysql.galera_status + type: group + release: beta + fields: + - name: apply + type: group + fields: + - name: oooe + type: double + description: | + How often applier started write-set applying out-of-order (parallelization efficiency). + - name: oool + type: double + description: | + How often write-set was so slow to apply that write-set with higher seqno's were applied earlier. Values closer to 0 refer to a greater gap between slow and fast write-sets. + - name: window + type: double + description: | + Average distance between highest and lowest concurrently applied seqno. + - name: cert + type: group + fields: + - name: deps_distance + type: double + description: | + Average distance between highest and lowest seqno value that can be possibly applied in parallel (potential degree of parallelization). + - name: index_size + type: long + description: | + The number of entries in the certification index. + - name: interval + type: double + description: | + Average number of transactions received while a transaction replicates. + - name: cluster + type: group + fields: + - name: conf_id + type: long + description: | + Total number of cluster membership changes happened. + - name: size + type: long + description: | + Current number of members in the cluster. + - name: status + type: keyword + description: | + Status of this cluster component. That is, whether the node is part of a PRIMARY or NON_PRIMARY component. + - name: commit + type: group + fields: + - name: oooe + type: double + description: | + How often a transaction was committed out of order. + - name: window + type: long + description: | + Average distance between highest and lowest concurrently committed seqno. + - name: connected + type: keyword + description: | + If the value is OFF, the node has not yet connected to any of the cluster components. This may be due to misconfiguration. Check the error log for proper diagnostics. + - name: evs + type: group + fields: + - name: evict + type: keyword + description: | + Lists the UUID's of all nodes evicted from the cluster. Evicted nodes cannot rejoin the cluster until you restart their mysqld processes. + - name: state + type: keyword + description: | + Shows the internal state of the EVS Protocol. + - name: flow_ctl + type: group + fields: + - name: paused + type: double + description: | + The fraction of time since the last FLUSH STATUS command that replication was paused due to flow control. In other words, how much the slave lag is slowing down the cluster. + - name: paused_ns + type: long + description: | + The total time spent in a paused state measured in nanoseconds. + - name: recv + type: long + description: | + Returns the number of FC_PAUSE events the node has received, including those the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. + - name: sent + type: long + description: | + Returns the number of FC_PAUSE events the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. + - name: last_committed + type: long + description: | + The sequence number, or seqno, of the last committed transaction. + - name: local + type: group + fields: + - name: bf_aborts + type: long + description: | + Total number of local transactions that were aborted by slave transactions while in execution. + - name: cert_failures + type: long + description: | + Total number of local transactions that failed certification test. + - name: commits + type: long + description: | + Total number of local transactions committed. + - name: recv + type: group + fields: + - name: queue + type: long + description: | + Current (instantaneous) length of the recv queue. + - name: queue_avg + type: double + description: | + Recv queue length averaged over interval since the last FLUSH STATUS command. Values considerably larger than 0.0 mean that the node cannot apply write-sets as fast as they are received and will generate a lot of replication throttling. + - name: queue_max + type: long + description: | + The maximum length of the recv queue since the last FLUSH STATUS command. + - name: queue_min + type: long + description: | + The minimum length of the recv queue since the last FLUSH STATUS command. + - name: replays + type: long + description: | + Total number of transaction replays due to asymmetric lock granularity. + - name: send + type: group + fields: + - name: queue + type: long + description: | + Current (instantaneous) length of the send queue. + - name: queue_avg + type: double + description: | + Send queue length averaged over time since the last FLUSH STATUS command. Values considerably larger than 0.0 indicate replication throttling or network throughput issue. + - name: queue_max + type: long + description: | + The maximum length of the send queue since the last FLUSH STATUS command. + - name: queue_min + type: long + description: | + The minimum length of the send queue since the last FLUSH STATUS command. + - name: state + type: keyword + description: | + Internal Galera Cluster FSM state number. + - name: ready + type: keyword + description: | + Whether the server is ready to accept queries. + - name: received + type: group + fields: + - name: count + type: long + description: | + Total number of write-sets received from other nodes. + - name: bytes + type: long + description: | + Total size of write-sets received from other nodes. + - name: repl + type: group + fields: + - name: data_bytes + type: long + description: | + Total size of data replicated. + - name: keys + type: long + description: | + Total number of keys replicated. + - name: keys_bytes + type: long + description: | + Total size of keys replicated. + - name: other_bytes + type: long + description: | + Total size of other bits replicated. + - name: count + type: long + description: | + Total number of write-sets replicated (sent to other nodes). + - name: bytes + type: long + description: | + Total size of write-sets replicated. diff --git a/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/package-fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/package-fields.yml new file mode 100644 index 00000000000..57436911ee5 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mysql + type: group diff --git a/dev/packages/beats/mysql/0.0.1/dataset/galera_status/manifest.yml b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/manifest.yml new file mode 100644 index 00000000000..89a74f3a32b --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/galera_status/manifest.yml @@ -0,0 +1,15 @@ +title: MySQL galera_status metrics +release: experimental +type: metrics +streams: +- input: mysql/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MySQL galera_status metrics + description: Collect MySQL galera_status metrics diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..a1a05027bd9 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/agent/stream/log.yml.hbs @@ -0,0 +1,10 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: ['.gz$'] +multiline: + pattern: '^(# User@Host: |# Time: )' + negate: true + match: after +exclude_lines: ['^[\/\w\.]+, Version: .* started with:.*', '^# Time:.*'] # Exclude the header and time \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..93ce577a330 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,86 @@ +{ + "description": "Pipeline for parsing MySQL slow logs.", + "processors": [{ + "grok": { + "field": "message", + "patterns":[ + "^# User@Host: %{USER:user.name}(\\[%{USER:mysql.slowlog.current_user}\\])? @ %{HOSTNAME:source.domain}? \\[%{IP:source.ip}?\\]%{METRICSPACE}(Id:%{SPACE}%{NUMBER:mysql.thread_id:long}%{METRICSPACE})?(Thread_id:%{SPACE}%{NUMBER:mysql.thread_id}%{METRICSPACE})?(Schema:%{SPACE}%{WORD:mysql.slowlog.schema}?%{METRICSPACE})?(Last_errno: %{NUMBER:mysql.slowlog.last_errno:long}%{METRICSPACE})?(Killed: %{NUMBER:mysql.slowlog.killed:long}%{METRICSPACE})?(QC_hit: %{WORD:mysql.slowlog.query_cache_hit}%{METRICSPACE})?(Query_time: %{NUMBER:temp.duration:float}%{METRICSPACE})?(Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec:float}%{METRICSPACE})?(Rows_sent: %{NUMBER:mysql.slowlog.rows_sent:long}%{METRICSPACE})?(Rows_examined: %{NUMBER:mysql.slowlog.rows_examined:long}%{METRICSPACE})?(Rows_affected: %{NUMBER:mysql.slowlog.rows_affected:long}%{METRICSPACE})?(Thread_id: %{NUMBER:mysql.thread_id}%{METRICSPACE})?(Errno: %{NUMBER:mysql.slowlog.last_errno:long}%{METRICSPACE})?(Killed: %{NUMBER:mysql.slowlog.killed:long}%{METRICSPACE})?(Bytes_received: %{NUMBER:mysql.slowlog.bytes_received:long}%{METRICSPACE})?(Bytes_sent: %{NUMBER:mysql.slowlog.bytes_sent:long}%{METRICSPACE})?(Read_first: %{NUMBER:mysql.slowlog.read_first:long}%{METRICSPACE})?(Read_last: %{NUMBER:mysql.slowlog.read_last:long}%{METRICSPACE})?(Read_key: %{NUMBER:mysql.slowlog.read_key:long}%{METRICSPACE})?(Read_next: %{NUMBER:mysql.slowlog.read_next:long}%{METRICSPACE})?(Read_prev: %{NUMBER:mysql.slowlog.read_prev:long}%{METRICSPACE})?(Read_rnd: %{NUMBER:mysql.slowlog.read_rnd:long}%{METRICSPACE})?(Read_rnd_next: %{NUMBER:mysql.slowlog.read_rnd_next:long}%{METRICSPACE})?(Sort_merge_passes: %{NUMBER:mysql.slowlog.sort_merge_passes:long}%{METRICSPACE})?(Sort_range_count: %{NUMBER:mysql.slowlog.sort_range_count:long}%{METRICSPACE})?(Sort_rows: %{NUMBER:mysql.slowlog.sort_rows:long}%{METRICSPACE})?(Sort_scan_count: %{NUMBER:mysql.slowlog.sort_scan_count:long}%{METRICSPACE})?(Created_tmp_disk_tables: %{NUMBER:mysql.slowlog.tmp_disk_tables:long}%{METRICSPACE})?(Created_tmp_tables: %{NUMBER:mysql.slowlog.tmp_tables:long}%{METRICSPACE})?(Tmp_tables: %{NUMBER:mysql.slowlog.tmp_tables:long}%{METRICSPACE})?(Tmp_disk_tables: %{NUMBER:mysql.slowlog.tmp_disk_tables}%{METRICSPACE})?(Tmp_table_sizes: %{NUMBER:mysql.slowlog.tmp_table_sizes:long}%{METRICSPACE})?(Start: %{TIMESTAMP_ISO8601:event.start}%{METRICSPACE})?(End: %{TIMESTAMP_ISO8601:event.end}%{METRICSPACE})?(InnoDB_trx_id: %{WORD:mysql.slowlog.innodb.trx_id}%{METRICSPACE})?(QC_Hit: %{WORD:mysql.slowlog.query_cache_hit}%{METRICSPACE})?(Full_scan: %{WORD:mysql.slowlog.full_scan}%{METRICSPACE})?(Full_join: %{WORD:mysql.slowlog.full_join}%{METRICSPACE})?(Tmp_table: %{WORD:mysql.slowlog.tmp_table}%{METRICSPACE})?(Tmp_table_on_disk: %{WORD:mysql.slowlog.tmp_table_on_disk}%{METRICSPACE})?(Filesort: %{WORD:mysql.slowlog.filesort}%{METRICSPACE})?(Filesort_on_disk: %{WORD:mysql.slowlog.filesort_on_disk}%{METRICSPACE})?(Merge_passes: %{NUMBER:mysql.slowlog.merge_passes:long}%{METRICSPACE})?(Priority_queue: %{WORD:mysql.slowlog.priority_queue}%{METRICSPACE})?(No InnoDB statistics available for this query%{METRICSPACE})?(InnoDB_IO_r_ops: %{NUMBER:mysql.slowlog.innodb.io_r_ops:long}%{METRICSPACE})?(InnoDB_IO_r_bytes: %{NUMBER:mysql.slowlog.innodb.io_r_bytes:long}%{METRICSPACE})?(InnoDB_IO_r_wait: %{NUMBER:mysql.slowlog.innodb.io_r_wait.sec:float}%{METRICSPACE})?(InnoDB_rec_lock_wait: %{NUMBER:mysql.slowlog.innodb.rec_lock_wait.sec:float}%{METRICSPACE})?(InnoDB_queue_wait: %{NUMBER:mysql.slowlog.innodb.queue_wait.sec:float}%{METRICSPACE})?(InnoDB_pages_distinct: %{NUMBER:mysql.slowlog.innodb.pages_distinct:long}%{METRICSPACE})?(Log_slow_rate_type: %{WORD:mysql.slowlog.log_slow_rate_type}%{METRICSPACE})?(Log_slow_rate_limit: %{NUMBER:mysql.slowlog.log_slow_rate_limit:long}%{METRICSPACE})?%{EXPLAIN}(use %{WORD:mysql.slowlog.schema};\n)?SET timestamp=%{NUMBER:mysql.slowlog.timestamp:long};\n%{GREEDYMULTILINE:mysql.slowlog.query}" + ], + "pattern_definitions" : { + "GREEDYMULTILINE": "(.|\n)*", + "METRICSPACE": "([ #\n]*)", + "EXPLAIN": "(# explain:.*\n|#\\s*\n)*" + }, + "ignore_missing": true + } + }, { + "remove":{ + "field": "message" + } + }, { + "script": { + "lang": "painless", + "source": "for (field in params.fields) { def v = ctx.mysql.slowlog.get(field); if (v != null) { ctx.mysql.slowlog.put(field, params.mapping.get(v)) } }", + "params": { + "mapping": { + "Yes": true, + "No": false + }, + "fields": [ + "query_cache_hit", + "tmp_table", + "tmp_table_on_disk", + "filesort", + "filesort_on_disk", + "priority_queue", + "full_scan", + "full_join" + ] + } + } + }, { + "script": { + "lang": "painless", + "source": "ctx.event.duration = Math.round(ctx.temp.duration * 1000000) * 1000", + "if": "ctx.temp?.duration != null" + } + }, { + "remove": { + "field": "temp.duration", + "ignore_missing": true + } + }, { + "date": { + "field": "mysql.slowlog.timestamp", + "target_field": "@timestamp", + "formats": ["UNIX"], + "ignore_failure": true + } + }, { + "remove":{ + "field": "mysql.slowlog.timestamp", + "ignore_missing": true + } + }, { + "set":{ + "field": "event.kind", + "value": "event" + } + }, { + "append":{ + "field": "event.category", + "value": "database" + } + }, { + "append":{ + "field": "event.type", + "value": "info" + } + }], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/ecs.yml b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/ecs.yml new file mode 100644 index 00000000000..ba864aa07fb --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/ecs.yml @@ -0,0 +1,29 @@ +- name: source + title: Source + group: 2 + type: group + fields: + - name: domain + level: core + type: keyword + description: Source domain. + ignore_above: 1024 + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 00000000000..681c9d98d93 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,180 @@ +- name: mysql.slowlog + type: group + fields: + - name: lock_time.sec + type: float + description: | + The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number. + - name: rows_sent + type: long + description: | + The number of rows returned by the query. + - name: rows_examined + type: long + description: | + The number of rows scanned by the query. + - name: rows_affected + type: long + description: | + The number of rows modified by the query. + - name: bytes_sent + type: long + format: bytes + description: | + The number of bytes sent to client. + - name: bytes_received + type: long + format: bytes + description: | + The number of bytes received from client. + - name: query + type: keyword + description: | + The slow query. + - name: schema + type: keyword + description: | + The schema where the slow query was executed. + - name: current_user + type: keyword + description: | + Current authenticated user, used to determine access privileges. Can differ from the value for user. + - name: last_errno + type: keyword + description: | + Last SQL error seen. + - name: killed + type: keyword + description: | + Code of the reason if the query was killed. + - name: query_cache_hit + type: boolean + description: | + Whether the query cache was hit. + - name: tmp_table + type: boolean + description: | + Whether a temporary table was used to resolve the query. + - name: tmp_table_on_disk + type: boolean + description: | + Whether the query needed temporary tables on disk. + - name: tmp_tables + type: long + description: | + Number of temporary tables created for this query + - name: tmp_disk_tables + type: long + description: | + Number of temporary tables created on disk for this query. + - name: tmp_table_sizes + type: long + format: bytes + description: Size of temporary tables created for this query. + - name: filesort + type: boolean + description: | + Whether filesort optimization was used. + - name: filesort_on_disk + type: boolean + description: | + Whether filesort optimization was used and it needed temporary tables on disk. + - name: priority_queue + type: boolean + description: | + Whether a priority queue was used for filesort. + - name: full_scan + type: boolean + description: | + Whether a full table scan was needed for the slow query. + - name: full_join + type: boolean + description: | + Whether a full join was needed for the slow query (no indexes were used for joins). + - name: merge_passes + type: long + description: | + Number of merge passes executed for the query. + - name: sort_merge_passes + type: long + description: | + Number of merge passes that the sort algorithm has had to do. + - name: sort_range_count + type: long + description: "Number of sorts that were done using ranges. \n" + - name: sort_rows + type: long + description: | + Number of sorted rows. + - name: sort_scan_count + type: long + description: | + Number of sorts that were done by scanning the table. + - name: log_slow_rate_type + type: keyword + description: | + Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query. + - name: log_slow_rate_limit + type: keyword + description: | + Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged. + - name: read_first + type: long + description: | + The number of times the first entry in an index was read. + - name: read_last + type: long + description: | + The number of times the last key in an index was read. + - name: read_key + type: long + description: | + The number of requests to read a row based on a key. + - name: read_next + type: long + description: | + The number of requests to read the next row in key order. + - name: read_prev + type: long + description: | + The number of requests to read the previous row in key order. + - name: read_rnd + type: long + description: "The number of requests to read a row based on a fixed position. + \n" + - name: read_rnd_next + type: long + description: | + The number of requests to read the next row in the data file. + - name: innodb + type: group + fields: + - name: trx_id + type: keyword + description: | + Transaction ID + - name: io_r_ops + type: long + description: | + Number of page read operations. + - name: io_r_bytes + type: long + format: bytes + description: | + Bytes read during page read operations. + - name: io_r_wait.sec + type: long + description: | + How long it took to read all needed data from storage. + - name: rec_lock_wait.sec + type: long + description: | + How long the query waited for locks. + - name: queue_wait.sec + type: long + description: | + How long the query waited to enter the InnoDB queue and to be executed once in the queue. + - name: pages_distinct + type: long + description: | + Approximated count of pages accessed to execute the query. diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/package-fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/package-fields.yml new file mode 100644 index 00000000000..a35a72d6dd7 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: mysql + type: group + fields: + - name: thread_id + type: long + description: | + The connection or thread ID for the query. diff --git a/dev/packages/beats/mysql/0.0.1/dataset/slowlog/manifest.yml b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/manifest.yml new file mode 100644 index 00000000000..a88e9c3e055 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/slowlog/manifest.yml @@ -0,0 +1,25 @@ +title: MySQL slowlog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/mysql/mysql-slow.log* + - /var/lib/mysql/{{.builtin.hostname}}-slow.log + os: + darwin: + default: + - /usr/local/var/mysql/{{.builtin.hostname}}-slow.log* + windows: + default: + - c:/programdata/MySQL/MySQL Server*/mysql-slow.log* + template_path: log.yml.hbs + title: MySQL slowlog logs (log) + description: Collect MySQL slowlog logs using log input diff --git a/dev/packages/beats/mysql/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/mysql/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..8cb5142b3d3 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["status"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if raw}} +raw: {{raw}} +{{/if}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/mysql/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..901a3728b25 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,282 @@ +- name: mysql.status + type: group + release: ga + fields: + - name: aborted + type: group + fields: + - name: clients + type: long + description: | + The number of connections that were aborted because the client died without closing the connection properly. + - name: connects + type: long + description: | + The number of failed attempts to connect to the MySQL server. + - name: binlog + type: group + fields: + - name: cache.disk_use + type: long + - name: cache.use + type: long + - name: bytes + type: group + fields: + - name: received + type: long + format: bytes + description: | + The number of bytes received from all clients. + - name: sent + type: long + format: bytes + description: | + The number of bytes sent to all clients. + - name: threads + type: group + fields: + - name: cached + type: long + description: | + The number of cached threads. + - name: created + type: long + description: | + The number of created threads. + - name: connected + type: long + description: | + The number of connected threads. + - name: running + type: long + description: | + The number of running threads. + - name: connections + type: long + - name: created + type: group + fields: + - name: tmp.disk_tables + type: long + - name: tmp.files + type: long + - name: tmp.tables + type: long + - name: delayed + type: group + fields: + - name: errors + type: long + - name: insert_threads + type: long + - name: writes + type: long + - name: flush_commands + type: long + - name: max_used_connections + type: long + - name: open + type: group + fields: + - name: files + type: long + - name: streams + type: long + - name: tables + type: long + - name: opened_tables + type: long + - name: command + type: group + fields: + - name: delete + type: long + description: | + The number of DELETE queries since startup. + - name: insert + type: long + description: | + The number of INSERT queries since startup. + - name: select + type: long + description: | + The number of SELECT queries since startup. + - name: update + type: long + description: | + The number of UPDATE queries since startup. + - name: queries + type: long + description: | + The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count COM_PING or COM_STATISTICS commands. + - name: questions + type: long + description: | + The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands. + - name: handler + type: group + fields: + - name: commit + type: long + description: | + The number of internal COMMIT statements. + - name: delete + type: long + description: | + The number of times that rows have been deleted from tables. + - name: external_lock + type: long + description: | + The server increments this variable for each call to its external_lock() function, which generally occurs at the beginning and end of access to a table instance. + - name: mrr_init + type: long + description: | + The number of times the server uses a storage engine's own Multi-Range Read implementation for table access. + - name: prepare + type: long + description: | + A counter for the prepare phase of two-phase commit operations. + - name: read + type: group + fields: + - name: first + type: long + description: | + The number of times the first entry in an index was read. + - name: key + type: long + description: | + The number of requests to read a row based on a key. + - name: last + type: long + description: "The number of requests to read the last key in an index. \n" + - name: next + type: long + description: | + The number of requests to read the next row in key order. + - name: prev + type: long + description: | + The number of requests to read the previous row in key order. + - name: rnd + type: long + description: "The number of requests to read a row based on a fixed position. + \n" + - name: rnd_next + type: long + description: "The number of requests to read the next row in the data file. + \n" + - name: rollback + type: long + description: | + The number of requests for a storage engine to perform a rollback operation. + - name: savepoint + type: long + description: | + The number of requests for a storage engine to place a savepoint. + - name: savepoint_rollback + type: long + description: | + The number of requests for a storage engine to roll back to a savepoint. + - name: update + type: long + description: | + The number of requests to update a row in a table. + - name: write + type: long + description: | + The number of requests to insert a row in a table. + - name: innodb + type: group + fields: + - name: buffer_pool + type: group + fields: + - name: dump_status + type: long + description: | + The progress of an operation to record the pages held in the InnoDB buffer pool, triggered by the setting of innodb_buffer_pool_dump_at_shutdown or innodb_buffer_pool_dump_now. + - name: load_status + type: long + description: | + The progress of an operation to warm up the InnoDB buffer pool by reading in a set of pages corresponding to an earlier point in time, triggered by the setting of innodb_buffer_pool_load_at_startup or innodb_buffer_pool_load_now. + - name: bytes + type: group + fields: + - name: data + type: long + description: "The total number of bytes in the InnoDB buffer pool containing + data. \n" + - name: dirty + type: long + description: | + The total current number of bytes held in dirty pages in the InnoDB buffer pool. + - name: pages + type: group + fields: + - name: data + type: long + description: | + he number of pages in the InnoDB buffer pool containing data. + - name: dirty + type: long + description: | + The current number of dirty pages in the InnoDB buffer pool. + - name: flushed + type: long + description: | + The number of requests to flush pages from the InnoDB buffer pool. + - name: free + type: long + description: | + The number of free pages in the InnoDB buffer pool. + - name: latched + type: long + description: | + The number of latched pages in the InnoDB buffer pool. + - name: misc + type: long + description: | + The number of pages in the InnoDB buffer pool that are busy because they have been allocated for administrative overhead, such as row locks or the adaptive hash index. + - name: total + type: long + description: | + The total size of the InnoDB buffer pool, in pages. + - name: read + type: group + fields: + - name: ahead + type: long + description: | + The number of pages read into the InnoDB buffer pool by the read-ahead background thread. + - name: ahead_evicted + type: long + description: | + The number of pages read into the InnoDB buffer pool by the read-ahead background thread that were subsequently evicted without having been accessed by queries. + - name: ahead_rnd + type: long + description: | + The number of "random" read-aheads initiated by InnoDB. + - name: requests + type: long + description: | + The number of logical read requests. + - name: pool + type: group + fields: + - name: reads + type: long + description: | + The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. + - name: resize_status + type: long + description: | + The status of an operation to resize the InnoDB buffer pool dynamically, triggered by setting the innodb_buffer_pool_size parameter dynamically. + - name: wait_free + type: long + description: | + Normally, writes to the InnoDB buffer pool happen in the background. When InnoDB needs to read or create a page and no clean pages are available, InnoDB flushes some dirty pages first and waits for that operation to finish. This counter counts instances of these waits. + - name: write_requests + type: long + description: The number of writes done to the InnoDB buffer pool. diff --git a/dev/packages/beats/mysql/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/mysql/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..57436911ee5 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: mysql + type: group diff --git a/dev/packages/beats/mysql/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/mysql/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..5f984948bcc --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,15 @@ +title: MySQL status metrics +release: experimental +type: metrics +streams: +- input: mysql/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: MySQL status metrics + description: Collect MySQL status metrics diff --git a/dev/packages/beats/mysql/0.0.1/docs/README.md b/dev/packages/beats/mysql/0.0.1/docs/README.md new file mode 100644 index 00000000000..68dac87331b --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/docs/README.md @@ -0,0 +1,465 @@ +# MySQL Integration + +This integration periodically fetches logs and metrics from [https://www.mysql.com/](MySQL) servers. + +## Compatibility + +The `error` and `slowlog` datasets were tested with logs from MySQL 5.5, 5.7 and 8.0, MariaDB 10.1, 10.2 and 10.3, and Percona 5.7 and 8.0. + +The `galera_status` and `status` datasets were tested with MySQL and Percona 5.7 and 8.0 and are expected to work with all +versions >= 5.7.0. It is also tested with MariaDB 10.2, 10.3 and 10.4. + +## Logs + +### error + +The `error` dataset collects the MySQL error logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| event.category | Event category (e.g. database) | keyword | +| event.code | Identification code for this event | keyword | +| event.created | Date/time when the event was first read by an agent, or by your pipeline. | date | +| event.kind | Event kind (e.g. event) | keyword | +| event.provider | Source of the event (e.g. Server) | keyword | +| event.timezone | Time zone information | keyword | +| event.type | Event severity (e.g. info, error) | keyword | +| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| mysql.thread_id | The connection or thread ID for the query. | long | + + +### slowlog + +The `slowlog` dataset collects the MySQL slow logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| mysql.slowlog.bytes_received | The number of bytes received from client. | long | +| mysql.slowlog.bytes_sent | The number of bytes sent to client. | long | +| mysql.slowlog.current_user | Current authenticated user, used to determine access privileges. Can differ from the value for user. | keyword | +| mysql.slowlog.filesort | Whether filesort optimization was used. | boolean | +| mysql.slowlog.filesort_on_disk | Whether filesort optimization was used and it needed temporary tables on disk. | boolean | +| mysql.slowlog.full_join | Whether a full join was needed for the slow query (no indexes were used for joins). | boolean | +| mysql.slowlog.full_scan | Whether a full table scan was needed for the slow query. | boolean | +| mysql.slowlog.innodb.io_r_bytes | Bytes read during page read operations. | long | +| mysql.slowlog.innodb.io_r_ops | Number of page read operations. | long | +| mysql.slowlog.innodb.io_r_wait.sec | How long it took to read all needed data from storage. | long | +| mysql.slowlog.innodb.pages_distinct | Approximated count of pages accessed to execute the query. | long | +| mysql.slowlog.innodb.queue_wait.sec | How long the query waited to enter the InnoDB queue and to be executed once in the queue. | long | +| mysql.slowlog.innodb.rec_lock_wait.sec | How long the query waited for locks. | long | +| mysql.slowlog.innodb.trx_id | Transaction ID | keyword | +| mysql.slowlog.killed | Code of the reason if the query was killed. | keyword | +| mysql.slowlog.last_errno | Last SQL error seen. | keyword | +| mysql.slowlog.lock_time.sec | The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number. | float | +| mysql.slowlog.log_slow_rate_limit | Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged. | keyword | +| mysql.slowlog.log_slow_rate_type | Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query. | keyword | +| mysql.slowlog.merge_passes | Number of merge passes executed for the query. | long | +| mysql.slowlog.priority_queue | Whether a priority queue was used for filesort. | boolean | +| mysql.slowlog.query | The slow query. | keyword | +| mysql.slowlog.query_cache_hit | Whether the query cache was hit. | boolean | +| mysql.slowlog.read_first | The number of times the first entry in an index was read. | long | +| mysql.slowlog.read_key | The number of requests to read a row based on a key. | long | +| mysql.slowlog.read_last | The number of times the last key in an index was read. | long | +| mysql.slowlog.read_next | The number of requests to read the next row in key order. | long | +| mysql.slowlog.read_prev | The number of requests to read the previous row in key order. | long | +| mysql.slowlog.read_rnd | The number of requests to read a row based on a fixed position. | long | +| mysql.slowlog.read_rnd_next | The number of requests to read the next row in the data file. | long | +| mysql.slowlog.rows_affected | The number of rows modified by the query. | long | +| mysql.slowlog.rows_examined | The number of rows scanned by the query. | long | +| mysql.slowlog.rows_sent | The number of rows returned by the query. | long | +| mysql.slowlog.schema | The schema where the slow query was executed. | keyword | +| mysql.slowlog.sort_merge_passes | Number of merge passes that the sort algorithm has had to do. | long | +| mysql.slowlog.sort_range_count | Number of sorts that were done using ranges. | long | +| mysql.slowlog.sort_rows | Number of sorted rows. | long | +| mysql.slowlog.sort_scan_count | Number of sorts that were done by scanning the table. | long | +| mysql.slowlog.tmp_disk_tables | Number of temporary tables created on disk for this query. | long | +| mysql.slowlog.tmp_table | Whether a temporary table was used to resolve the query. | boolean | +| mysql.slowlog.tmp_table_on_disk | Whether the query needed temporary tables on disk. | boolean | +| mysql.slowlog.tmp_table_sizes | Size of temporary tables created for this query. | long | +| mysql.slowlog.tmp_tables | Number of temporary tables created for this query | long | +| mysql.thread_id | The connection or thread ID for the query. | long | +| source.domain | Source domain. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | +| user.name | Short name or login of the user. | keyword | + + +## Metrics + +### galera_status + +The `galera_status` dataset periodically fetches metrics from [http://galeracluster.com/](Galera)-MySQL cluster servers. + +An example event for `galera_status` looks as following: + +```$json +{ + "@timestamp":"2020-04-20T12:33:24.613Z", + "mysql":{ + "galera_status":{ + "apply":{ + "oooe":0, + "oool":0, + "window":1 + }, + "connected":"ON", + "flow_ctl":{ + "recv":0, + "sent":0, + "paused":0, + "paused_ns":0 + }, + "ready":"ON", + "received":{ + "count":173, + "bytes":152425 + }, + "local":{ + "state":"Synced", + "bf_aborts":0, + "cert_failures":0, + "commits":1325, + "recv":{ + "queue_max":2, + "queue_min":0, + "queue":0, + "queue_avg":0.011561 + }, + "replays":0, + "send":{ + "queue_min":0, + "queue":0, + "queue_avg":0, + "queue_max":1 + } + }, + "evs":{ + "evict":"", + "state":"OPERATIONAL" + }, + "repl":{ + "bytes":1689804, + "data_bytes":1540647, + "keys":4170, + "keys_bytes":63973, + "other_bytes":0, + "count":1331 + }, + "commit":{ + "oooe":0, + "window":1 + }, + "cluster":{ + "conf_id":930, + "size":3, + "status":"Primary" + }, + "last_committed":23944, + "cert":{ + "deps_distance":43.524557, + "index_size":22, + "interval":0 + } + } + }, + "fields":{ + "stream":{ + "type":"metrics", + "dataset":"mysql.galera_status", + "namespace":"default" + } + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "hostname":"MacBook-Elastic.local", + "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6", + "version":"8.0.0", + "type":"metricbeat", + "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f" + }, + "event":{ + "dataset":"mysql.galera_status", + "module":"mysql", + "duration":3275482 + }, + "metricset":{ + "name":"galera_status", + "period":10000 + }, + "service":{ + "address":"127.0.0.1:3306", + "type":"mysql" + } +} +``` + +The fields reported are: + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| mysql.galera_status.apply.oooe | How often applier started write-set applying out-of-order (parallelization efficiency). | double | +| mysql.galera_status.apply.oool | How often write-set was so slow to apply that write-set with higher seqno's were applied earlier. Values closer to 0 refer to a greater gap between slow and fast write-sets. | double | +| mysql.galera_status.apply.window | Average distance between highest and lowest concurrently applied seqno. | double | +| mysql.galera_status.cert.deps_distance | Average distance between highest and lowest seqno value that can be possibly applied in parallel (potential degree of parallelization). | double | +| mysql.galera_status.cert.index_size | The number of entries in the certification index. | long | +| mysql.galera_status.cert.interval | Average number of transactions received while a transaction replicates. | double | +| mysql.galera_status.cluster.conf_id | Total number of cluster membership changes happened. | long | +| mysql.galera_status.cluster.size | Current number of members in the cluster. | long | +| mysql.galera_status.cluster.status | Status of this cluster component. That is, whether the node is part of a PRIMARY or NON_PRIMARY component. | keyword | +| mysql.galera_status.commit.oooe | How often a transaction was committed out of order. | double | +| mysql.galera_status.commit.window | Average distance between highest and lowest concurrently committed seqno. | long | +| mysql.galera_status.connected | If the value is OFF, the node has not yet connected to any of the cluster components. This may be due to misconfiguration. Check the error log for proper diagnostics. | keyword | +| mysql.galera_status.evs.evict | Lists the UUID's of all nodes evicted from the cluster. Evicted nodes cannot rejoin the cluster until you restart their mysqld processes. | keyword | +| mysql.galera_status.evs.state | Shows the internal state of the EVS Protocol. | keyword | +| mysql.galera_status.flow_ctl.paused | The fraction of time since the last FLUSH STATUS command that replication was paused due to flow control. In other words, how much the slave lag is slowing down the cluster. | double | +| mysql.galera_status.flow_ctl.paused_ns | The total time spent in a paused state measured in nanoseconds. | long | +| mysql.galera_status.flow_ctl.recv | Returns the number of FC_PAUSE events the node has received, including those the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. | long | +| mysql.galera_status.flow_ctl.sent | Returns the number of FC_PAUSE events the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. | long | +| mysql.galera_status.last_committed | The sequence number, or seqno, of the last committed transaction. | long | +| mysql.galera_status.local.bf_aborts | Total number of local transactions that were aborted by slave transactions while in execution. | long | +| mysql.galera_status.local.cert_failures | Total number of local transactions that failed certification test. | long | +| mysql.galera_status.local.commits | Total number of local transactions committed. | long | +| mysql.galera_status.local.recv.queue | Current (instantaneous) length of the recv queue. | long | +| mysql.galera_status.local.recv.queue_avg | Recv queue length averaged over interval since the last FLUSH STATUS command. Values considerably larger than 0.0 mean that the node cannot apply write-sets as fast as they are received and will generate a lot of replication throttling. | double | +| mysql.galera_status.local.recv.queue_max | The maximum length of the recv queue since the last FLUSH STATUS command. | long | +| mysql.galera_status.local.recv.queue_min | The minimum length of the recv queue since the last FLUSH STATUS command. | long | +| mysql.galera_status.local.replays | Total number of transaction replays due to asymmetric lock granularity. | long | +| mysql.galera_status.local.send.queue | Current (instantaneous) length of the send queue. | long | +| mysql.galera_status.local.send.queue_avg | Send queue length averaged over time since the last FLUSH STATUS command. Values considerably larger than 0.0 indicate replication throttling or network throughput issue. | double | +| mysql.galera_status.local.send.queue_max | The maximum length of the send queue since the last FLUSH STATUS command. | long | +| mysql.galera_status.local.send.queue_min | The minimum length of the send queue since the last FLUSH STATUS command. | long | +| mysql.galera_status.local.state | Internal Galera Cluster FSM state number. | keyword | +| mysql.galera_status.ready | Whether the server is ready to accept queries. | keyword | +| mysql.galera_status.received.bytes | Total size of write-sets received from other nodes. | long | +| mysql.galera_status.received.count | Total number of write-sets received from other nodes. | long | +| mysql.galera_status.repl.bytes | Total size of write-sets replicated. | long | +| mysql.galera_status.repl.count | Total number of write-sets replicated (sent to other nodes). | long | +| mysql.galera_status.repl.data_bytes | Total size of data replicated. | long | +| mysql.galera_status.repl.keys | Total number of keys replicated. | long | +| mysql.galera_status.repl.keys_bytes | Total size of keys replicated. | long | +| mysql.galera_status.repl.other_bytes | Total size of other bits replicated. | long | + + +### status + +The MySQL `status` dataset collects data from MySQL by running a `SHOW GLOBAL STATUS;` SQL query. This query returns a large number of metrics. + +An example event for `status` looks as following: + +```$json +{ + "@timestamp":"2020-04-20T12:32:54.614Z", + "mysql":{ + "status":{ + "max_used_connections":3, + "queries":479, + "handler":{ + "prepare":0, + "savepoint":0, + "update":0, + "delete":0, + "read":{ + "rnd_next":59604, + "first":8, + "key":6, + "last":0, + "next":1, + "prev":0, + "rnd":0 + }, + "rollback":0, + "write":0, + "commit":5, + "savepoint_rollback":0, + "external_lock":552, + "mrr_init":0 + }, + "aborted":{ + "clients":0, + "connects":0 + }, + "threads":{ + "running":2, + "cached":1, + "created":3, + "connected":2 + }, + "flush_commands":1, + "created":{ + "tmp":{ + "disk_tables":0, + "files":6, + "tables":0 + } + }, + "connections":159, + "command":{ + "insert":0, + "select":155, + "update":0, + "delete":0 + }, + "opened_tables":122, + "binlog":{ + "cache":{ + "use":0, + "disk_use":0 + } + }, + "delayed":{ + "writes":0, + "errors":0, + "insert_threads":0 + }, + "questions":479, + "innodb":{ + "buffer_pool":{ + "read":{ + "ahead_rnd":0, + "requests":1488, + "ahead":0, + "ahead_evicted":0 + }, + "pool":{ + "wait_free":0, + "reads":405 + }, + "write_requests":325, + "bytes":{ + "data":7176192, + "dirty":0 + }, + "pages":{ + "dirty":0, + "flushed":36, + "free":7753, + "misc":0, + "total":8191, + "data":438 + } + } + }, + "bytes":{ + "received":38468, + "sent":1622162 + }, + "open":{ + "streams":0, + "tables":115, + "files":14 + } + } + }, + "event":{ + "dataset":"mysql.status", + "module":"mysql", + "duration":4708776 + }, + "metricset":{ + "name":"status", + "period":10000 + }, + "fields":{ + "stream":{ + "type":"metrics", + "dataset":"mysql.status", + "namespace":"default" + } + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6", + "version":"8.0.0", + "type":"metricbeat", + "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f", + "hostname":"MacBook-Elastic.local" + }, + "service":{ + "address":"127.0.0.1:3306", + "type":"mysql" + } +} +``` + +The fields reported are: + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| mysql.status.aborted.clients | The number of connections that were aborted because the client died without closing the connection properly. | long | +| mysql.status.aborted.connects | The number of failed attempts to connect to the MySQL server. | long | +| mysql.status.binlog.cache.disk_use | | long | +| mysql.status.binlog.cache.use | | long | +| mysql.status.bytes.received | The number of bytes received from all clients. | long | +| mysql.status.bytes.sent | The number of bytes sent to all clients. | long | +| mysql.status.command.delete | The number of DELETE queries since startup. | long | +| mysql.status.command.insert | The number of INSERT queries since startup. | long | +| mysql.status.command.select | The number of SELECT queries since startup. | long | +| mysql.status.command.update | The number of UPDATE queries since startup. | long | +| mysql.status.connections | | long | +| mysql.status.created.tmp.disk_tables | | long | +| mysql.status.created.tmp.files | | long | +| mysql.status.created.tmp.tables | | long | +| mysql.status.delayed.errors | | long | +| mysql.status.delayed.insert_threads | | long | +| mysql.status.delayed.writes | | long | +| mysql.status.flush_commands | | long | +| mysql.status.handler.commit | The number of internal COMMIT statements. | long | +| mysql.status.handler.delete | The number of times that rows have been deleted from tables. | long | +| mysql.status.handler.external_lock | The server increments this variable for each call to its external_lock() function, which generally occurs at the beginning and end of access to a table instance. | long | +| mysql.status.handler.mrr_init | The number of times the server uses a storage engine's own Multi-Range Read implementation for table access. | long | +| mysql.status.handler.prepare | A counter for the prepare phase of two-phase commit operations. | long | +| mysql.status.handler.read.first | The number of times the first entry in an index was read. | long | +| mysql.status.handler.read.key | The number of requests to read a row based on a key. | long | +| mysql.status.handler.read.last | The number of requests to read the last key in an index. | long | +| mysql.status.handler.read.next | The number of requests to read the next row in key order. | long | +| mysql.status.handler.read.prev | The number of requests to read the previous row in key order. | long | +| mysql.status.handler.read.rnd | The number of requests to read a row based on a fixed position. | long | +| mysql.status.handler.read.rnd_next | The number of requests to read the next row in the data file. | long | +| mysql.status.handler.rollback | The number of requests for a storage engine to perform a rollback operation. | long | +| mysql.status.handler.savepoint | The number of requests for a storage engine to place a savepoint. | long | +| mysql.status.handler.savepoint_rollback | The number of requests for a storage engine to roll back to a savepoint. | long | +| mysql.status.handler.update | The number of requests to update a row in a table. | long | +| mysql.status.handler.write | The number of requests to insert a row in a table. | long | +| mysql.status.innodb.buffer_pool.bytes.data | The total number of bytes in the InnoDB buffer pool containing data. | long | +| mysql.status.innodb.buffer_pool.bytes.dirty | The total current number of bytes held in dirty pages in the InnoDB buffer pool. | long | +| mysql.status.innodb.buffer_pool.dump_status | The progress of an operation to record the pages held in the InnoDB buffer pool, triggered by the setting of innodb_buffer_pool_dump_at_shutdown or innodb_buffer_pool_dump_now. | long | +| mysql.status.innodb.buffer_pool.load_status | The progress of an operation to warm up the InnoDB buffer pool by reading in a set of pages corresponding to an earlier point in time, triggered by the setting of innodb_buffer_pool_load_at_startup or innodb_buffer_pool_load_now. | long | +| mysql.status.innodb.buffer_pool.pages.data | he number of pages in the InnoDB buffer pool containing data. | long | +| mysql.status.innodb.buffer_pool.pages.dirty | The current number of dirty pages in the InnoDB buffer pool. | long | +| mysql.status.innodb.buffer_pool.pages.flushed | The number of requests to flush pages from the InnoDB buffer pool. | long | +| mysql.status.innodb.buffer_pool.pages.free | The number of free pages in the InnoDB buffer pool. | long | +| mysql.status.innodb.buffer_pool.pages.latched | The number of latched pages in the InnoDB buffer pool. | long | +| mysql.status.innodb.buffer_pool.pages.misc | The number of pages in the InnoDB buffer pool that are busy because they have been allocated for administrative overhead, such as row locks or the adaptive hash index. | long | +| mysql.status.innodb.buffer_pool.pages.total | The total size of the InnoDB buffer pool, in pages. | long | +| mysql.status.innodb.buffer_pool.pool.reads | The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. | long | +| mysql.status.innodb.buffer_pool.pool.resize_status | The status of an operation to resize the InnoDB buffer pool dynamically, triggered by setting the innodb_buffer_pool_size parameter dynamically. | long | +| mysql.status.innodb.buffer_pool.pool.wait_free | Normally, writes to the InnoDB buffer pool happen in the background. When InnoDB needs to read or create a page and no clean pages are available, InnoDB flushes some dirty pages first and waits for that operation to finish. This counter counts instances of these waits. | long | +| mysql.status.innodb.buffer_pool.read.ahead | The number of pages read into the InnoDB buffer pool by the read-ahead background thread. | long | +| mysql.status.innodb.buffer_pool.read.ahead_evicted | The number of pages read into the InnoDB buffer pool by the read-ahead background thread that were subsequently evicted without having been accessed by queries. | long | +| mysql.status.innodb.buffer_pool.read.ahead_rnd | The number of "random" read-aheads initiated by InnoDB. | long | +| mysql.status.innodb.buffer_pool.read.requests | The number of logical read requests. | long | +| mysql.status.innodb.buffer_pool.write_requests | The number of writes done to the InnoDB buffer pool. | long | +| mysql.status.max_used_connections | | long | +| mysql.status.open.files | | long | +| mysql.status.open.streams | | long | +| mysql.status.open.tables | | long | +| mysql.status.opened_tables | | long | +| mysql.status.queries | The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count COM_PING or COM_STATISTICS commands. | long | +| mysql.status.questions | The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands. | long | +| mysql.status.threads.cached | The number of cached threads. | long | +| mysql.status.threads.connected | The number of connected threads. | long | +| mysql.status.threads.created | The number of created threads. | long | +| mysql.status.threads.running | The number of running threads. | long | + diff --git a/dev/packages/beats/mysql/0.0.1/img/kibana-mysql.png b/dev/packages/beats/mysql/0.0.1/img/kibana-mysql.png new file mode 100644 index 00000000000..13c5ea4d276 Binary files /dev/null and b/dev/packages/beats/mysql/0.0.1/img/kibana-mysql.png differ diff --git a/dev/packages/beats/mysql/0.0.1/img/logo_mysql.svg b/dev/packages/beats/mysql/0.0.1/img/logo_mysql.svg new file mode 100644 index 00000000000..cfe6cbb664e --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/img/logo_mysql.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/dev/packages/beats/mysql/0.0.1/img/metricbeat-mysql.png b/dev/packages/beats/mysql/0.0.1/img/metricbeat-mysql.png new file mode 100644 index 00000000000..ee6ec195d46 Binary files /dev/null and b/dev/packages/beats/mysql/0.0.1/img/metricbeat-mysql.png differ diff --git a/dev/packages/beats/mysql/0.0.1/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..fdf48a149ca --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,282 @@ +{ + "attributes": { + "description": "Overview of MySQL server", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Open Tables, Files, Streams" + }, + "gridData": { + "h": 15, + "i": "14", + "w": 24, + "x": 24, + "y": 38 + }, + "panelIndex": "14", + "panelRefName": "panel_0", + "title": "Open Tables, Files, Streams", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Rate of Questions" + }, + "gridData": { + "h": 12, + "i": "050b110b-0b4d-404a-86c0-fa97f7eed2a0", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "050b110b-0b4d-404a-86c0-fa97f7eed2a0", + "panelRefName": "panel_1", + "title": "Rate of Questions", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Rate of SELECT statements" + }, + "gridData": { + "h": 12, + "i": "988a61d7-ac3e-481e-a6ae-aa75aaa32a3a", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "988a61d7-ac3e-481e-a6ae-aa75aaa32a3a", + "panelRefName": "panel_2", + "title": "Rate of SELECT statements", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Rate of INSERT, UPDATE, DELETE" + }, + "gridData": { + "h": 12, + "i": "a1f8fa38-a62f-4e05-adde-e995dae9ad83", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "a1f8fa38-a62f-4e05-adde-e995dae9ad83", + "panelRefName": "panel_3", + "title": "Rate of INSERT, UPDATE, DELETE", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Connected Threads" + }, + "gridData": { + "h": 12, + "i": "d126fb61-605f-43af-b5d5-3fa3c128f726", + "w": 6, + "x": 0, + "y": 12 + }, + "panelIndex": "d126fb61-605f-43af-b5d5-3fa3c128f726", + "panelRefName": "panel_4", + "title": "Connected Threads", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Connections" + }, + "gridData": { + "h": 12, + "i": "59586d96-3abd-48a3-a258-cfd620826ec2", + "w": 14, + "x": 6, + "y": 12 + }, + "panelIndex": "59586d96-3abd-48a3-a258-cfd620826ec2", + "panelRefName": "panel_5", + "title": "Connections", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Aborted Connections Rate" + }, + "gridData": { + "h": 12, + "i": "dd0cf202-fe22-4daf-8f25-09c64d412bf3", + "w": 14, + "x": 20, + "y": 12 + }, + "panelIndex": "dd0cf202-fe22-4daf-8f25-09c64d412bf3", + "panelRefName": "panel_6", + "title": "Aborted Connections Rate", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Thread Activity" + }, + "gridData": { + "h": 12, + "i": "ead16a55-a2d3-49ae-a09b-a0b03560e9a0", + "w": 14, + "x": 34, + "y": 12 + }, + "panelIndex": "ead16a55-a2d3-49ae-a09b-a0b03560e9a0", + "panelRefName": "panel_7", + "title": "Thread Activity", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Buffer Pool Pages" + }, + "gridData": { + "h": 14, + "i": "24fc2926-610d-4910-8f3e-eb63ca69788c", + "w": 15, + "x": 0, + "y": 24 + }, + "panelIndex": "24fc2926-610d-4910-8f3e-eb63ca69788c", + "panelRefName": "panel_8", + "title": "Buffer Pool Pages", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Buffer Pool Utilization" + }, + "gridData": { + "h": 14, + "i": "33c10c95-be67-492e-afb5-863f375cffc2", + "w": 16, + "x": 15, + "y": 24 + }, + "panelIndex": "33c10c95-be67-492e-afb5-863f375cffc2", + "panelRefName": "panel_9", + "title": "Buffer Pool Utilization", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Network Traffic" + }, + "gridData": { + "h": 15, + "i": "3cd58868-0d03-4715-9ecc-9fba3cde47c1", + "w": 24, + "x": 0, + "y": 38 + }, + "panelIndex": "3cd58868-0d03-4715-9ecc-9fba3cde47c1", + "panelRefName": "panel_10", + "title": "Network Traffic", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Buffer Pool Efficiency" + }, + "gridData": { + "h": 14, + "i": "d35d7c5e-8832-40e2-8c77-953ad320c853", + "w": 17, + "x": 31, + "y": 24 + }, + "panelIndex": "d35d7c5e-8832-40e2-8c77-953ad320c853", + "panelRefName": "panel_11", + "title": "Buffer Pool Efficiency", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Metrics MySQL] Database Overview", + "version": 1 + }, + "id": "57b3fb50-6309-11ea-a83e-25b8612d00cc", + "references": [ + { + "id": "aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "4fa69a10-630b-11ea-a83e-25b8612d00cc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "7ea77d30-630a-11ea-a83e-25b8612d00cc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "779ee920-6309-11ea-a83e-25b8612d00cc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "fc6b5a40-630d-11ea-a83e-25b8612d00cc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "493e8460-630d-11ea-a83e-25b8612d00cc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "bf60bc10-639b-11ea-a83e-25b8612d00cc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "822df290-630f-11ea-a83e-25b8612d00cc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "98c7bca0-63a2-11ea-a83e-25b8612d00cc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "96d46630-63a4-11ea-a83e-25b8612d00cc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c8661020-6310-11ea-a83e-25b8612d00cc", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "a1e00160-63a4-11ea-a83e-25b8612d00cc", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json new file mode 100644 index 00000000000..a6a52011b81 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json @@ -0,0 +1,155 @@ +{ + "attributes": { + "description": "Overview dashboard for the Logs MySQL integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "1", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "log.level", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "4", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "6", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs MySQL] Overview ECS", + "version": 1 + }, + "id": "Logs-MySQL-Dashboard-ecs", + "references": [ + { + "id": "MySQL-slowest-queries-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "MySQL-Slow-queries-over-time-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "MySQL-error-logs-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Logs-MySQL-error-log-ecs", + "name": "panel_3", + "type": "search" + }, + { + "id": "MySQL-Error-logs-levels-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "MySQL-Slow-logs-by-count-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-Slow-log-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-Slow-log-ecs.json new file mode 100644 index 00000000000..568f51b62d0 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-Slow-log-ecs.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"mysql.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "mysql." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "slowlog", + "type": "phrase" + }, + "type": "phrase", + "value": "slowlog" + }, + "query": { + "match": { + "fileset.name": { + "query": "slowlog", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Slow logs [Logs MySQL] ECS", + "version": 1 + }, + "id": "Logs-MySQL-Slow-log-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-error-log-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-error-log-ecs.json new file mode 100644 index 00000000000..39f4250627e --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/search/Filebeat-MySQL-error-log-ecs.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "columns": [ + "log.level", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"mysql.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "mysql." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "error", + "type": "phrase" + }, + "type": "phrase", + "value": "error" + }, + "query": { + "match": { + "fileset.name": { + "query": "error", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Error logs [Logs MySQL] ECS", + "version": 1 + }, + "id": "Logs-MySQL-error-log-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..9359c38cfcf --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Connections [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(198,135,31,1)", + "fill": "0.2", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Connection rate", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.connections", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "caee3e70-630c-11ea-99e6-b5eed31db613", + "type": "derivative", + "unit": "1s" + }, + { + "field": "caee3e70-630c-11ea-99e6-b5eed31db613", + "id": "d4eb4fd0-630c-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,0.89)", + "fill": "0.3", + "formatter": "number", + "id": "fe9af660-630b-11ea-99e6-b5eed31db613", + "label": "Connected", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.threads.connected", + "id": "fe9af661-630b-11ea-99e6-b5eed31db613", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "e3d46bf0-630f-11ea-99e6-b5eed31db613", + "label": "Max Used Connections", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.max_used_connections", + "id": "e3d46bf1-630f-11ea-99e6-b5eed31db613", + "type": "avg" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Connections [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "493e8460-630d-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..9d351bdb3b2 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Question rates [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "d61928d0-6309-11ea-99e6-b5eed31db613" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0.3", + "formatter": "'0.0a'", + "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99", + "label": "SELECT", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.questions", + "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "id": "82f59710-6309-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Question rates [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "4fa69a10-630b-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..a61f7d7c887 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Insert, Update, Delete rates [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "d61928d0-6309-11ea-99e6-b5eed31db613" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "0.3", + "formatter": "number", + "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99", + "label": "INSERT", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.command.insert", + "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "id": "82f59710-6309-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0.3", + "formatter": "number", + "id": "485ce050-f1f4-11e7-a752-236fe3270d99", + "label": "UPDATE", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.command.update", + "id": "485ce051-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "485ce051-f1f4-11e7-a752-236fe3270d99", + "id": "485ce052-f1f4-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "485ce052-f1f4-11e7-a752-236fe3270d99", + "id": "a4092660-6309-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0.3", + "formatter": "number", + "id": "543a4a70-f1f4-11e7-a752-236fe3270d99", + "label": "DELETE", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.command.delete", + "id": "543a4a71-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "543a4a71-f1f4-11e7-a752-236fe3270d99", + "id": "543a4a72-f1f4-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "543a4a72-f1f4-11e7-a752-236fe3270d99", + "id": "bae29b50-6309-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Insert, Update, Delete rates [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "779ee920-6309-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..6b9d7d9d797 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "SELECT rates [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "d61928d0-6309-11ea-99e6-b5eed31db613" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.3", + "formatter": "'0.0a'", + "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99", + "label": "SELECT", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.command.select", + "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99", + "id": "82f59710-6309-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "SELECT rates [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "7ea77d30-630a-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..713d169ca69 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Thread Activity [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Avg Threads Running", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.threads.running", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0", + "formatter": "number", + "id": "895f0820-630e-11ea-99e6-b5eed31db613", + "label": "Peak Threads Running", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.threads.running", + "id": "895f0821-630e-11ea-99e6-b5eed31db613", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(77,77,77,1)", + "fill": "0", + "formatter": "number", + "id": "f8752460-630e-11ea-99e6-b5eed31db613", + "label": "Peak Threads Connected", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.threads.connected", + "id": "f8752461-630e-11ea-99e6-b5eed31db613", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Thread Activity [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "822df290-630f-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..bf22063e518 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buffer Pool Utilization [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "0f20fa60-63a3-11ea-90a2-c51229c5db5f" + } + ], + "bar_color_rules": [ + { + "id": "0e1ecca0-63a3-11ea-90a2-c51229c5db5f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "07c08ce0-63a3-11ea-90a2-c51229c5db5f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "0.1", + "formatter": "percent", + "id": "256f1f40-63a3-11ea-90a2-c51229c5db5f", + "label": "Utilization", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.innodb.buffer_pool.pages.total", + "id": "256f1f41-63a3-11ea-90a2-c51229c5db5f", + "type": "max" + }, + { + "field": "mysql.status.innodb.buffer_pool.pages.free", + "id": "256f1f43-63a3-11ea-90a2-c51229c5db5f", + "type": "max" + }, + { + "id": "256f1f45-63a3-11ea-90a2-c51229c5db5f", + "script": "params.total != null \u0026\u0026 params.total \u003e 0 ? (params.total - params.free)/params.total : null", + "type": "calculation", + "variables": [ + { + "field": "256f1f41-63a3-11ea-90a2-c51229c5db5f", + "id": "256f1f42-63a3-11ea-90a2-c51229c5db5f", + "name": "total" + }, + { + "field": "256f1f43-63a3-11ea-90a2-c51229c5db5f", + "id": "256f1f44-63a3-11ea-90a2-c51229c5db5f", + "name": "free" + } + ] + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buffer Pool Utilization [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "96d46630-63a4-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..a25e29f1a2e --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buffer Pool Pages [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "'0.0a'", + "id": "37f2d600-63a0-11ea-90a2-c51229c5db5f", + "label": "Buffer Pool Pages Data", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.innodb.buffer_pool.pages.data", + "id": "37f2d601-63a0-11ea-90a2-c51229c5db5f", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0", + "formatter": "'0.0a'", + "id": "57ae9d80-63a0-11ea-90a2-c51229c5db5f", + "label": "Buffer Pool Pages Free", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.innodb.buffer_pool.pages.free", + "id": "57ae9d81-63a0-11ea-90a2-c51229c5db5f", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(102,102,102,1)", + "fill": "0", + "formatter": "'0.0a'", + "id": "c86cc470-63a0-11ea-90a2-c51229c5db5f", + "label": "Buffer Pool Pages Total", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.innodb.buffer_pool.pages.total", + "id": "c86ceb80-63a0-11ea-90a2-c51229c5db5f", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buffer Pool Pages [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "98c7bca0-63a2-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Error-logs-levels-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Error-logs-levels-ecs.json new file mode 100644 index 00000000000..49bd200d22e --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Error-logs-levels-ecs.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Error logs levels breakdown [Logs MySQL] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "ERROR": "#E24D42", + "Note": "#9AC48A", + "Warning": "#F9934E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "shareYAxis": true, + "type": "pie" + }, + "title": "Error logs levels breakdown [Logs MySQL] ECS", + "type": "pie" + } + }, + "id": "MySQL-Error-logs-levels-ecs", + "references": [ + { + "id": "Logs-MySQL-error-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json new file mode 100644 index 00000000000..8f4cb9d62f3 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json @@ -0,0 +1,56 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Slow logs breakdown [Logs MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "mysql.slowlog.query", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "shareYAxis": true, + "type": "pie" + }, + "title": "Slow logs breakdown [Logs MySQL] ECS", + "type": "pie" + } + }, + "id": "MySQL-Slow-logs-by-count-ecs", + "references": [ + { + "id": "Logs-MySQL-Slow-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json new file mode 100644 index 00000000000..e6a0bbf4b0b --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json @@ -0,0 +1,132 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Slow queries over time [Logs MySQL] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Slow queries": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Slow queries" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Slow queries" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Slow queries" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Slow queries over time [Logs MySQL] ECS", + "type": "histogram" + } + }, + "id": "MySQL-Slow-queries-over-time-ecs", + "references": [ + { + "id": "Logs-MySQL-Slow-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-error-logs-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-error-logs-ecs.json new file mode 100644 index 00000000000..9176f2bfe2c --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-error-logs-ecs.json @@ -0,0 +1,133 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Error logs over time [Logs MySQL] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#447EBC", + "Error logs": "#1F78C1" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Error logs" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Error logs" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Error logs" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Error logs over time [Logs MySQL] ECS", + "type": "histogram" + } + }, + "id": "MySQL-error-logs-ecs", + "references": [ + { + "id": "Logs-MySQL-error-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-slowest-queries-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-slowest-queries-ecs.json new file mode 100644 index 00000000000..6d3d0d8e603 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/MySQL-slowest-queries-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top slowest queries [Logs MySQL] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Query time", + "field": "event.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Query", + "field": "mysql.slowlog.query", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top slowest queries [Logs MySQL] ECS", + "type": "table" + } + }, + "id": "MySQL-slowest-queries-ecs", + "references": [ + { + "id": "Logs-MySQL-Slow-log-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..6268938231e --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,112 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Buffer Pool Efficiency [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "0f20fa60-63a3-11ea-90a2-c51229c5db5f" + } + ], + "bar_color_rules": [ + { + "id": "0e1ecca0-63a3-11ea-90a2-c51229c5db5f" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "07c08ce0-63a3-11ea-90a2-c51229c5db5f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(87,177,211,1)", + "fill": "0.1", + "formatter": "number", + "hidden": false, + "id": "a397d570-63a2-11ea-90a2-c51229c5db5f", + "label": "Effeciency (lower is better)", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.innodb.buffer_pool.pool.reads", + "id": "a397d571-63a2-11ea-90a2-c51229c5db5f", + "type": "max" + }, + { + "field": "mysql.status.innodb.buffer_pool.read.requests", + "id": "ad177970-63a2-11ea-90a2-c51229c5db5f", + "type": "max" + }, + { + "id": "af58ddf0-63a2-11ea-90a2-c51229c5db5f", + "script": "params.pool_read_requests != null \u0026\u0026 params.pool_read_requests \u003e 0 ? (params.pool_reads/params.pool_read_requests) * 100: null", + "type": "calculation", + "variables": [ + { + "field": "a397d571-63a2-11ea-90a2-c51229c5db5f", + "id": "b1b6cb20-63a2-11ea-90a2-c51229c5db5f", + "name": "pool_reads" + }, + { + "field": "ad177970-63a2-11ea-90a2-c51229c5db5f", + "id": "c3fe5be0-63a2-11ea-90a2-c51229c5db5f", + "name": "pool_read_requests" + } + ] + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Buffer Pool Efficiency [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "a1e00160-63a4-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json new file mode 100644 index 00000000000..4fe817f5a44 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json @@ -0,0 +1,112 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Open tables, files, streams [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0.3", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Open Tables", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.open.tables", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": "0.3", + "formatter": "number", + "id": "615a2400-6312-11ea-99e6-b5eed31db613", + "label": "Open Files", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.open.files", + "id": "615a2401-6312-11ea-99e6-b5eed31db613", + "type": "avg" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "0.3", + "formatter": "number", + "id": "15d7bcd0-6313-11ea-99e6-b5eed31db613", + "label": "Open Streams", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.open.streams", + "id": "15d7bcd1-6313-11ea-99e6-b5eed31db613", + "type": "avg" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Open tables, files, streams [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..af4afbf86e0 --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Aborted Connections Rate [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "d61928d0-6309-11ea-99e6-b5eed31db613" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": "0.3", + "formatter": "'0.0a'", + "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99", + "label": "Aborted Connections", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.aborted.clients", + "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99", + "id": "6d053540-639b-11ea-83d6-4f7a6fe5aed4", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6d053540-639b-11ea-83d6-4f7a6fe5aed4", + "id": "7548afc0-639b-11ea-83d6-4f7a6fe5aed4", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "d6572ee0-639b-11ea-83d6-4f7a6fe5aed4", + "label": "Failed Attempts to Connect ", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.aborted.connects", + "id": "d6572ee1-639b-11ea-83d6-4f7a6fe5aed4", + "type": "max" + }, + { + "field": "d6572ee1-639b-11ea-83d6-4f7a6fe5aed4", + "id": "e4a63540-639b-11ea-83d6-4f7a6fe5aed4", + "type": "derivative", + "unit": "1s" + }, + { + "id": "ec492a00-639b-11ea-83d6-4f7a6fe5aed4", + "type": "positive_only" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Aborted Connections Rate [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "bf60bc10-639b-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..6201a4cedcd --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,125 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Traffic [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "2b1c2390-f1f7-11e7-a752-236fe3270d99", + "label": "Received bytes", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.bytes.received", + "id": "2b1c2391-f1f7-11e7-a752-236fe3270d99", + "type": "max" + }, + { + "field": "2b1c2391-f1f7-11e7-a752-236fe3270d99", + "id": "2b1c2392-f1f7-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "2b1c2392-f1f7-11e7-a752-236fe3270d99", + "id": "788d3c90-6310-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + }, + { + "id": "88f8e160-6310-11ea-99e6-b5eed31db613", + "script": "params.received != null \u0026\u0026 params.received \u003e 0 ? params.received * -1 : null", + "type": "calculation", + "variables": [ + { + "field": "788d3c90-6310-11ea-99e6-b5eed31db613", + "id": "8beb4660-6310-11ea-99e6-b5eed31db613", + "name": "received" + } + ] + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Sent bytes", + "line_width": 1, + "metrics": [ + { + "field": "mysql.status.bytes.sent", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "23cfda50-f1f7-11e7-a752-236fe3270d99", + "type": "derivative", + "unit": "1s" + }, + { + "field": "23cfda50-f1f7-11e7-a752-236fe3270d99", + "id": "ad26a900-6310-11ea-99e6-b5eed31db613", + "type": "positive_only", + "unit": "" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Network Traffic [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "c8661020-6310-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json b/dev/packages/beats/mysql/0.0.1/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json new file mode 100644 index 00000000000..ff887850f5b --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Connected Threads [Metrics MySQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d5fcf170-630d-11ea-99e6-b5eed31db613" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "f1321f60-630d-11ea-99e6-b5eed31db613" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,0.89)", + "fill": "0.3", + "formatter": "number", + "id": "fe9af660-630b-11ea-99e6-b5eed31db613", + "label": "Connections", + "line_width": "2", + "metrics": [ + { + "field": "mysql.status.threads.connected", + "id": "fe9af661-630b-11ea-99e6-b5eed31db613", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Connected Threads [Metrics MySQL] ECS", + "type": "metrics" + } + }, + "id": "fc6b5a40-630d-11ea-a83e-25b8612d00cc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/mysql/0.0.1/manifest.yml b/dev/packages/beats/mysql/0.0.1/manifest.yml new file mode 100644 index 00000000000..6aab85a694f --- /dev/null +++ b/dev/packages/beats/mysql/0.0.1/manifest.yml @@ -0,0 +1,72 @@ +format_version: 1.0.0 +name: mysql +title: MySQL +version: 0.0.1 +license: basic +description: MySQL Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.1 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-mysql.png + title: kibana mysql + size: 1227x1026 + type: image/png +- src: /img/metricbeat-mysql.png + title: metricbeat mysql + size: 2562x2540 + type: image/png +icons: +- src: /img/logo_mysql.svg + title: logo mysql + size: 32x32 + type: image/svg+xml +datasources: +- name: mysql + title: MySQL logs and metrics + description: Collect logs and metrics from MySQL instances + inputs: + - type: logs + title: Collect logs from MySQL instances + description: Collecting MySQL error and slowlog logs + - type: mysql/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - root:secret@tcp(127.0.0.1:3306)/ + - name: password + type: password + title: Password + multi: false + required: true + show_user: true + default: secret + - name: raw + type: bool + title: Raw + multi: false + required: true + show_user: true + default: false + - name: username + type: text + title: Username + multi: false + required: true + show_user: true + default: root + title: Collect metrics from MySQL instances + description: Collecting MySQL galera_status and status metrics diff --git a/dev/packages/beats/nats/0.0.1/dataset/connections/agent/stream/stream.yml.hbs b/dev/packages/beats/nats/0.0.1/dataset/connections/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..4f43bfa1122 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/connections/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["connections"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/nats/0.0.1/dataset/connections/fields/fields.yml b/dev/packages/beats/nats/0.0.1/dataset/connections/fields/fields.yml new file mode 100644 index 00000000000..bb9fe4ff63c --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/connections/fields/fields.yml @@ -0,0 +1,8 @@ +- name: nats.connections + type: group + release: ga + fields: + - name: total + type: integer + description: | + The number of currently active clients diff --git a/dev/packages/beats/nats/0.0.1/dataset/connections/fields/package-fields.yml b/dev/packages/beats/nats/0.0.1/dataset/connections/fields/package-fields.yml new file mode 100644 index 00000000000..6daddca87b7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/connections/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: nats + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: server.time + type: date + description: | + Server time of metric creation diff --git a/dev/packages/beats/nats/0.0.1/dataset/connections/manifest.yml b/dev/packages/beats/nats/0.0.1/dataset/connections/manifest.yml new file mode 100644 index 00000000000..4fa81ee6cb2 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/connections/manifest.yml @@ -0,0 +1,15 @@ +title: Nats connections metrics +release: experimental +type: metrics +streams: +- input: nats/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Nats connections metrics + description: Collect Nats connections metrics diff --git a/dev/packages/beats/nats/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/nats/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/nats/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..7f8cfdb986b --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,182 @@ +--- +description: Pipeline for parsing nats log logs +processors: +- grok: + field: message + patterns: + - \[%{POSINT:process.pid}\]( %{NATSTIME:nats.log.timestamp})? \[%{NATSLOGLEVEL:log.level}\] + %{GREEDYDATA:nats.log.info} + pattern_definitions: + NATSTIME: '%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}' + NATSLOGLEVEL: (INF|DBG|WRN|ERR|FTL|TRC) + ignore_missing: true +- grok: + field: nats.log.info + patterns: + - '%{IPV4:client.ip}:%{POSINT:client.port} - cid:%{POSINT:nats.log.client.id} + - %{GREEDYDATA:nats.log.msg.info}' + - '%{GREEDYDATA:nats.log.msg.data}' + ignore_missing: true +- grok: + field: nats.log.msg.info + patterns: + - '%{NATSDIRECTION:network.direction} %{NATSPAYLOAD:nats.log.msg.type}: \[%{GREEDYDATA:nats.log.msg.payload}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSNOINFO:nats.log.msg.type}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSUNSUB:nats.log.msg.type}\s+%{POSINT:nats.log.msg.sid}(\s+%{POSINT:nats.log.msg.max_messages})?\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSPUB:nats.log.msg.type}\s+%{NOTSPACE:nats.log.msg.subject}(\s+%{NOTSPACE:nats.log.msg.reply_to})?\s+%{POSINT:nats.log.msg.bytes}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSSUB:nats.log.msg.type}\s+%{NOTSPACE:nats.log.msg.subject}(\s+%{NOTSPACE:nats.log.msg.queue_group})?\s+%{POSINT:nats.log.msg.sid}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSMSG:nats.log.msg.type}\s+%{NOTSPACE:nats.log.msg.subject}\s+%{POSINT:nats.log.msg.sid}(\s+%{NOTSPACE:nats.log.msg.reply_to})?\s+%{POSINT:nats.log.msg.bytes}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSCONNECTION:nats.log.msg.type}\s+%{GREEDYDATA:nats.log.msg.data}\]' + - '%{NATSDIRECTION:network.direction} \[%{NATSERROR:nats.log.msg.type}\s+%{GREEDYDATA:nats.log.msg.error\]' + - '%{GREEDYDATA:nats.log.msg.data}' + pattern_definitions: + NATSDIRECTION: (<<-|->>) + NATSMSG: MSG + NATSPUB: PUB + NATSSUB: SUB + NATSUNSUB: UNSUB + NATSPAYLOAD: MSG_PAYLOAD + NATSERROR: -ERROR + NATSPING: PING + NATSPONG: PONG + NATSOK: OK + NATSCONNECT: CONNECT + NATSINFO: INFO + NATSCONNECTION: (?:%{NATSCONNECT}|%{NATSINFO}) + NATSNOINFO: (?:%{NATSPING}|%{NATSPONG}|%{NATSOK}) + ignore_missing: true +- remove: + field: nats.log.info +- remove: + field: nats.log.msg.info + ignore_missing: true +- remove: + field: nats.log.msg.payload + ignore_missing: true +- remove: + field: message +- rename: + field: nats.log.msg.data + target_field: message + ignore_missing: true +- script: + lang: painless + source: |- + if (ctx.log.level == params.inf) { + ctx.log.level = params.info; + } else if (ctx.log.level == params.dbg) { + ctx.log.level = params.debug; + } else if (ctx.log.level == params.wrn) { + ctx.log.level = params.warning; + } else if (ctx.log.level == params.err) { + ctx.log.level = params.error; + } else if (ctx.log.level == params.ftl) { + ctx.log.level = params.fatal; + } else if (ctx.log.level == params.trc) { + ctx.log.level = params.trace; + } + params: + inf: INF + info: info + dbg: DBG + debug: debug + wrn: WRN + warning: warning + err: ERR + error: error + ftl: FTL + fatal: fatal + trc: TRC + trace: trace +- script: + lang: painless + source: |- + if (ctx.nats.log.msg.type == params.msg) { + ctx.nats.log.msg.type = params.message; + } else if (ctx.nats.log.msg.type == params.pub) { + ctx.nats.log.msg.type = params.publish; + } else if (ctx.nats.log.msg.type == params.sub) { + ctx.nats.log.msg.type = params.subscribe; + } else if (ctx.nats.log.msg.type == params.unsub) { + ctx.nats.log.msg.type = params.unsubscribe; + } else if (ctx.nats.log.msg.type == params.msg_payload) { + ctx.nats.log.msg.type = params.payload; + } else if (ctx.nats.log.msg.type == params.err) { + ctx.nats.log.msg.type = params.error; + } else if (ctx.nats.log.msg.type == params.pi) { + ctx.nats.log.msg.type = params.ping; + } else if (ctx.nats.log.msg.type == params.po) { + ctx.nats.log.msg.type = params.pong; + } else if (ctx.nats.log.msg.type == params.ok) { + ctx.nats.log.msg.type = params.acknowledge; + } else if (ctx.nats.log.msg.type == params.connect) { + ctx.nats.log.msg.type = params.connection; + } else if (ctx.nats.log.msg.type == params.info) { + ctx.nats.log.msg.type = params.information; + } + params: + msg: MSG + message: message + pub: PUB + publish: publish + sub: SUB + subscribe: subscribe + unsub: UNSUB + unsubscribe: unsubscribe + msg_payload: MSG_PAYLOAD + payload: payload + err: -ERROR + error: error + pi: PING + ping: ping + po: PONG + pong: pong + ok: OK + acknowledge: acknowledge + connect: CONNECT + connection: connection + info: INFO + information: information + if: ctx.nats.log.msg?.type != null +- script: + lang: painless + source: |- + if (ctx.network.direction == params.in) { + ctx.network.direction = params.inbound; + } else if (ctx.network.direction == params.out) { + ctx.network.direction = params.outbound; + } + params: + in: <<- + inbound: inbound + out: ->> + outbound: outbound + if: ctx.network?.direction != null +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: nats.log.timestamp + target_field: '@timestamp' + formats: + - yyyy/MM/dd HH:mm:ss.SSSSSS +- remove: + field: nats.log.timestamp +- set: + field: event.kind + value: event +- append: + field: event.type + value: info +- append: + field: event.type + value: error + if: "ctx?.log?.level != null && (ctx.log.level == 'error' || ctx.log.level == 'fatal')" +- append: + field: related.ip + value: "{{client.ip}}" + if: "ctx?.client?.ip != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/nats/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/nats/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..8720b0f03e2 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,47 @@ +- name: nats.log + type: group + release: beta + fields: + - name: client + type: group + fields: + - name: id + type: integer + description: | + The id of the client + - name: msg + type: group + fields: + - name: bytes + type: long + format: bytes + description: | + Size of the payload in bytes + - name: type + type: keyword + description: | + The protocol message type + - name: subject + type: keyword + description: | + Subject name this message was received on + - name: sid + type: integer + description: | + The unique alphanumeric subscription ID of the subject + - name: reply_to + type: keyword + description: | + The inbox subject on which the publisher is listening for responses + - name: max_messages + type: integer + description: | + An optional number of messages to wait for before automatically unsubscribing + - name: error.message + type: text + description: | + Details about the error occurred + - name: queue_group + type: text + description: | + The queue group which subscriber will join diff --git a/dev/packages/beats/nats/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/nats/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..b96315e857d --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: nats + type: group diff --git a/dev/packages/beats/nats/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/nats/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..913b2b32917 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,17 @@ +title: nats log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/nats/nats.log* + template_path: log.yml.hbs + title: nats log logs (log) + description: Collect nats log logs using log input diff --git a/dev/packages/beats/nats/0.0.1/dataset/routes/agent/stream/stream.yml.hbs b/dev/packages/beats/nats/0.0.1/dataset/routes/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..58ceec6485d --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/routes/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["routes"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/nats/0.0.1/dataset/routes/fields/fields.yml b/dev/packages/beats/nats/0.0.1/dataset/routes/fields/fields.yml new file mode 100644 index 00000000000..c4dc53b571b --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/routes/fields/fields.yml @@ -0,0 +1,8 @@ +- name: nats.routes + type: group + release: ga + fields: + - name: total + type: integer + description: | + The number of registered routes diff --git a/dev/packages/beats/nats/0.0.1/dataset/routes/fields/package-fields.yml b/dev/packages/beats/nats/0.0.1/dataset/routes/fields/package-fields.yml new file mode 100644 index 00000000000..6daddca87b7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/routes/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: nats + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: server.time + type: date + description: | + Server time of metric creation diff --git a/dev/packages/beats/nats/0.0.1/dataset/routes/manifest.yml b/dev/packages/beats/nats/0.0.1/dataset/routes/manifest.yml new file mode 100644 index 00000000000..75ac5b87cda --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/routes/manifest.yml @@ -0,0 +1,15 @@ +title: Nats routes metrics +release: experimental +type: metrics +streams: +- input: nats/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Nats routes metrics + description: Collect Nats routes metrics diff --git a/dev/packages/beats/nats/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/nats/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/nats/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/nats/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..c64fdd0ea8e --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,88 @@ +- name: nats.stats + type: group + release: ga + fields: + - name: uptime + type: long + format: duration + description: | + The period the server is up (sec) + - name: mem.bytes + type: long + format: bytes + description: | + The current memory usage of NATS process + - name: cores + type: integer + description: | + The number of logical cores the NATS process runs on + - name: cpu + type: scaled_float + format: percent + description: | + The current cpu usage of NATs process + - name: total_connections + type: long + description: | + The number of totally created clients + - name: remotes + type: integer + description: | + The number of registered remotes + - name: in + type: group + fields: + - name: messages + type: long + description: | + The amount of incoming messages + - name: bytes + type: long + format: bytes + description: | + The amount of incoming bytes + - name: out + type: group + fields: + - name: messages + type: long + description: | + The amount of outgoing messages + - name: bytes + type: long + format: bytes + description: | + The amount of outgoing bytes + - name: slow_consumers + type: long + description: | + The number of slow consumers currently on NATS + - name: http + type: group + fields: + - name: req_stats + type: group + fields: + - name: uri + type: group + fields: + - name: routez + type: long + description: | + The number of hits on routez monitoring uri + - name: connz + type: long + description: | + The number of hits on connz monitoring uri + - name: varz + type: long + description: | + The number of hits on varz monitoring uri + - name: subsz + type: long + description: | + The number of hits on subsz monitoring uri + - name: root + type: long + description: | + The number of hits on root monitoring uri diff --git a/dev/packages/beats/nats/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/nats/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..6daddca87b7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: nats + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: server.time + type: date + description: | + Server time of metric creation diff --git a/dev/packages/beats/nats/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/nats/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..1e286b34322 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: Nats stats metrics +release: experimental +type: metrics +streams: +- input: nats/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Nats stats metrics + description: Collect Nats stats metrics diff --git a/dev/packages/beats/nats/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..521aa4357fc --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["subscriptions"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/fields.yml b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/fields.yml new file mode 100644 index 00000000000..0cb383c09e5 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/fields.yml @@ -0,0 +1,37 @@ +- name: nats.subscriptions + type: group + release: ga + fields: + - name: total + type: integer + description: | + The number of active subscriptions + - name: inserts + type: long + description: | + The number of insert operations in subscriptions list + - name: removes + type: long + description: | + The number of remove operations in subscriptions list + - name: matches + type: long + description: | + The number of times a match is found for a subscription + - name: cache.size + type: integer + description: | + The number of result sets in the cache + - name: cache.hit_rate + type: scaled_float + format: percent + description: | + The rate matches are being retrieved from cache + - name: cache.fanout.max + type: integer + description: | + The maximum fanout served by cache + - name: cache.fanout.avg + type: double + description: | + The average fanout served by cache diff --git a/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/package-fields.yml b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/package-fields.yml new file mode 100644 index 00000000000..6daddca87b7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: nats + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: server.time + type: date + description: | + Server time of metric creation diff --git a/dev/packages/beats/nats/0.0.1/dataset/subscriptions/manifest.yml b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/manifest.yml new file mode 100644 index 00000000000..2467ccb8511 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/dataset/subscriptions/manifest.yml @@ -0,0 +1,15 @@ +title: Nats subscriptions metrics +release: experimental +type: metrics +streams: +- input: nats/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Nats subscriptions metrics + description: Collect Nats subscriptions metrics diff --git a/dev/packages/beats/nats/0.0.1/docs/README.md b/dev/packages/beats/nats/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/img/filebeat_nats_dashboard.png b/dev/packages/beats/nats/0.0.1/img/filebeat_nats_dashboard.png new file mode 100644 index 00000000000..62663036d28 Binary files /dev/null and b/dev/packages/beats/nats/0.0.1/img/filebeat_nats_dashboard.png differ diff --git a/dev/packages/beats/nats/0.0.1/img/metricbeat_nats_dashboard.png b/dev/packages/beats/nats/0.0.1/img/metricbeat_nats_dashboard.png new file mode 100644 index 00000000000..04f71345ef4 Binary files /dev/null and b/dev/packages/beats/nats/0.0.1/img/metricbeat_nats_dashboard.png differ diff --git a/dev/packages/beats/nats/0.0.1/img/nats.svg b/dev/packages/beats/nats/0.0.1/img/nats.svg new file mode 100644 index 00000000000..5a1d6e9a52f --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/img/nats.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/dashboard/Filebeat-nats-overview-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/dashboard/Filebeat-nats-overview-ecs.json new file mode 100644 index 00000000000..7faa79f27b7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/dashboard/Filebeat-nats-overview-ecs.json @@ -0,0 +1,207 @@ +{ + "attributes": { + "description": "Overview of NATS server statistics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "1", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "2", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 25, + "x": 0, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "4", + "w": 12, + "x": 11, + "y": 11 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "5", + "w": 11, + "x": 0, + "y": 11 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "6", + "w": 11, + "x": 37, + "y": 11 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 11, + "i": "7", + "w": 14, + "x": 17, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "8", + "w": 14, + "x": 23, + "y": 11 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 22, + "x": 25, + "y": 20 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs NATS] Overview ECS", + "version": 1 + }, + "id": "Logs-nats-overview-ecs", + "references": [ + { + "id": "6987a800-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "7716c780-41ad-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "04083600-41af-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/dashboard/Metricbeat-Nats-Dashboard-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/dashboard/Metricbeat-Nats-Dashboard-ecs.json new file mode 100644 index 00000000000..5c411a88909 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/dashboard/Metricbeat-Nats-Dashboard-ecs.json @@ -0,0 +1,251 @@ +{ + "attributes": { + "description": "Overview of NATS server status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "6", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "6", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "7", + "w": 13, + "x": 24, + "y": 34 + }, + "panelIndex": "7", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "8", + "w": 11, + "x": 37, + "y": 34 + }, + "panelIndex": "8", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "9", + "w": 8, + "x": 24, + "y": 41 + }, + "panelIndex": "9", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "11", + "w": 24, + "x": 0, + "y": 34 + }, + "panelIndex": "11", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "12", + "w": 18, + "x": 15, + "y": 0 + }, + "panelIndex": "12", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "13", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "13", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 10 + }, + "panelIndex": "14", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 22 + }, + "panelIndex": "15", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "16", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 0, + "y": 22 + }, + "panelIndex": "17", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "18", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "18", + "panelRefName": "panel_11", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics NATS] Overview ECS", + "version": 1 + }, + "id": "Metrics-Nats-Dashboard-ecs", + "references": [ + { + "id": "b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/04083600-41af-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/04083600-41af-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..bf281195058 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/04083600-41af-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,125 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "service.type: nats" + } + } + }, + "title": "Log Level Timeline [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "size": 10 + }, + "schema": "group", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Log Level Timeline [Logs NATS] ECS", + "type": "area" + } + }, + "id": "04083600-41af-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..41a0e1037e0 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "service.type: nats" + } + } + }, + "title": "Communication Directions [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.direction", + "size": 2 + }, + "schema": "group", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Communication Directions [Logs NATS] ECS", + "type": "line" + } + }, + "id": "0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs.json new file mode 100644 index 00000000000..a6a5cf37b1d --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "CPU Utilization Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "CPU Avg", + "field": "nats.stats.cpu" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "CPU Avg" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "CPU Avg (%)" + }, + "type": "value" + } + ] + }, + "title": "CPU Utilization Timeline [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..ef18466ad95 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,193 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Remotes-Subsz-Connz-Routez Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Connections", + "field": "nats.connections.total" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Routes", + "field": "nats.routes.total" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Remotes", + "field": "nats.stats.remotes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Subscriptions", + "field": "nats.subscriptions.total" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Connections" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Routes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "4", + "label": "Remotes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "5", + "label": "Subscriptions" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Connections" + }, + "type": "value" + } + ] + }, + "title": "Remotes-Subsz-Connz-Routez Timeline [Metrics NATS] ECS", + "type": "area" + } + }, + "id": "199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..df0f15a24e7 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Server Uptime [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Server Uptime", + "field": "nats.stats.uptime" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 42, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Server Uptime [Metrics NATS] ECS", + "type": "metric" + } + }, + "id": "206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..c89991f3803 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Current Memory Usage [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Memory (Bytes)", + "field": "nats.stats.mem.bytes" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 42, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Current Memory Usage [Metrics NATS] ECS", + "type": "metric" + } + }, + "id": "30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..565da8d39a1 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "service.type: nats" + } + } + }, + "title": "Log Level Distribution [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "size": 10 + }, + "schema": "segment", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Log Level Distribution [Logs NATS] ECS", + "type": "pie" + } + }, + "id": "3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..a79bb122a9b --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Topics Timeline [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nats.log.msg.subject", + "size": 5 + }, + "schema": "group", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Topics Timeline [Logs NATS] ECS", + "type": "line" + } + }, + "id": "4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..8c25fcdc890 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total Connections [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Connections", + "field": "nats.stats.total_connections" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 42, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total Connections [Metrics NATS] ECS", + "type": "metric" + } + }, + "id": "4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/6987a800-41a8-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/6987a800-41a8-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..ef8e4c7eea8 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/6987a800-41a8-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,127 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Message Types Timeline [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nats.log.msg.type", + "size": 15 + }, + "schema": "group", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Message Types Timeline [Logs NATS] ECS", + "type": "line" + } + }, + "id": "6987a800-41a8-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..10cbb5de989 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,211 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Subscription Stats Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cache Fanout Avg", + "field": "nats.subscriptions.cache.fanout.avg" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cache Fanout Max", + "field": "nats.subscriptions.cache.fanout.max" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Inserts", + "field": "nats.subscriptions.inserts" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Removes", + "field": "nats.subscriptions.removes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Matches", + "field": "nats.subscriptions.matches" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Cache Fanout Avg" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Cache Fanout Max" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "5", + "label": "Inserts" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "6", + "label": "Removes" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "7", + "label": "Matches" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Cache Fanout Avg" + }, + "type": "value" + } + ] + }, + "title": "Subscription Stats Timeline [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/7716c780-41ad-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/7716c780-41ad-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..7be8b53939f --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/7716c780-41ad-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "service.type: nats" + } + } + }, + "title": "Communication Directions Distribution [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "size": 2 + }, + "schema": "segment", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Communication Directions Distribution [Logs NATS] ECS", + "type": "pie" + } + }, + "id": "7716c780-41ad-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..05fc0851ae3 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Message Type Distribution [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nats.log.msg.type", + "size": 15 + }, + "schema": "segment", + "type": "significant_terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Message Type Distribution [Logs NATS] ECS", + "type": "pie" + } + }, + "id": "7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs.json new file mode 100644 index 00000000000..714029392de --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Memory Utilization Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Memory Avg", + "field": "nats.stats.mem.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Memory Avg" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Memory Avg (Bytes)" + }, + "type": "value" + } + ] + }, + "title": "Memory Utilization Timeline [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs.json new file mode 100644 index 00000000000..932d7d23c0f --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Slow Consumers Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Slow Consumers", + "field": "nats.stats.slow_consumers" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Slow Consumers" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Slow Consumers" + }, + "type": "value" + } + ] + }, + "title": "Slow Consumers Timeline [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs.json new file mode 100644 index 00000000000..303f5806861 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs.json @@ -0,0 +1,134 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Subscriptions Info [Metrics NATS] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cache Fanout Avg", + "field": "nats.subscriptions.cache.fanout.avg" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cache Fanout Max", + "field": "nats.subscriptions.cache.fanout.max" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cache Hit Rate", + "field": "nats.subscriptions.cache.hit_rate" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Cache Size", + "field": "nats.subscriptions.cache.size" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Inserts", + "field": "nats.subscriptions.inserts" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Matches", + "field": "nats.subscriptions.matches" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Removes", + "field": "nats.subscriptions.removes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Total", + "field": "nats.subscriptions.total" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "perPage": 1, + "showMeticsAtAllLevels": false, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Subscriptions Info [Metrics NATS] ECS", + "type": "table" + } + }, + "id": "b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs.json new file mode 100644 index 00000000000..d22054f19f9 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "IO Bytes Stats [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "In Bytes", + "field": "nats.stats.in.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Out Bytes", + "field": "nats.stats.out.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "In Bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Out Bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "IO Bytes" + }, + "type": "value" + } + ] + }, + "title": "IO Bytes Stats [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs.json new file mode 100644 index 00000000000..01b67763f24 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": " Bytes Timeline [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sum of Message Bytes", + "field": "nats.log.msg.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of Message Bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Sum of Message Bytes" + }, + "type": "value" + } + ] + }, + "title": " Bytes Timeline [Logs NATS] ECS", + "type": "line" + } + }, + "id": "c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs.json new file mode 100644 index 00000000000..88138c575f5 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs.json @@ -0,0 +1,144 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "service.type: nats" + } + } + }, + "title": "Client IP Count Timeline [Logs NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "ipRangeType": "fromTo", + "ranges": { + "fromTo": [ + { + "from": "0.0.0.0", + "to": "127.255.255.255" + }, + { + "from": "128.0.0.0", + "to": "191.255.255.255" + } + ], + "mask": [ + { + "mask": "0.0.0.0/1" + }, + { + "mask": "128.0.0.0/2" + } + ] + } + }, + "schema": "group", + "type": "ip_range" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Client IP Count Timeline [Logs NATS] ECS", + "type": "line" + } + }, + "id": "c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs.json new file mode 100644 index 00000000000..4a4e1091cee --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "IO Messages Stats [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "In Messages", + "field": "nats.stats.in.messages" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Out Messages", + "field": "nats.stats.out.messages" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "In Messages" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Out Messages" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "IO Messages" + }, + "type": "value" + } + ] + }, + "title": "IO Messages Stats [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/kibana/visualization/dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs.json b/dev/packages/beats/nats/0.0.1/kibana/visualization/dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs.json new file mode 100644 index 00000000000..28a6bb2db16 --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/kibana/visualization/dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cache Hit Rate Timeline [Metrics NATS] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cache Hit Rate", + "field": "nats.subscriptions.cache.hit_rate" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Cache Hit Rate" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Cache Hit Rate (%)" + }, + "type": "value" + } + ] + }, + "title": "Cache Hit Rate Timeline [Metrics NATS] ECS", + "type": "line" + } + }, + "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nats/0.0.1/manifest.yml b/dev/packages/beats/nats/0.0.1/manifest.yml new file mode 100644 index 00000000000..b2886db499c --- /dev/null +++ b/dev/packages/beats/nats/0.0.1/manifest.yml @@ -0,0 +1,51 @@ +format_version: 1.0.0 +name: nats +title: Nats +version: 0.0.1 +license: basic +description: Nats Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat_nats_dashboard.png + title: filebeat nats dashboard + size: 1919x951 + type: image/png +- src: /img/metricbeat_nats_dashboard.png + title: metricbeat nats dashboard + size: 1853x877 + type: image/png +icons: +- src: /img/nats.svg + title: nats + size: 32x32 + type: image/svg+xml +datasources: +- name: nats + title: Nats logs and metrics + description: Collect logs and metrics from Nats instances + inputs: + - type: logs + title: Collect logs from Nats instances + description: Collecting Nats log logs + - type: nats/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8222 + title: Collect metrics from Nats instances + description: Collecting Nats connections, routes, stats and subscriptions metrics diff --git a/dev/packages/beats/netflow/0.0.1/dataset/log/agent/stream/netflow.yml.hbs b/dev/packages/beats/netflow/0.0.1/dataset/log/agent/stream/netflow.yml.hbs new file mode 100644 index 00000000000..eac7d12b68c --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/dataset/log/agent/stream/netflow.yml.hbs @@ -0,0 +1,20 @@ +protocols: [v1, v5, v6, v7, v8, v9, ipfix] +host: '{{netflow_host}}:{{netflow_port}}' +max_message_size: '{{max_message_size}}' +expiration_timeout: '{{expiration_timeout}}' +queue_size: {{queue_size}} +{{#if timeout}} +timeout: '{{timeout}}' +{{/if}} +{{#if read_buffer}} +read_buffer: '{{read_buffer}}' +{{/if}} +{{#if custom_definitions}} +custom_definitions: +{{#each custom_definitions}} +- '{{this}}' +{{/each}} +{{/if}} +{{#if detect_sequence_reset}} +detect_sequence_reset: {{detect_sequence_reset}} +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/netflow/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..934e33ad564 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,54 @@ +--- +description: Pipeline for Filebeat NetFlow + +processors: + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/netflow/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/netflow/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1 @@ +[] diff --git a/dev/packages/beats/netflow/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/netflow/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..7e3abae1780 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,8 @@ +title: NetFlow log logs +release: experimental +type: logs +streams: +- input: netflow + template_path: netflow.yml.hbs + title: NetFlow log logs (netflow) + description: Collect NetFlow log logs using netflow input diff --git a/dev/packages/beats/netflow/0.0.1/docs/README.md b/dev/packages/beats/netflow/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c.json new file mode 100644 index 00000000000..984831759e3 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c.json @@ -0,0 +1,294 @@ +{ + "attributes": { + "description": "Netflow Top N flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 24, + "x": 24, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "5", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "6", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "7", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "gridData": { + "h": 20, + "i": "8", + "w": 24, + "x": 0, + "y": 64 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "9", + "w": 24, + "x": 24, + "y": 64 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Top-N", + "version": 1 + }, + "id": "14387a13-53bc-43a4-b9cd-63977aa8d87c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "15295ea6-ba84-47db-8ced-9312abbf495c", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5303e99b-389c-47b7-ae7a-945c5a92ba49", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "e9ad835b-b2f2-42d3-a3e7-555a593deacf", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "31b5f6fd-eb9d-4e97-90fd-367062ef217f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2b3d4e86-2254-4033-8fe3-ce4753fafd03", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "036aef95-ec90-468d-ad7c-3cc4405e9e81", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "5292a65b-c532-422a-9008-1251a8073a3a", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cccff92f-cb71-49a9-9caf-84867751d31e", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2.json new file mode 100644 index 00000000000..75f59674cd1 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2.json @@ -0,0 +1,294 @@ +{ + "attributes": { + "description": "Overview of Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "12", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "12", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "13", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "13", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "14", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "14", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "15", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "17", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "17", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "21", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "22", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "23", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "24", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "25", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "25", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "26", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "26", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "27", + "w": 16, + "x": 16, + "y": 28 + }, + "panelIndex": "27", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "29", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "29", + "panelRefName": "panel_12", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Overview", + "version": 1 + }, + "id": "34e26884-161a-4448-9556-43b5bf2f62a2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "67fdca65-a9df-47f0-a8a4-1e8b056325de", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1558508d-591c-49be-bef4-85fdac18a960", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "b02c2713-17f0-41dd-88a3-ce33b446f19d", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "5ccac452-e90a-4dde-ae9b-1be36ce3f761", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "31708a70-4957-4a8a-8065-5c88a344ad02", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "b677cd82-b33e-49b3-8b6e-0e110177b163", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "3dec20c0-0d4f-43ef-8864-3779e1a1b33f", + "name": "panel_12", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/38012abe-c611-4124-8497-381fcd85acc8.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/38012abe-c611-4124-8497-381fcd85acc8.json new file mode 100644 index 00000000000..1a35c8aa9cb --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/38012abe-c611-4124-8497-381fcd85acc8.json @@ -0,0 +1,862 @@ +{ + "attributes": { + "description": "Netflow traffic analysis", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 24, + "x": 24, + "y": 84 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 108 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 0, + "y": 108 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "7", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "9", + "w": 24, + "x": 0, + "y": 84 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "10", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "11", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "11", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "12", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "12", + "panelRefName": "panel_8", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "13", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "panelRefName": "panel_9", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "14", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "14", + "panelRefName": "panel_10", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "15", + "panelRefName": "panel_11", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "16", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "16", + "panelRefName": "panel_12", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 24, + "y": 4 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 24, + "y": 28 + }, + "panelIndex": "18", + "panelRefName": "panel_14", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 52 + }, + "panelIndex": "19", + "panelRefName": "panel_15", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "20", + "w": 16, + "x": 24, + "y": 52 + }, + "panelIndex": "20", + "panelRefName": "panel_16", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 0, + "y": 76 + }, + "panelIndex": "21", + "panelRefName": "panel_17", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 24, + "y": 76 + }, + "panelIndex": "22", + "panelRefName": "panel_18", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 100 + }, + "panelIndex": "23", + "panelRefName": "panel_19", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 24, + "y": 100 + }, + "panelIndex": "24", + "panelRefName": "panel_20", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "25", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "25", + "panelRefName": "panel_21", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "26", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "26", + "panelRefName": "panel_22", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "27", + "w": 8, + "x": 16, + "y": 4 + }, + "panelIndex": "27", + "panelRefName": "panel_23", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "28", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "28", + "panelRefName": "panel_24", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "29", + "w": 8, + "x": 40, + "y": 28 + }, + "panelIndex": "29", + "panelRefName": "panel_25", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "30", + "w": 8, + "x": 16, + "y": 28 + }, + "panelIndex": "30", + "panelRefName": "panel_26", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "31", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "31", + "panelRefName": "panel_27", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "34", + "w": 24, + "x": 24, + "y": 116 + }, + "panelIndex": "34", + "panelRefName": "panel_28", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "35", + "w": 24, + "x": 0, + "y": 116 + }, + "panelIndex": "35", + "panelRefName": "panel_29", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "38", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "38", + "panelRefName": "panel_30", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "42", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "42", + "panelRefName": "panel_31", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "44", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "44", + "panelRefName": "panel_32", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "45", + "w": 24, + "x": 0, + "y": 68 + }, + "panelIndex": "45", + "panelRefName": "panel_33", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "47", + "w": 24, + "x": 24, + "y": 68 + }, + "panelIndex": "47", + "panelRefName": "panel_34", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "48", + "w": 8, + "x": 16, + "y": 52 + }, + "panelIndex": "48", + "panelRefName": "panel_35", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "49", + "w": 8, + "x": 40, + "y": 52 + }, + "panelIndex": "49", + "panelRefName": "panel_36", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "50", + "w": 8, + "x": 40, + "y": 76 + }, + "panelIndex": "50", + "panelRefName": "panel_37", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "51", + "w": 8, + "x": 40, + "y": 100 + }, + "panelIndex": "51", + "panelRefName": "panel_38", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "52", + "w": 8, + "x": 16, + "y": 100 + }, + "panelIndex": "52", + "panelRefName": "panel_39", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "53", + "w": 8, + "x": 16, + "y": 76 + }, + "panelIndex": "53", + "panelRefName": "panel_40", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Traffic Analysis", + "version": 1 + }, + "id": "38012abe-c611-4124-8497-381fcd85acc8", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1e74d5cb-556d-42ee-8042-88f6c1af47f0", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "3e27fb83-b3e3-4c15-b999-ed6da49b7a86", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "5d868836-c7b2-4812-bf47-4838aac281d9", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "717cd7c7-bfca-435d-8ee7-38259927aade", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "f668ecdb-eec7-44c6-9060-26aaf9fc8404", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "6bbd6712-494a-4fd9-b3d3-757304681f0f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "681f0ce4-d828-4a99-b643-0c0715530050", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "fd6c1144-5026-4795-b7af-a9aa3fc28c56", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "0b2818fd-aecc-4bef-b566-9466eb702ae4", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "248e00b4-8fc2-406f-8907-729d5380aaa7", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "cf399a85-e348-4ac1-a399-e8f5a44114c4", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "name": "panel_18", + "type": "visualization" + }, + { + "id": "a14c3248-952d-42aa-bd7d-9b39157a776f", + "name": "panel_19", + "type": "visualization" + }, + { + "id": "a685420e-c45f-4b62-932b-5b76ac8b8ca2", + "name": "panel_20", + "type": "visualization" + }, + { + "id": "0528bc66-6981-400a-a02d-c1d221b38890", + "name": "panel_21", + "type": "visualization" + }, + { + "id": "e99dc327-03de-4561-9e0c-f550710125c2", + "name": "panel_22", + "type": "visualization" + }, + { + "id": "32e712ed-fa15-4db7-8575-8476e8d65b03", + "name": "panel_23", + "type": "visualization" + }, + { + "id": "d59a031c-70d6-47d7-966d-7fcb805be9be", + "name": "panel_24", + "type": "visualization" + }, + { + "id": "af707b01-29f1-462b-b279-6d2e803f3645", + "name": "panel_25", + "type": "visualization" + }, + { + "id": "ddd27657-c3c8-4f82-8059-6d7763dd599b", + "name": "panel_26", + "type": "visualization" + }, + { + "id": "30cd1009-2925-4c9b-820d-d689f5d1efda", + "name": "panel_27", + "type": "visualization" + }, + { + "id": "7d447b22-89dc-4f32-b549-4b8620af4d76", + "name": "panel_28", + "type": "visualization" + }, + { + "id": "d41a9663-e5ad-47a7-955e-3803ae4e23c0", + "name": "panel_29", + "type": "visualization" + }, + { + "id": "3a4209e2-281c-467e-b5cb-315bf4a2661f", + "name": "panel_30", + "type": "visualization" + }, + { + "id": "201d7dd1-a880-4a64-b631-db5629340db9", + "name": "panel_31", + "type": "visualization" + }, + { + "id": "8f83cf97-4a48-421f-8db5-690297d1f4fb", + "name": "panel_32", + "type": "visualization" + }, + { + "id": "a1704d46-15fc-41c2-851d-796ceb49877f", + "name": "panel_33", + "type": "visualization" + }, + { + "id": "15e2a267-2495-4df2-a121-abe410d2f18c", + "name": "panel_34", + "type": "visualization" + }, + { + "id": "f27c1479-0625-4cdc-92de-672e47db0f87", + "name": "panel_35", + "type": "visualization" + }, + { + "id": "0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", + "name": "panel_36", + "type": "visualization" + }, + { + "id": "d5568704-e30b-4108-bb49-06a9b8dce6a6", + "name": "panel_37", + "type": "visualization" + }, + { + "id": "16262df9-a979-4136-935e-d883c7d373d7", + "name": "panel_38", + "type": "visualization" + }, + { + "id": "63ef5338-fdf2-488e-b78a-f0e98daccc95", + "name": "panel_39", + "type": "visualization" + }, + { + "id": "2dca3025-692c-4876-8bcc-e0b248dc9819", + "name": "panel_40", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024.json new file mode 100644 index 00000000000..b09fbf34661 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024.json @@ -0,0 +1,154 @@ +{ + "attributes": { + "description": "Netflow geo location", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "mapCenter": [ + 20.632784250388028, + 16.69921875 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 24, + "i": "16", + "w": 32, + "x": 16, + "y": 4 + }, + "panelIndex": "16", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "17", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "18", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "19", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "20", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "20", + "panelRefName": "panel_4", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Geo Location", + "version": 1 + }, + "id": "77326664-23be-4bf1-a126-6d7e60cfc024", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "f4c8cb5a-7336-449e-ab99-6e867b435b85", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "2316bb53-d98a-4f0f-8cd8-51e9fb317823", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/94972700-de4a-4272-9143-2fa8d4981365.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/94972700-de4a-4272-9143-2fa8d4981365.json new file mode 100644 index 00000000000..3594435df9c --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/94972700-de4a-4272-9143-2fa8d4981365.json @@ -0,0 +1,152 @@ +{ + "attributes": { + "description": "Netflow flow records", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 36, + "x": 12, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 12, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 16, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Flow records", + "version": 1 + }, + "id": "94972700-de4a-4272-9143-2fa8d4981365", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "4bb0255e-18ed-45e4-bfb9-de8e35b12094", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c27c6a3b-93ee-44d5-8d0c-9b097e575f52", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "name": "panel_3", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32.json new file mode 100644 index 00000000000..2ae7fd3cf04 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32.json @@ -0,0 +1,159 @@ +{ + "attributes": { + "description": "Netflow conversation partners", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "5", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Conversation Partners", + "version": 1 + }, + "id": "acd7a630-0c71-4840-bc9e-4a3801374a32", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e822f94c-5f65-4963-a540-74ca9c25bd2d", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "c54f5529-e6d7-4c26-8e8e-3b35de132035", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a.json new file mode 100644 index 00000000000..d06becf2db2 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a.json @@ -0,0 +1,204 @@ +{ + "attributes": { + "description": "Autonomous systems Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "3", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "7", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "8", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Autonomous Systems", + "version": 1 + }, + "id": "c64665f9-d222-421e-90b0-c7310d944b8a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "12aad647-c45d-4667-a029-152c1a97cbbc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d27b5d74-b3b4-4311-a0e6-08ff8f4345df", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "751ecb6f-11c3-458d-b039-f6d57a6379fa", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f7808e70-df2a-4532-a350-966704567c24", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425.json b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425.json new file mode 100644 index 00000000000..43cb465cd05 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425.json @@ -0,0 +1,204 @@ +{ + "attributes": { + "description": "Netflow exporters", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "input.type", + "negate": false, + "params": { + "query": "netflow" + }, + "type": "phrase", + "value": "netflow" + }, + "query": { + "match": { + "input.type": { + "query": "netflow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "10", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Flow Exporters", + "version": 1 + }, + "id": "feebb4e6-b13e-4e4e-b9fc-d3a178276425", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "441c6c50-fa1a-489c-96c6-76f7925dea24", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "14c7136d-b4aa-4367-9461-52bf8b5c4796", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "85ebf558-402b-45d2-a186-e15f8673ec07", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "1cd36f5d-d9c7-4098-acdb-14d312ecfb72", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "d3df8d28-65f8-4ea1-8b33-f479380a0600", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/search/a34c6611-79d8-4b50-ae3f-8b328d28e24a.json b/dev/packages/beats/netflow/0.0.1/kibana/search/a34c6611-79d8-4b50-ae3f-8b328d28e24a.json new file mode 100644 index 00000000000..856651a3ebd --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/search/a34c6611-79d8-4b50-ae3f-8b328d28e24a.json @@ -0,0 +1,46 @@ +{ + "attributes": { + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Flow Records [Logs Netflow]", + "version": 1 + }, + "id": "a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json new file mode 100644 index 00000000000..5cf0008597c --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "VLAN Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "VLANs", + "field": "netflow.vlan_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "VLAN Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/036aef95-ec90-468d-ad7c-3cc4405e9e81.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/036aef95-ec90-468d-ad7c-3cc4405e9e81.json new file mode 100644 index 00000000000..49372a09e66 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/036aef95-ec90-468d-ad7c-3cc4405e9e81.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Autonomous Systems [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Autonomous Systems [Logs Netflow]", + "type": "table" + } + }, + "id": "036aef95-ec90-468d-ad7c-3cc4405e9e81", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/0528bc66-6981-400a-a02d-c1d221b38890.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0528bc66-6981-400a-a02d-c1d221b38890.json new file mode 100644 index 00000000000..fe48b61fe64 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0528bc66-6981-400a-a02d-c1d221b38890.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Sources (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Sources (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "0528bc66-6981-400a-a02d-c1d221b38890", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/0b2818fd-aecc-4bef-b566-9466eb702ae4.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0b2818fd-aecc-4bef-b566-9466eb702ae4.json new file mode 100644 index 00000000000..0d3c2ea057f --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/0b2818fd-aecc-4bef-b566-9466eb702ae4.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Source Ports (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "0b2818fd-aecc-4bef-b566-9466eb702ae4", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/12aad647-c45d-4667-a029-152c1a97cbbc.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/12aad647-c45d-4667-a029-152c1a97cbbc.json new file mode 100644 index 00000000000..a4f00ad9682 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/12aad647-c45d-4667-a029-152c1a97cbbc.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "12aad647-c45d-4667-a029-152c1a97cbbc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/14c7136d-b4aa-4367-9461-52bf8b5c4796.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/14c7136d-b4aa-4367-9461-52bf8b5c4796.json new file mode 100644 index 00000000000..8238bcc7332 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/14c7136d-b4aa-4367-9461-52bf8b5c4796.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingress Interface", + "field": "netflow.ingress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Ingress Interfaces (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "14c7136d-b4aa-4367-9461-52bf8b5c4796", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/15295ea6-ba84-47db-8ced-9312abbf495c.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/15295ea6-ba84-47db-8ced-9312abbf495c.json new file mode 100644 index 00000000000..5c01a2a4dd6 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/15295ea6-ba84-47db-8ced-9312abbf495c.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Sources [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Sources [Logs Netflow]", + "type": "table" + } + }, + "id": "15295ea6-ba84-47db-8ced-9312abbf495c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/1558508d-591c-49be-bef4-85fdac18a960.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1558508d-591c-49be-bef4-85fdac18a960.json new file mode 100644 index 00000000000..7725a114885 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1558508d-591c-49be-bef4-85fdac18a960.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Sources and Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Sources and Ports (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "1558508d-591c-49be-bef4-85fdac18a960", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/15e2a267-2495-4df2-a121-abe410d2f18c.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/15e2a267-2495-4df2-a121-abe410d2f18c.json new file mode 100644 index 00000000000..aa798afecf6 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/15e2a267-2495-4df2-a121-abe410d2f18c.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "VLANs (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "VLANs (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "15e2a267-2495-4df2-a121-abe410d2f18c", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/16262df9-a979-4136-935e-d883c7d373d7.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/16262df9-a979-4136-935e-d883c7d373d7.json new file mode 100644 index 00000000000..22da87f644e --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/16262df9-a979-4136-935e-d883c7d373d7.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "City Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cities", + "field": "destination.geo.city_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "City Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "16262df9-a979-4136-935e-d883c7d373d7", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json new file mode 100644 index 00000000000..de05b33c71f --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Ingress Interfaces (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "1cd36f5d-d9c7-4098-acdb-14d312ecfb72", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cf30eac-aae8-47fa-a156-37f6346d2d5a.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cf30eac-aae8-47fa-a156-37f6346d2d5a.json new file mode 100644 index 00000000000..e96be310533 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1cf30eac-aae8-47fa-a156-37f6346d2d5a.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Types of Service (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Types of Service (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "1cf30eac-aae8-47fa-a156-37f6346d2d5a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/1e74d5cb-556d-42ee-8042-88f6c1af47f0.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1e74d5cb-556d-42ee-8042-88f6c1af47f0.json new file mode 100644 index 00000000000..956eef18658 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/1e74d5cb-556d-42ee-8042-88f6c1af47f0.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Cities (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Cities (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "1e74d5cb-556d-42ee-8042-88f6c1af47f0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/201d7dd1-a880-4a64-b631-db5629340db9.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/201d7dd1-a880-4a64-b631-db5629340db9.json new file mode 100644 index 00000000000..9e4c37b6cd7 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/201d7dd1-a880-4a64-b631-db5629340db9.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Ports (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Ports (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "201d7dd1-a880-4a64-b631-db5629340db9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/2316bb53-d98a-4f0f-8cd8-51e9fb317823.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2316bb53-d98a-4f0f-8cd8-51e9fb317823.json new file mode 100644 index 00000000000..b0465111079 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2316bb53-d98a-4f0f-8cd8-51e9fb317823.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries and Cities (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries and Cities (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "2316bb53-d98a-4f0f-8cd8-51e9fb317823", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/248e00b4-8fc2-406f-8907-729d5380aaa7.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/248e00b4-8fc2-406f-8907-729d5380aaa7.json new file mode 100644 index 00000000000..1a9e761fabf --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/248e00b4-8fc2-406f-8907-729d5380aaa7.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "248e00b4-8fc2-406f-8907-729d5380aaa7", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/2b3d4e86-2254-4033-8fe3-ce4753fafd03.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2b3d4e86-2254-4033-8fe3-ce4753fafd03.json new file mode 100644 index 00000000000..29ffb02e4f0 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2b3d4e86-2254-4033-8fe3-ce4753fafd03.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Protocols [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Protocols [Logs Netflow]", + "type": "table" + } + }, + "id": "2b3d4e86-2254-4033-8fe3-ce4753fafd03", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/2dca3025-692c-4876-8bcc-e0b248dc9819.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2dca3025-692c-4876-8bcc-e0b248dc9819.json new file mode 100644 index 00000000000..440515e2e63 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/2dca3025-692c-4876-8bcc-e0b248dc9819.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "TCP Flags Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "TCP Flag States", + "field": "netflow.tcp_control_bits" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "TCP Flags Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "2dca3025-692c-4876-8bcc-e0b248dc9819", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/30cd1009-2925-4c9b-820d-d689f5d1efda.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/30cd1009-2925-4c9b-820d-d689f5d1efda.json new file mode 100644 index 00000000000..3a3ff6611d3 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/30cd1009-2925-4c9b-820d-d689f5d1efda.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Autonomous Systems (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "30cd1009-2925-4c9b-820d-d689f5d1efda", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/31708a70-4957-4a8a-8065-5c88a344ad02.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/31708a70-4957-4a8a-8065-5c88a344ad02.json new file mode 100644 index 00000000000..4926b57f0bd --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/31708a70-4957-4a8a-8065-5c88a344ad02.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Exporters (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Flow Exporters (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "31708a70-4957-4a8a-8065-5c88a344ad02", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/31b5f6fd-eb9d-4e97-90fd-367062ef217f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/31b5f6fd-eb9d-4e97-90fd-367062ef217f.json new file mode 100644 index 00000000000..a6316b0eead --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/31b5f6fd-eb9d-4e97-90fd-367062ef217f.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Destination Ports [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destination Ports [Logs Netflow]", + "type": "table" + } + }, + "id": "31b5f6fd-eb9d-4e97-90fd-367062ef217f", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/32e712ed-fa15-4db7-8575-8476e8d65b03.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/32e712ed-fa15-4db7-8575-8476e8d65b03.json new file mode 100644 index 00000000000..a126ba9c9ae --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/32e712ed-fa15-4db7-8575-8476e8d65b03.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Source Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "32e712ed-fa15-4db7-8575-8476e8d65b03", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/3a4209e2-281c-467e-b5cb-315bf4a2661f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3a4209e2-281c-467e-b5cb-315bf4a2661f.json new file mode 100644 index 00000000000..3f3760f12b7 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3a4209e2-281c-467e-b5cb-315bf4a2661f.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Ports (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Ports (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "3a4209e2-281c-467e-b5cb-315bf4a2661f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json new file mode 100644 index 00000000000..9beb96153b1 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Version (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Version (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "3dec20c0-0d4f-43ef-8864-3779e1a1b33f", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json new file mode 100644 index 00000000000..52f92fa115e --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Ports (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "3e27fb83-b3e3-4c15-b999-ed6da49b7a86", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/441c6c50-fa1a-489c-96c6-76f7925dea24.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/441c6c50-fa1a-489c-96c6-76f7925dea24.json new file mode 100644 index 00000000000..76a98bbd659 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/441c6c50-fa1a-489c-96c6-76f7925dea24.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Exporters (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Flow Exporters (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "441c6c50-fa1a-489c-96c6-76f7925dea24", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json new file mode 100644 index 00000000000..c162b43dc80 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Egress Interface", + "field": "netflow.egress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Egress Interfaces (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/4bb0255e-18ed-45e4-bfb9-de8e35b12094.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/4bb0255e-18ed-45e4-bfb9-de8e35b12094.json new file mode 100644 index 00000000000..ecd4c78856a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/4bb0255e-18ed-45e4-bfb9-de8e35b12094.json @@ -0,0 +1,146 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Records [Logs Netflow]", + "uiStateJSON": { + "vis": { + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timeline", + "extended_bounds": {}, + "field": "event.end", + "interval": "s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Flow Records" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Flow Records [Logs Netflow]", + "type": "histogram" + } + }, + "id": "4bb0255e-18ed-45e4-bfb9-de8e35b12094", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/5292a65b-c532-422a-9008-1251a8073a3a.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5292a65b-c532-422a-9008-1251a8073a3a.json new file mode 100644 index 00000000000..841969482e0 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5292a65b-c532-422a-9008-1251a8073a3a.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Cities [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Cities [Logs Netflow]", + "type": "table" + } + }, + "id": "5292a65b-c532-422a-9008-1251a8073a3a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/5303e99b-389c-47b7-ae7a-945c5a92ba49.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5303e99b-389c-47b7-ae7a-945c5a92ba49.json new file mode 100644 index 00000000000..dbd3eb6f775 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5303e99b-389c-47b7-ae7a-945c5a92ba49.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Destinations [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations [Logs Netflow]", + "type": "table" + } + }, + "id": "5303e99b-389c-47b7-ae7a-945c5a92ba49", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/57e13a20-e94f-4465-a942-42148634a1d2.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/57e13a20-e94f-4465-a942-42148634a1d2.json new file mode 100644 index 00000000000..94bd8f97231 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/57e13a20-e94f-4465-a942-42148634a1d2.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "TCP Flags (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "TCP Flags (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "57e13a20-e94f-4465-a942-42148634a1d2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/5ccac452-e90a-4dde-ae9b-1be36ce3f761.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5ccac452-e90a-4dde-ae9b-1be36ce3f761.json new file mode 100644 index 00000000000..f0ace7287b4 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5ccac452-e90a-4dde-ae9b-1be36ce3f761.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries and Cities (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries and Cities (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "5ccac452-e90a-4dde-ae9b-1be36ce3f761", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json new file mode 100644 index 00000000000..852d34f0082 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Countries (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Countries (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/5d868836-c7b2-4812-bf47-4838aac281d9.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5d868836-c7b2-4812-bf47-4838aac281d9.json new file mode 100644 index 00000000000..cfe389f5cda --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/5d868836-c7b2-4812-bf47-4838aac281d9.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "TCP Flags (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "TCP Flags (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "5d868836-c7b2-4812-bf47-4838aac281d9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/63ef5338-fdf2-488e-b78a-f0e98daccc95.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/63ef5338-fdf2-488e-b78a-f0e98daccc95.json new file mode 100644 index 00000000000..04a34b6c3f6 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/63ef5338-fdf2-488e-b78a-f0e98daccc95.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Country Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Countries", + "field": "destination.geo.country_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Country Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "63ef5338-fdf2-488e-b78a-f0e98daccc95", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/67fdca65-a9df-47f0-a8a4-1e8b056325de.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/67fdca65-a9df-47f0-a8a4-1e8b056325de.json new file mode 100644 index 00000000000..9768d5eae63 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/67fdca65-a9df-47f0-a8a4-1e8b056325de.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Ports (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "67fdca65-a9df-47f0-a8a4-1e8b056325de", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/681f0ce4-d828-4a99-b643-0c0715530050.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/681f0ce4-d828-4a99-b643-0c0715530050.json new file mode 100644 index 00000000000..44812e7969a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/681f0ce4-d828-4a99-b643-0c0715530050.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destinations (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Destinations (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "681f0ce4-d828-4a99-b643-0c0715530050", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/6bbd6712-494a-4fd9-b3d3-757304681f0f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/6bbd6712-494a-4fd9-b3d3-757304681f0f.json new file mode 100644 index 00000000000..d9e0cc02dcf --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/6bbd6712-494a-4fd9-b3d3-757304681f0f.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Sources (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Sources (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "6bbd6712-494a-4fd9-b3d3-757304681f0f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/717cd7c7-bfca-435d-8ee7-38259927aade.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/717cd7c7-bfca-435d-8ee7-38259927aade.json new file mode 100644 index 00000000000..e073e80c567 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/717cd7c7-bfca-435d-8ee7-38259927aade.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Types of Service (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Types of Service (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "717cd7c7-bfca-435d-8ee7-38259927aade", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/751ecb6f-11c3-458d-b039-f6d57a6379fa.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/751ecb6f-11c3-458d-b039-f6d57a6379fa.json new file mode 100644 index 00000000000..55e7e64fb0d --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/751ecb6f-11c3-458d-b039-f6d57a6379fa.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Autonomous Systems (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Autonomous Systems (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "751ecb6f-11c3-458d-b039-f6d57a6379fa", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/7d447b22-89dc-4f32-b549-4b8620af4d76.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/7d447b22-89dc-4f32-b549-4b8620af4d76.json new file mode 100644 index 00000000000..79c6b4c7343 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/7d447b22-89dc-4f32-b549-4b8620af4d76.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Cities (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Cities (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "7d447b22-89dc-4f32-b549-4b8620af4d76", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/7fa6cb0a-518d-46e9-a228-15cd4253a957.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/7fa6cb0a-518d-46e9-a228-15cd4253a957.json new file mode 100644 index 00000000000..7014eaa4f92 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/7fa6cb0a-518d-46e9-a228-15cd4253a957.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "VLANs (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "VLANs (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "7fa6cb0a-518d-46e9-a228-15cd4253a957", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/85ebf558-402b-45d2-a186-e15f8673ec07.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/85ebf558-402b-45d2-a186-e15f8673ec07.json new file mode 100644 index 00000000000..46015bf8818 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/85ebf558-402b-45d2-a186-e15f8673ec07.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Egress Interfaces (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "85ebf558-402b-45d2-a186-e15f8673ec07", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/8f83cf97-4a48-421f-8db5-690297d1f4fb.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/8f83cf97-4a48-421f-8db5-690297d1f4fb.json new file mode 100644 index 00000000000..56d73cf75c4 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/8f83cf97-4a48-421f-8db5-690297d1f4fb.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "TCP Flags (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "TCP Flags (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "8f83cf97-4a48-421f-8db5-690297d1f4fb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/a14c3248-952d-42aa-bd7d-9b39157a776f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a14c3248-952d-42aa-bd7d-9b39157a776f.json new file mode 100644 index 00000000000..7b2a4df19ca --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a14c3248-952d-42aa-bd7d-9b39157a776f.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Countries (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Countries (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "a14c3248-952d-42aa-bd7d-9b39157a776f", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/a1704d46-15fc-41c2-851d-796ceb49877f.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a1704d46-15fc-41c2-851d-796ceb49877f.json new file mode 100644 index 00000000000..cc02425deb8 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a1704d46-15fc-41c2-851d-796ceb49877f.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Types of Service (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Types of Service (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "a1704d46-15fc-41c2-851d-796ceb49877f", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json new file mode 100644 index 00000000000..4c5364d4d73 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "VLANs (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "VLANs (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/a685420e-c45f-4b62-932b-5b76ac8b8ca2.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a685420e-c45f-4b62-932b-5b76ac8b8ca2.json new file mode 100644 index 00000000000..847bd9c8a94 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/a685420e-c45f-4b62-932b-5b76ac8b8ca2.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Cities (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Cities (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "a685420e-c45f-4b62-932b-5b76ac8b8ca2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json new file mode 100644 index 00000000000..8676c5b535f --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/ae334aec-31fa-4df7-a064-40b18831d819.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ae334aec-31fa-4df7-a064-40b18831d819.json new file mode 100644 index 00000000000..45e12ea7638 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ae334aec-31fa-4df7-a064-40b18831d819.json @@ -0,0 +1,133 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } + }, + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "ae334aec-31fa-4df7-a064-40b18831d819", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/aed09724-0a69-4331-84f5-3d2067c43930.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/aed09724-0a69-4331-84f5-3d2067c43930.json new file mode 100644 index 00000000000..dc56478f66c --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/aed09724-0a69-4331-84f5-3d2067c43930.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "aed09724-0a69-4331-84f5-3d2067c43930", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/af707b01-29f1-462b-b279-6d2e803f3645.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/af707b01-29f1-462b-b279-6d2e803f3645.json new file mode 100644 index 00000000000..76cfa55b756 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/af707b01-29f1-462b-b279-6d2e803f3645.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Port Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Destination Port Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "af707b01-29f1-462b-b279-6d2e803f3645", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/b02c2713-17f0-41dd-88a3-ce33b446f19d.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/b02c2713-17f0-41dd-88a3-ce33b446f19d.json new file mode 100644 index 00000000000..d64a848d980 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/b02c2713-17f0-41dd-88a3-ce33b446f19d.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Locality (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locality", + "field": "flow.locality", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Locality (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "b02c2713-17f0-41dd-88a3-ce33b446f19d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/b677cd82-b33e-49b3-8b6e-0e110177b163.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/b677cd82-b33e-49b3-8b6e-0e110177b163.json new file mode 100644 index 00000000000..1342d62dad7 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/b677cd82-b33e-49b3-8b6e-0e110177b163.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Direction (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Direction", + "field": "network.direction", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Direction (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "b677cd82-b33e-49b3-8b6e-0e110177b163", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json new file mode 100644 index 00000000000..58fcfb38f77 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Flow Records [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Flow Records [Logs Netflow]", + "type": "metric" + } + }, + "id": "c27c6a3b-93ee-44d5-8d0c-9b097e575f52", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/c54f5529-e6d7-4c26-8e8e-3b35de132035.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/c54f5529-e6d7-4c26-8e8e-3b35de132035.json new file mode 100644 index 00000000000..bbf0b110922 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/c54f5529-e6d7-4c26-8e8e-3b35de132035.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source Ports (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "c54f5529-e6d7-4c26-8e8e-3b35de132035", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/cccff92f-cb71-49a9-9caf-84867751d31e.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/cccff92f-cb71-49a9-9caf-84867751d31e.json new file mode 100644 index 00000000000..d0e14cb761d --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/cccff92f-cb71-49a9-9caf-84867751d31e.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Flow Exporters [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.hostname", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Flow Exporters [Logs Netflow]", + "type": "table" + } + }, + "id": "cccff92f-cb71-49a9-9caf-84867751d31e", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/cf399a85-e348-4ac1-a399-e8f5a44114c4.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/cf399a85-e348-4ac1-a399-e8f5a44114c4.json new file mode 100644 index 00000000000..e254423367b --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/cf399a85-e348-4ac1-a399-e8f5a44114c4.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination Ports (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "cf399a85-e348-4ac1-a399-e8f5a44114c4", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json new file mode 100644 index 00000000000..397514d5a9a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destination Autonomous Systems (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destination Autonomous Systems (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "d27b5d74-b3b4-4311-a0e6-08ff8f4345df", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d3df8d28-65f8-4ea1-8b33-f479380a0600.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d3df8d28-65f8-4ea1-8b33-f479380a0600.json new file mode 100644 index 00000000000..350d742bf66 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d3df8d28-65f8-4ea1-8b33-f479380a0600.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Ingress Interfaces (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Ingress Interfaces (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "d3df8d28-65f8-4ea1-8b33-f479380a0600", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d41a9663-e5ad-47a7-955e-3803ae4e23c0.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d41a9663-e5ad-47a7-955e-3803ae4e23c0.json new file mode 100644 index 00000000000..fde91b81a88 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d41a9663-e5ad-47a7-955e-3803ae4e23c0.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Countries (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Countries (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "d41a9663-e5ad-47a7-955e-3803ae4e23c0", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json new file mode 100644 index 00000000000..cab18ab23cc --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Dashboard Navigation [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "markdown": "[Overview](#/dashboard/34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "title": "Dashboard Navigation [Logs Netflow]", + "type": "markdown" + } + }, + "id": "d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d5568704-e30b-4108-bb49-06a9b8dce6a6.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d5568704-e30b-4108-bb49-06a9b8dce6a6.json new file mode 100644 index 00000000000..8098d34940c --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d5568704-e30b-4108-bb49-06a9b8dce6a6.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Autonomous System Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Autonomous Systems", + "field": "destination.as.organization.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Autonomous System Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "d5568704-e30b-4108-bb49-06a9b8dce6a6", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/d59a031c-70d6-47d7-966d-7fcb805be9be.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d59a031c-70d6-47d7-966d-7fcb805be9be.json new file mode 100644 index 00000000000..9c1185e058a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/d59a031c-70d6-47d7-966d-7fcb805be9be.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Destinations (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Destinations (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "d59a031c-70d6-47d7-966d-7fcb805be9be", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/ddd27657-c3c8-4f82-8059-6d7763dd599b.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ddd27657-c3c8-4f82-8059-6d7763dd599b.json new file mode 100644 index 00000000000..581b956e71a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ddd27657-c3c8-4f82-8059-6d7763dd599b.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Source Port Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Ports", + "field": "source.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Source Port Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "ddd27657-c3c8-4f82-8059-6d7763dd599b", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/e822f94c-5f65-4963-a540-74ca9c25bd2d.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e822f94c-5f65-4963-a540-74ca9c25bd2d.json new file mode 100644 index 00000000000..3d9ca6361a6 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e822f94c-5f65-4963-a540-74ca9c25bd2d.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destinations and Sources (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destinations and Sources (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "e822f94c-5f65-4963-a540-74ca9c25bd2d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/e99dc327-03de-4561-9e0c-f550710125c2.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e99dc327-03de-4561-9e0c-f550710125c2.json new file mode 100644 index 00000000000..05538eee2fb --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e99dc327-03de-4561-9e0c-f550710125c2.json @@ -0,0 +1,50 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Count [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "fontSize": "32", + "handleNoResults": true + }, + "title": "Destination Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "e99dc327-03de-4561-9e0c-f550710125c2", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/e9ad835b-b2f2-42d3-a3e7-555a593deacf.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e9ad835b-b2f2-42d3-a3e7-555a593deacf.json new file mode 100644 index 00000000000..d0b4bcb314f --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/e9ad835b-b2f2-42d3-a3e7-555a593deacf.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Top Source Ports [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Source Ports [Logs Netflow]", + "type": "table" + } + }, + "id": "e9ad835b-b2f2-42d3-a3e7-555a593deacf", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json new file mode 100644 index 00000000000..670c37d7d76 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Conversation Partners [Logs Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "title": "Conversation Partners [Logs Netflow]", + "type": "table" + } + }, + "id": "ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f27c1479-0625-4cdc-92de-672e47db0f87.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f27c1479-0625-4cdc-92de-672e47db0f87.json new file mode 100644 index 00000000000..6cae3afb9b7 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f27c1479-0625-4cdc-92de-672e47db0f87.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "ToS Count [Logs Netflow]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Types of Service", + "field": "netflow.ip_class_of_service" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "ToS Count [Logs Netflow]", + "type": "metric" + } + }, + "id": "f27c1479-0625-4cdc-92de-672e47db0f87", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f4c8cb5a-7336-449e-ab99-6e867b435b85.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f4c8cb5a-7336-449e-ab99-6e867b435b85.json new file mode 100644 index 00000000000..4660e11c00a --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f4c8cb5a-7336-449e-ab99-6e867b435b85.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination Geo Location Heatmap [Logs Netflow]", + "uiStateJSON": { + "mapCenter": [ + 8.407168163601076, + 9.4921875 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "customLabel": "Location", + "field": "destination.geo.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": "16", + "heatMaxZoom": 16, + "heatMinOpacity": "0.32", + "heatNormalizeData": true, + "heatRadius": "24", + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Heatmap", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Destination Geo Location Heatmap [Logs Netflow]", + "type": "tile_map" + } + }, + "id": "f4c8cb5a-7336-449e-ab99-6e867b435b85", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f531f957-e8c0-497a-ad41-ef39c2d29671.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f531f957-e8c0-497a-ad41-ef39c2d29671.json new file mode 100644 index 00000000000..16c3c54be5b --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f531f957-e8c0-497a-ad41-ef39c2d29671.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "f531f957-e8c0-497a-ad41-ef39c2d29671", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f668ecdb-eec7-44c6-9060-26aaf9fc8404.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f668ecdb-eec7-44c6-9060-26aaf9fc8404.json new file mode 100644 index 00000000000..73427b4d9e1 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f668ecdb-eec7-44c6-9060-26aaf9fc8404.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Ports (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Ports (bytes) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "f668ecdb-eec7-44c6-9060-26aaf9fc8404", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json new file mode 100644 index 00000000000..c1f815708a4 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Source Autonomous Systems (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Source Autonomous Systems (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f772028b-d5a6-4d55-b441-493871981a60.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f772028b-d5a6-4d55-b441-493871981a60.json new file mode 100644 index 00000000000..9243a2a6f43 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f772028b-d5a6-4d55-b441-493871981a60.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "f772028b-d5a6-4d55-b441-493871981a60", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f7808e70-df2a-4532-a350-966704567c24.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f7808e70-df2a-4532-a350-966704567c24.json new file mode 100644 index 00000000000..383034f21af --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f7808e70-df2a-4532-a350-966704567c24.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Destination and Source ASs (flow records) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination AS", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source AS", + "field": "source.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Destination and Source ASs (flow records) [Logs Netflow]", + "type": "pie" + } + }, + "id": "f7808e70-df2a-4532-a350-966704567c24", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json new file mode 100644 index 00000000000..4595f1dee75 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json @@ -0,0 +1,31 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + }, + "title": "Egress Interfaces (packets) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "title": "Egress Interfaces (packets) [Logs Netflow]", + "type": "timelion" + } + }, + "id": "f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/kibana/visualization/fd6c1144-5026-4795-b7af-a9aa3fc28c56.json b/dev/packages/beats/netflow/0.0.1/kibana/visualization/fd6c1144-5026-4795-b7af-a9aa3fc28c56.json new file mode 100644 index 00000000000..ea9b414bf48 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/kibana/visualization/fd6c1144-5026-4795-b7af-a9aa3fc28c56.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Sources (bytes) [Logs Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Sources (bytes) [Logs Netflow]", + "type": "pie" + } + }, + "id": "fd6c1144-5026-4795-b7af-a9aa3fc28c56", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/netflow/0.0.1/manifest.yml b/dev/packages/beats/netflow/0.0.1/manifest.yml new file mode 100644 index 00000000000..2ff424de1f1 --- /dev/null +++ b/dev/packages/beats/netflow/0.0.1/manifest.yml @@ -0,0 +1,24 @@ +format_version: 1.0.0 +name: netflow +title: NetFlow +version: 0.0.1 +license: basic +description: NetFlow Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +datasources: +- name: netflow + title: NetFlow logs + description: Collect logs from NetFlow instances + inputs: + - type: logs + title: Collect logs from NetFlow instances + description: Collecting NetFlow log logs diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/agent/stream/log.yml.hbs b/dev/packages/beats/nginx/0.0.1/dataset/access/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ed4036fef5b --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/nginx/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..9de5d5e7c4b --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,168 @@ +--- +description: Pipeline for parsing Nginx access logs. Requires the geoip and user_agent + plugins. +processors: +- grok: + field: message + patterns: + - (%{NGINX_HOST} )?"?(?:%{NGINX_ADDRESS_LIST:nginx.access.remote_ip_list}|%{NOTSPACE:source.address}) + - (-|%{DATA:user.name}) \[%{HTTPDATE:nginx.access.time}\] "%{DATA:nginx.access.info}" + %{NUMBER:http.response.status_code:long} %{NUMBER:http.response.body.bytes:long} + "(-|%{DATA:http.request.referrer})" "(-|%{DATA:user_agent.original})" + pattern_definitions: + NGINX_HOST: (?:%{IP:destination.ip}|%{NGINX_NOTSEPARATOR:destination.domain})(:%{NUMBER:destination.port})? + NGINX_NOTSEPARATOR: "[^\t ,:]+" + NGINX_ADDRESS_LIST: (?:%{IP}|%{WORD})("?,?\s*(?:%{IP}|%{WORD}))* + ignore_missing: true +- grok: + field: nginx.access.info + patterns: + - '%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}' + - "" + ignore_missing: true +- remove: + field: nginx.access.info +- split: + field: nginx.access.remote_ip_list + separator: '"?,?\s+' + ignore_missing: true +- split: + field: nginx.access.origin + separator: '"?,?\s+' + ignore_missing: true +- set: + field: source.address + if: ctx.source?.address == null + value: "" +- script: + if: ctx.nginx?.access?.remote_ip_list != null && ctx.nginx.access.remote_ip_list.length > 0 + lang: painless + source: >- + boolean isPrivate(def dot, def ip) { + try { + StringTokenizer tok = new StringTokenizer(ip, dot); + int firstByte = Integer.parseInt(tok.nextToken()); + int secondByte = Integer.parseInt(tok.nextToken()); + if (firstByte == 10) { + return true; + } + if (firstByte == 192 && secondByte == 168) { + return true; + } + if (firstByte == 172 && secondByte >= 16 && secondByte <= 31) { + return true; + } + if (firstByte == 127) { + return true; + } + return false; + } + catch (Exception e) { + return false; + } + } + try { + ctx.source.address = null; + if (ctx.nginx.access.remote_ip_list == null) { + return; + } + def found = false; + for (def item : ctx.nginx.access.remote_ip_list) { + if (!isPrivate(params.dot, item)) { + ctx.source.address = item; + found = true; + break; + } + } + if (!found) { + ctx.source.address = ctx.nginx.access.remote_ip_list[0]; + } + } + catch (Exception e) { + ctx.source.address = null; + } + params: + dot: . +- remove: + field: source.address + if: ctx.source.address == null +- grok: + field: source.address + patterns: + - ^%{IP:source.ip}$ + ignore_failure: true +- remove: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: nginx.access.time + target_field: '@timestamp' + formats: + - dd/MMM/yyyy:H:m:s Z + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: nginx.access.time +- user_agent: + field: user_agent.original + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: web +- append: + field: event.type + value: access +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +- lowercase: + field: http.request.method + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/fields/ecs.yml b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/ecs.yml new file mode 100644 index 00000000000..98ad5bf38ce --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/ecs.yml @@ -0,0 +1,133 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 00000000000..8e9190cfe84 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,11 @@ +- name: nginx.access + type: group + fields: + - name: remote_ip_list + type: array + description: | + An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. + - name: user_agent + type: group + - name: geoip + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/fields/package-fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/package-fields.yml new file mode 100644 index 00000000000..1f8692738cc --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: nginx + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/access/manifest.yml b/dev/packages/beats/nginx/0.0.1/dataset/access/manifest.yml new file mode 100644 index 00000000000..0efb5c3eaa9 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/access/manifest.yml @@ -0,0 +1,24 @@ +title: Nginx access logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/nginx/access.log* + os: + darwin: + default: + - /usr/local/var/log/nginx/access.log* + windows: + default: + - c:/programdata/nginx/logs/*access.log* + template_path: log.yml.hbs + title: Nginx access logs (log) + description: Collect Nginx access logs using log input diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/agent/stream/log.yml.hbs b/dev/packages/beats/nginx/0.0.1/dataset/error/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..209e711494a --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/agent/stream/log.yml.hbs @@ -0,0 +1,11 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\d{4}\/\d{2}\/\d{2} ' + negate: true + match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/nginx/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..96b46eb9c98 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for parsing the Nginx error logs +processors: +- grok: + field: message + patterns: + - '%{DATA:nginx.error.time} \[%{DATA:log.level}\] %{NUMBER:process.pid:long}#%{NUMBER:process.thread.id:long}: + (\*%{NUMBER:nginx.error.connection_id:long} )?%{GREEDYMULTILINE:message}' + pattern_definitions: + GREEDYMULTILINE: |- + (.| + | )* + ignore_missing: true +- rename: + field: '@timestamp' + target_field: event.created +- date: + if: ctx.event.timezone == null + field: nginx.error.time + target_field: '@timestamp' + formats: + - yyyy/MM/dd H:m:s + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: nginx.error.time + target_field: '@timestamp' + formats: + - yyyy/MM/dd H:m:s + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: nginx.error.time +- set: + field: event.kind + value: event +- append: + field: event.category + value: web +- append: + field: event.type + value: error +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/fields/ecs.yml b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/ecs.yml new file mode 100644 index 00000000000..8cca86575b7 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/ecs.yml @@ -0,0 +1,35 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. + - name: thread.id + level: extended + type: long + format: string + description: Thread ID. diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 00000000000..34112d2ea67 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,7 @@ +- name: nginx.error + type: group + fields: + - name: connection_id + type: long + description: | + Connection identifier. diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/fields/package-fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/package-fields.yml new file mode 100644 index 00000000000..1f8692738cc --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: nginx + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/error/manifest.yml b/dev/packages/beats/nginx/0.0.1/dataset/error/manifest.yml new file mode 100644 index 00000000000..1836ce07935 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/error/manifest.yml @@ -0,0 +1,24 @@ +title: Nginx error logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/nginx/error.log* + os: + darwin: + default: + - /usr/local/var/log/nginx/error.log* + windows: + default: + - c:/programdata/nginx/logs/error.log* + template_path: log.yml.hbs + title: Nginx error logs (log) + description: Collect Nginx error logs using log input diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/agent/stream/log.yml.hbs b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..34f4f788d56 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..abf54fcd2ca --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,173 @@ +--- +description: Pipeline for parsing Nginx ingress controller access logs. Requires the + geoip and user_agent plugins. +processors: +- grok: + field: message + patterns: + - (%{NGINX_HOST} )?"?(?:%{NGINX_ADDRESS_LIST:nginx.ingress_controller.remote_ip_list}|%{NOTSPACE:source.address}) + - (-|%{DATA:user.name}) \[%{HTTPDATE:nginx.ingress_controller.time}\] "%{DATA:nginx.ingress_controller.info}" + %{NUMBER:http.response.status_code:long} %{NUMBER:http.response.body.bytes:long} + "(-|%{DATA:http.request.referrer})" "(-|%{DATA:user_agent.original})" %{NUMBER:nginx.ingress_controller.http.request.length:long} + %{NUMBER:nginx.ingress_controller.http.request.time:double} \[%{DATA:nginx.ingress_controller.upstream.name}\] + \[%{DATA:nginx.ingress_controller.upstream.alternative_name}\] (%{UPSTREAM_ADDRESS}|-) + (%{NUMBER:nginx.ingress_controller.upstream.response.length:long}|-) (%{NUMBER:nginx.ingress_controller.upstream.response.time:double}|-) + (%{NUMBER:nginx.ingress_controller.upstream.response.status_code:long}|-) %{GREEDYDATA:nginx.ingress_controller.http.request.id} + pattern_definitions: + NGINX_HOST: (?:%{IP:destination.ip}|%{NGINX_NOTSEPARATOR:destination.domain})(:%{NUMBER:destination.port})? + NGINX_NOTSEPARATOR: "[^\t ,:]+" + NGINX_ADDRESS_LIST: (?:%{IP}|%{WORD})("?,?\s*(?:%{IP}|%{WORD}))* + UPSTREAM_ADDRESS: '%{IP:nginx.ingress_controller.upstream.ip}(:%{NUMBER:nginx.ingress_controller.upstream.port})?' + ignore_missing: true +- grok: + field: nginx.ingress_controller.info + patterns: + - '%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}' + - "" + ignore_missing: true +- remove: + field: nginx.ingress_controller.info +- split: + field: nginx.ingress_controller.remote_ip_list + separator: '"?,?\s+' + ignore_missing: true +- split: + field: nginx.ingress_controller.origin + separator: '"?,?\s+' + ignore_missing: true +- set: + field: source.address + if: ctx.source?.address == null + value: "" +- script: + if: ctx.nginx?.access?.remote_ip_list != null && ctx.nginx.ingress_controller.remote_ip_list.length > 0 + lang: painless + source: >- + boolean isPrivate(def dot, def ip) { + try { + StringTokenizer tok = new StringTokenizer(ip, dot); + int firstByte = Integer.parseInt(tok.nextToken()); + int secondByte = Integer.parseInt(tok.nextToken()); + if (firstByte == 10) { + return true; + } + if (firstByte == 192 && secondByte == 168) { + return true; + } + if (firstByte == 172 && secondByte >= 16 && secondByte <= 31) { + return true; + } + if (firstByte == 127) { + return true; + } + return false; + } + catch (Exception e) { + return false; + } + } + try { + ctx.source.address = null; + if (ctx.nginx.ingress_controller.remote_ip_list == null) { + return; + } + def found = false; + for (def item : ctx.nginx.ingress_controller.remote_ip_list) { + if (!isPrivate(params.dot, item)) { + ctx.source.address = item; + found = true; + break; + } + } + if (!found) { + ctx.source.address = ctx.nginx.ingress_controller.remote_ip_list[0]; + } + } + catch (Exception e) { + ctx.source.address = null; + } + params: + dot: . +- remove: + field: source.address + if: ctx.source.address == null +- grok: + field: source.address + patterns: + - ^%{IP:source.ip}$ + ignore_failure: true +- remove: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: nginx.ingress_controller.time + target_field: '@timestamp' + formats: + - dd/MMM/yyyy:H:m:s Z + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: nginx.ingress_controller.time +- user_agent: + field: user_agent.original + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: web +- append: + field: event.type + value: info +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" +- lowercase: + field: http.request.method + ignore_missing: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/ecs.yml b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/ecs.yml new file mode 100644 index 00000000000..98ad5bf38ce --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/ecs.yml @@ -0,0 +1,133 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/fields.yml new file mode 100644 index 00000000000..ac486d5f62a --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/fields.yml @@ -0,0 +1,55 @@ +- name: nginx.ingress_controller + type: group + fields: + - name: remote_ip_list + type: array + description: | + An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. + - name: http.request.length + type: long + format: bytes + description: | + The request length (including request line, header, and request body) + - name: http.request.time + type: double + format: duration + description: | + Time elapsed since the first bytes were read from the client + - name: upstream.name + type: text + description: | + The name of the upstream. + - name: upstream.alternative_name + type: text + description: | + The name of the alternative upstream. + - name: upstream.response.length + type: long + format: bytes + description: | + The length of the response obtained from the upstream server + - name: upstream.response.time + type: double + format: duration + description: | + The time spent on receiving the response from the upstream server as seconds with millisecond resolution + - name: upstream.response.status_code + type: long + description: | + The status code of the response obtained from the upstream server + - name: http.request.id + type: text + description: | + The randomly generated ID of the request + - name: upstream.ip + type: ip + description: | + The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. + - name: upstream.port + type: long + description: | + The port of the upstream server. + - name: user_agent + type: group + - name: geoip + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/package-fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/package-fields.yml new file mode 100644 index 00000000000..1f8692738cc --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: nginx + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/manifest.yml b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/manifest.yml new file mode 100644 index 00000000000..90ba89bcf07 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/ingress_controller/manifest.yml @@ -0,0 +1,24 @@ +title: Nginx ingress_controller logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/nginx/access.log* + os: + darwin: + default: + - /usr/local/var/log/nginx/access.log* + windows: + default: + - c:/programdata/nginx/logs/*access.log* + template_path: log.yml.hbs + title: Nginx ingress_controller logs (log) + description: Collect Nginx ingress_controller logs using log input diff --git a/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/agent/stream/stream.yml.hbs b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..18aabf7beea --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["stubstatus"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if server_status_path}} +server_status_path: {{server_status_path}} +{{/if}} diff --git a/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/fields.yml new file mode 100644 index 00000000000..decf65b7e79 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/fields.yml @@ -0,0 +1,44 @@ +- name: nginx.stubstatus + type: group + release: ga + fields: + - name: hostname + type: keyword + description: | + Nginx hostname. + - name: active + type: long + description: | + The current number of active client connections including Waiting connections. + - name: accepts + type: long + description: | + The total number of accepted client connections. + - name: handled + type: long + description: | + The total number of handled client connections. + - name: dropped + type: long + description: | + The total number of dropped client connections. + - name: requests + type: long + description: | + The total number of client requests. + - name: current + type: long + description: | + The current number of client requests. + - name: reading + type: long + description: | + The current number of connections where Nginx is reading the request header. + - name: writing + type: long + description: | + The current number of connections where Nginx is writing the response back to the client. + - name: waiting + type: long + description: | + The current number of idle client connections waiting for a request. diff --git a/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/package-fields.yml b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/package-fields.yml new file mode 100644 index 00000000000..1f8692738cc --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: nginx + type: group diff --git a/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/manifest.yml b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/manifest.yml new file mode 100644 index 00000000000..52c1c77b066 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/dataset/stubstatus/manifest.yml @@ -0,0 +1,15 @@ +title: Nginx stubstatus metrics +release: experimental +type: metrics +streams: +- input: nginx/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Nginx stubstatus metrics + description: Collect Nginx stubstatus metrics diff --git a/dev/packages/beats/nginx/0.0.1/docs/README.md b/dev/packages/beats/nginx/0.0.1/docs/README.md new file mode 100644 index 00000000000..c17b47ced0c --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/docs/README.md @@ -0,0 +1,179 @@ +# Nginx Integration + +This integration periodically fetches metrics from [https://nginx.org/](Nginx) servers. It can parse access and error +logs created by the HTTP server. + +## Compatibility + +The Nginx `stubstatus` metrics was tested with Nginx 1.9 and are expected to work with all version >= 1.9. +The logs were tested with version 1.10. +On Windows, the module was tested with Nginx installed from the Chocolatey repository. + +## Logs + +**Timezone support** + +This datasource parses logs that don’t contain timezone information. For these logs, the Elastic Agent reads the local +timezone and uses it when parsing to convert the timestamp to UTC. The timezone to be used for parsing is included +in the event in the `event.timezone` field. + +To disable this conversion, the event.timezone field can be removed with the drop_fields processor. + +If logs are originated from systems or applications with a different timezone to the local one, the `event.timezone` +field can be overwritten with the original timezone using the add_fields processor. + +### Access Logs + +Access logs collects the nginx access logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| http.request.method | HTTP request method. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| http.request.referrer | Referrer for this HTTP request. | keyword | +| http.response.body.bytes | Size in bytes of the response body. | long | +| http.response.status_code | HTTP response status code. | long | +| http.version | HTTP version. | keyword | +| nginx.access.remote_ip_list | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. | array | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | keyword | +| user.name | Short name or login of the user. | keyword | +| user_agent.device.name | Name of the device. | keyword | +| user_agent.name | Name of the user agent. | keyword | +| user_agent.original | Unparsed user_agent string. | keyword | +| user_agent.os.name | Operating system name, without the version. | keyword | + + +### Error Logs + +Error logs collects the nginx error logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| nginx.error.connection_id | Connection identifier. | long | +| process.pid | Process id. | long | +| process.thread.id | Thread ID. | long | + + +### Ingress Controller Logs + +Error logs collects the ingress controller logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| http.request.method | HTTP request method. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| http.request.referrer | Referrer for this HTTP request. | keyword | +| http.response.body.bytes | Size in bytes of the response body. | long | +| http.response.status_code | HTTP response status code. | long | +| http.version | HTTP version. | keyword | +| nginx.ingress_controller.http.request.id | The randomly generated ID of the request | text | +| nginx.ingress_controller.http.request.length | The request length (including request line, header, and request body) | long | +| nginx.ingress_controller.http.request.time | Time elapsed since the first bytes were read from the client | double | +| nginx.ingress_controller.remote_ip_list | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. | array | +| nginx.ingress_controller.upstream.alternative_name | The name of the alternative upstream. | text | +| nginx.ingress_controller.upstream.ip | The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. | ip | +| nginx.ingress_controller.upstream.name | The name of the upstream. | text | +| nginx.ingress_controller.upstream.port | The port of the upstream server. | long | +| nginx.ingress_controller.upstream.response.length | The length of the response obtained from the upstream server | long | +| nginx.ingress_controller.upstream.response.status_code | The status code of the response obtained from the upstream server | long | +| nginx.ingress_controller.upstream.response.time | The time spent on receiving the response from the upstream server as seconds with millisecond resolution | double | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | keyword | +| user.name | Short name or login of the user. | keyword | +| user_agent.device.name | Name of the device. | keyword | +| user_agent.name | Name of the user agent. | keyword | +| user_agent.original | Unparsed user_agent string. | keyword | +| user_agent.os.name | Operating system name, without the version. | keyword | + + +## Metrics + +### Stub Status Metrics + +The Nginx stubstatus stream collects data from the Nginx `ngx_http_stub_status` module. It scrapes the server status +data from the web page generated by ngx_http_stub_status. + +This is a default stream. If the host datasource is unconfigured, this stream is enabled by default. + +An example event for nginx looks as following: + +```$json +{ + "@timestamp":"2020-04-28T11:07:58.223Z", + "service":{ + "type":"nginx", + "address":"127.0.0.1:8081" + }, + "nginx":{ + "stubstatus":{ + "waiting":0, + "hostname":"127.0.0.1:8081", + "dropped":0, + "writing":1, + "handled":7339, + "requests":7411, + "reading":0, + "accepts":7339, + "current":10, + "active":1 + } + }, + "stream":{ + "namespace":"default", + "type":"metrics", + "dataset":"nginx.stubstatus" + }, + "ecs":{ + "version":"1.5.0" + }, + "agent":{ + "type":"metricbeat", + "ephemeral_id":"8eb07b4f-df58-4794-8e00-60f1443f33b6", + "hostname":"MacBook-Elastic.local", + "id":"e47f6e4d-5277-46f3-801d-221c7584c604", + "version":"8.0.0" + }, + "event":{ + "module":"nginx", + "duration":1112095, + "dataset":"nginx.stubstatus" + }, + "metricset":{ + "period":10000, + "name":"stubstatus" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| nginx.stubstatus.accepts | The total number of accepted client connections. | long | +| nginx.stubstatus.active | The current number of active client connections including Waiting connections. | long | +| nginx.stubstatus.current | The current number of client requests. | long | +| nginx.stubstatus.dropped | The total number of dropped client connections. | long | +| nginx.stubstatus.handled | The total number of handled client connections. | long | +| nginx.stubstatus.hostname | Nginx hostname. | keyword | +| nginx.stubstatus.reading | The current number of connections where Nginx is reading the request header. | long | +| nginx.stubstatus.requests | The total number of client requests. | long | +| nginx.stubstatus.waiting | The current number of idle client connections waiting for a request. | long | +| nginx.stubstatus.writing | The current number of connections where Nginx is writing the response back to the client. | long | + diff --git a/dev/packages/beats/nginx/0.0.1/img/kibana-nginx.png b/dev/packages/beats/nginx/0.0.1/img/kibana-nginx.png new file mode 100644 index 00000000000..fa7b847b705 Binary files /dev/null and b/dev/packages/beats/nginx/0.0.1/img/kibana-nginx.png differ diff --git a/dev/packages/beats/nginx/0.0.1/img/logo_nginx.svg b/dev/packages/beats/nginx/0.0.1/img/logo_nginx.svg new file mode 100644 index 00000000000..49ac842a8e3 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/img/logo_nginx.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/dev/packages/beats/nginx/0.0.1/img/metricbeat-nginx.png b/dev/packages/beats/nginx/0.0.1/img/metricbeat-nginx.png new file mode 100644 index 00000000000..a1315ea1945 Binary files /dev/null and b/dev/packages/beats/nginx/0.0.1/img/metricbeat-nginx.png differ diff --git a/dev/packages/beats/nginx/0.0.1/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..6de9ddd7863 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "description": "Overview dashboard for the Nginx integration in Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Nginx] Overview ECS", + "version": 1 + }, + "id": "023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs", + "references": [ + { + "id": "555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..6335d98a95b --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "description": "Dashboard for the Logs Nginx integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "columns": [ + "log.level", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "11", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "11", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "url.original", + "http.request.method", + "http.response.status_code", + "http.response.body.bytes" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 28, + "i": "16", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "16", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "18", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "18", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "19", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "19", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Nginx] Access and error logs ECS", + "version": 1 + }, + "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs", + "references": [ + { + "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_0", + "type": "search" + }, + { + "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..06586154d73 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,204 @@ +{ + "attributes": { + "description": "Dashboard for the Logs Nginx integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 12, + "x": 36, + "y": 44 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 12, + "x": 24, + "y": 44 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapBounds": { + "bottom_right": { + "lat": -7.362466865535738, + "lon": 245.39062500000003 + }, + "top_left": { + "lat": 77.07878389624943, + "lon": -245.74218750000003 + } + }, + "mapCenter": [ + 50.51342652633956, + -0.17578125 + ], + "mapCollar": { + "bottom_right": { + "lat": -49.583095, + "lon": 180 + }, + "top_left": { + "lat": 90, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + }, + "gridData": { + "h": 16, + "i": "8", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "8", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "13", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "13", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "14", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "15", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "16", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "17", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "17", + "panelRefName": "panel_7", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Nginx] Overview ECS", + "version": 1 + }, + "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs", + "references": [ + { + "id": "Nginx-Access-Browsers-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Nginx-Access-OSes-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Nginx-Access-Map-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..5f581e1ea52 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,54 @@ +{ + "attributes": { + "columns": [ + "url.original", + "http.request.method", + "http.response.status_code", + "http.response.body.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller) AND url.original:*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Nginx access logs [Logs Nginx] ECS", + "version": 1 + }, + "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..7933f57e0ce --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "columns": [ + "log.level", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller) AND message:*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Nginx error logs [Logs Nginx] ECS", + "version": 1 + }, + "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/search/Filebeat-Nginx-module-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/search/Filebeat-Nginx-module-ecs.json new file mode 100644 index 00000000000..926e707bde5 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/search/Filebeat-Nginx-module-ecs.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "columns": [ + "url.original", + "http.request.method", + "http.response.status_code", + "http.request.referrer", + "http.response.body.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Nginx logs [Logs Nginx] ECS", + "version": 1 + }, + "id": "Logs-Nginx-integration-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..f4e017092ab --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Data Volume [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "stream.dataset:nginx.access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "http.response.body.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "lucene", + "query": "http.response.status_code:[200 TO 299]" + }, + "id": "7c343c20-a29e-11e7-a062-a1c3587f4874", + "label": "200s" + } + ], + "split_mode": "everything", + "stacked": "none", + "terms_field": null + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Data Volume [Logs Nginx] ECS", + "type": "metrics" + } + }, + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..e856f6b1e5f --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Access logs over time [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "icon": "fa-tag", + "id": "970b1420-a1f3-11e7-a062-a1c3587f4874", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "logs-*", + "time_field": "@timestamp" + } + ], + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3189aa80-a1f3-11e7-a062-a1c3587f4874" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:nginx.access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Access logs", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "1db649a0-a1f3-11e7-a062-a1c3587f4874" + } + ], + "split_mode": "everything", + "stacked": "none", + "terms_field": "url.original", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Access logs over time [Logs Nginx] ECS", + "type": "metrics" + } + }, + "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..d88de62aa00 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Errors over time [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "stream.dataset:nginx.error" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "log.level", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Errors over time [Logs Nginx] ECS", + "type": "metrics" + } + }, + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..deaeada41f3 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,54 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Active connections [Metrics Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.active", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Active connections [Metrics Nginx] ECS", + "type": "metrics" + } + }, + "id": "47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..4e9ae181f51 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Request Rate [Metrics Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Request rate", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.requests", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Request Rate [Metrics Nginx] ECS", + "type": "metrics" + } + }, + "id": "555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..6ea5e897e08 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Top pages [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "6252c320-a1f5-11e7-92ba-5d0b8663aece" + } + ], + "filter": { + "language": "lucene", + "query": "stream.dataset:nginx.access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "url.original", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "value_template": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top pages [Logs Nginx] ECS", + "type": "metrics" + } + }, + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..4c5f53cb41f --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)" + }, + "title": "Dashboards [Logs Nginx] ECS", + "type": "markdown" + } + }, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Browsers-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Browsers-ecs.json new file mode 100644 index 00000000000..eef77c4afb5 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Browsers-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Browsers breakdown [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Nginx Access Browsers ECS", + "type": "pie" + } + }, + "id": "Nginx-Access-Browsers-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Map-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Map-ecs.json new file mode 100644 index 00000000000..87d8350416f --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-Map-ecs.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Access Map [Logs Nginx] ECS", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Nginx Access Map ECS", + "type": "tile_map" + } + }, + "id": "Nginx-Access-Map-ecs", + "references": [ + { + "id": "Logs-Nginx-integration-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-OSes-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-OSes-ecs.json new file mode 100644 index 00000000000..c1c164b604b --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/Nginx-Access-OSes-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Operating systems breakdown [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.os.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Nginx Access OSes ECS", + "type": "pie" + } + }, + "id": "Nginx-Access-OSes-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..619af48b4ca --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Accepts and Handled Rate [Metrics Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "icon": "fa-tag", + "id": "8644f980-f1a3-11e7-95d0-8ddf041d42a2", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "time_field": "@timestamp" + } + ], + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.5", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Accepts rate", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.accepts", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.9", + "formatter": "number", + "id": "56dd33b0-f1a3-11e7-95d0-8ddf041d42a2", + "label": "Handled rate", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.handled", + "id": "56dd33b1-f1a3-11e7-95d0-8ddf041d42a2", + "type": "avg" + }, + { + "field": "56dd33b1-f1a3-11e7-95d0-8ddf041d42a2", + "id": "56dd33b2-f1a3-11e7-95d0-8ddf041d42a2", + "type": "derivative", + "unit": "" + } + ], + "point_size": "3", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Accepts and Handled Rate [Metrics Nginx] ECS", + "type": "metrics" + } + }, + "id": "a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json new file mode 100644 index 00000000000..2848c288799 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Response codes over time [Logs Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "stream.dataset:nginx.access" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "lucene", + "query": "http.response.status_code:[200 TO 299]" + }, + "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", + "label": "200s" + }, + { + "color": "rgba(252,196,0,1)", + "filter": { + "language": "lucene", + "query": "http.response.status_code:[300 TO 399]" + }, + "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", + "label": "300s" + }, + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "http.response.status_code:[400 TO 499]" + }, + "id": "76089a90-a29d-11e7-a062-a1c3587f4874", + "label": "400s" + }, + { + "color": "rgba(171,20,158,1)", + "filter": { + "language": "lucene", + "query": "http.response.status_code:[500 TO 599]" + }, + "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", + "label": "500s" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "http.response.status_code", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Response codes over time [Logs Nginx] ECS", + "type": "metrics" + } + }, + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..c9d5f66cd10 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,61 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Drops Rate [Metrics Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(188,0,65,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Drops rate", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.dropped", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2", + "type": "derivative", + "unit": "" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Drops Rate [Metrics Nginx] ECS", + "type": "metrics" + } + }, + "id": "d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/beats/nginx/0.0.1/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json new file mode 100644 index 00000000000..0eb2e47a58d --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Reading / Writing / Waiting Rates [Metrics Nginx] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Reading", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.reading", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b1773680-f1a4-11e7-95d0-8ddf041d42a2", + "label": "Writing", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.writing", + "id": "b1773681-f1a4-11e7-95d0-8ddf041d42a2", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "b68aa6c0-f1a4-11e7-95d0-8ddf041d42a2", + "label": "Waiting", + "line_width": 1, + "metrics": [ + { + "field": "nginx.stubstatus.waiting", + "id": "b68aa6c1-f1a4-11e7-95d0-8ddf041d42a2", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Reading / Writing / Waiting Rates [Metrics Nginx] ECS", + "type": "metrics" + } + }, + "id": "dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/nginx/0.0.1/manifest.yml b/dev/packages/beats/nginx/0.0.1/manifest.yml new file mode 100644 index 00000000000..761d2a449b3 --- /dev/null +++ b/dev/packages/beats/nginx/0.0.1/manifest.yml @@ -0,0 +1,58 @@ +format_version: 1.0.0 +name: nginx +title: Nginx +version: 0.0.1 +license: basic +description: Nginx Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-nginx.png + title: kibana nginx + size: 1218x1266 + type: image/png +- src: /img/metricbeat-nginx.png + title: metricbeat nginx + size: 2560x2100 + type: image/png +icons: +- src: /img/logo_nginx.svg + title: logo nginx + size: 32x32 + type: image/svg+xml +datasources: +- name: nginx + title: Nginx logs and metrics + description: Collect logs and metrics from Nginx instances + inputs: + - type: logs + title: Collect logs from Nginx instances + description: Collecting Nginx access, error and ingress_controller logs + - type: nginx/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - http://127.0.0.1 + - name: server_status_path + type: text + title: Server Status Path + multi: false + required: true + show_user: true + default: nginx_status + title: Collect metrics from Nginx instances + description: Collecting Nginx stubstatus metrics diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/log.yml.hbs b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..bd9b05c6c5e --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/log.yml.hbs @@ -0,0 +1,26 @@ +paths: +{{#each paths}} + - {{this}} +{{/each}} +exclude_files: [".gz$"] +json.add_error_key: true +processors: + - rename: + fields: + - from: json + to: o365audit + - timestamp: + field: o365audit.CreationTime + layouts: + - 2006-01-02T15:04:05 + - script: + lang: javascript + id: o365audit_script + file: ${path.home}/module/o365/audit/config/pipeline.js + params: + debug: false + tenants: + {{#each tenants}} + - id: "{{id}}" + name: "{{name}}" + {{/each}} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/o365audit.yml.hbs b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/o365audit.yml.hbs new file mode 100644 index 00000000000..bf3662f931f --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/o365audit.yml.hbs @@ -0,0 +1,34 @@ +{{#if application_id}}application_id: {{application_id}}{{/if}} +tenant_id: +{{#each tenants}} + - {{id}} +{{/each}} +{{#if certificate}}certificate: {{certificate}}{{/if}} +{{#if key}}key: {{key}}{{/if}} +{{#if key_passphrase}}key_passphrase: {{key_passphrase}}{{/if}} +{{#if client_secret}}client_secret: {{client_secret}}{{/if}} +{{#if eq "string" (printf "%T" .content_type)}} +content_type: {{content_type}} +{{else}} +content_type: +{{#each content_type}} + - {{this}} +{{/each}} +{{/if}} +{{#if api}} +api: +{{#each api as |v k|}} + - {{k}}: {{v}}{{/each}} +{{/if}} +processors: + - script: + lang: javascript + id: o365audit_script + file: ${path.home}/module/o365/audit/config/pipeline.js + params: + debug: false + tenants: + {{#each tenants}} + - id: "{{id}}" + name: "{{name}}" + {{/each}} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/pipeline.js b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/pipeline.js new file mode 100644 index 00000000000..679330a494b --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/agent/stream/pipeline.js @@ -0,0 +1,852 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function appendFields(options) { + return function(evt) { + options.fields.forEach(function (key) { + var value = evt.Get(key); + if (value != null) evt.AppendTo(options.to, value); + }); + } +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets the `to` field by mapping of `from` field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + if (key == null && options.skip_missing) return; + if (options.lowercase && typeof key == "string") { + key = key.toLowerCase(); + } + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } else if (typeof value === "function") { + value = value(key); + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// Makes sure a name can be used as a field in the output document. +function validFieldName(s) { + return s.replace(/[\ \.]/g, '_') +} + +/* Turns a `common.NameValuePair` array into an object. Multiple-value fields + are stored as arrays. + input (a NameValuePair array): + from_field: [ + {Name: name1, Value: value1}, + {Name: name2, Value: value2}, + {Name: name2, Value: value2b}, + [...] + {Name: nameN, Value: valueN} + ] + + output (an object): + to_field: { + name1: value1, + name2: [value2, value2b], + [...] + nameN: valueN + } +*/ +function makeObjFromNameValuePairArray(options) { + return function(evt) { + var src = evt.Get(options.from); + var dict = {}; + if (src == null || !(src instanceof Array)) return; + for (var i=0; i < src.length; i++) { + var name, value; + if (src[i] == null + || (name=src[i].Name) == null + || (value=src[i].Value) == null) continue; + name = validFieldName(name); + if (name in dict) { + if (dict[name] instanceof Array) { + dict[name].push(value); + } else { + dict[name] = [value]; + } + } else { + dict[name] = value; + } + } + evt.Put(options.to, dict); + } +} + +/* Converts a Common.ModifiedProperty array into an object. + input: + from_field: [ + {Name: name1, OldValue: old1, NewValue: new1}, + {Name: name2, OldValue: old2, NewValue: new2}, + {Name: name2, OldValue: old2b, NewValue: new2b}, + [...] + {Name: nameN, OldValue: oldN, NewValue: newN}, + ], + + output: + to_field: { + name1: { OldValue: old1, NewValue: new1 }, + name2: { OldValue: [old2, old2b], NewValue: [new2, new2b] }, + [...] + nameN: { OldValue: oldN, NewValue: newN } + } + */ +function makeDictFromModifiedPropertyArray(options) { + return function(evt) { + var src = evt.Get(options.from); + var dict = {}; + if (src == null || !(src instanceof Array)) return; + for (var i=0; i < src.length; i++) { + var name, newValue, oldValue; + if (src[i] == null + || (name=src[i].Name) == null + || (newValue=src[i].NewValue) == null + || (oldValue=src[i].OldValue)) continue; + name = validFieldName(name); + if (name in dict) { + if (dict[name].NewValue instanceof Array) { + dict[name].NewValue.push(newValue); + dict[name].OldValue.push(oldValue); + } else { + dict[name].NewValue = [newValue]; + dict[name].OldValue = [oldValue]; + } + } else { + dict[name] = { + NewValue: newValue, + OldValue: oldValue, + }; + } + } + evt.Put(options.to, dict); + } +} + +function exchangeAdminSchema(debug) { + var builder = new PipelineBuilder("o365.audit.ExchangeAdmin", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.OrganizationName', to: 'organization.name'}, + {from: 'o365audit.OriginatingServer', to: 'server.address'}, + ], + ignore_missing: true, + fail_on_error: false + })); + return builder.Build(); +} + +function azureADLogonSchema(debug) { + var builder = new PipelineBuilder("o365.audit.AzureActiveDirectory", debug); + builder.Add("setEventAuthFields", function(evt){ + evt.Put("event.category", "authentication"); + var outcome = evt.Get("event.outcome"); + // As event.type is an array, this sets both the traditional + // "authentication_success"/"authentication_failure" + // and the ECS standard "start". + var types = ["start"]; + if (outcome != null && outcome !== "unknown") { + types.push("authentication_" + outcome); + } + evt.Put("event.type", types); + }); + return builder.Build(); +} + +function sharePointFileOperationSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.ObjectId', to: 'url.original'}, + {from: 'o365audit.SourceRelativeUrl', to: 'file.directory'}, + {from: 'o365audit.SourceFileName', to: 'file.name'}, + {from: 'o365audit.SourceFileExtension', to: 'file.extension'}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("setEventCategory", new processor.AddFields({ + target: 'event', + fields: { + category: 'file', + }, + })); + builder.Add("mapEventType", makeMapper({ + from: 'o365audit.Operation', + to: 'event.type', + mappings: { + 'FileAccessed': 'access', + 'FileDeleted': 'deletion', + 'FileDownloaded': 'access', + 'FileModified': 'change', + 'FileMoved': 'change', + 'FileRenamed': 'change', + 'FileRestored': 'change', + 'FileUploaded': 'creation', + 'FolderCopied': 'creation', + 'FolderCreated': 'creation', + 'FolderDeleted': 'deletion', + 'FolderModified': 'change', + 'FolderMoved': 'change', + 'FolderRenamed': 'change', + 'FolderRestored': 'change', + }, + })); + return builder.Build(); +} + +function exchangeMailboxSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.MailboxOwnerUPN', to: 'user.email'}, + {from: 'o365audit.LogonUserSid', to: 'user.id', type: 'string'}, + {from: 'o365audit.LogonUserDisplayName', to: 'user.full_name'}, + {from: 'o365audit.OrganizationName', to: 'organization.name'}, + {from: 'o365audit.OriginatingServer', to: 'server.address'}, + {from: 'o365audit.ClientIPAddress', to: 'client.address'}, + {from: 'o365audit.ClientProcessName', to: 'process.name'}, + ], + ignore_missing: true, + fail_on_error: false + })); + return builder.Build(); +} + +function dataLossPreventionSchema(debug) { + var builder = new PipelineBuilder("o365.audit.DLP", debug); + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'alert', + category: 'file', + type: 'access', + }, + })); + + builder.Add("saveFields", new processor.Convert({ + fields: [ + // SharePoint metadata + {from: 'o365audit.SharePointMetaData.From', to: 'user.id'}, + {from: 'o365audit.SharePointMetaData.FileName', to: 'file.name'}, + {from: 'o365audit.SharePointMetaData.FilePathUrl', to: 'url.original'}, + {from: 'o365audit.SharePointMetaData.UniqueId', to: 'file.inode'}, + {from: 'o365audit.SharePointMetaData.UniqueID', to: 'file.inode'}, + {from: 'o365audit.SharePointMetaData.FileOwner', to: 'file.owner'}, + + // Exchange metadata + {from: 'o365audit.ExchangeMetaData.From', to: 'source.user.email'}, + {from: 'o365audit.ExchangeMetaData.Subject', to: 'message'}, + + // Policy details + {from: 'o365audit.PolicyId', to: 'rule.id'}, + {from: 'o365audit.PolicyName', to: 'rule.name'}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setMTime", new processor.Timestamp({ + field: "o365audit.SharePointMetaData.LastModifiedTime", + target_field: "file.mtime", + layouts: [ + "2006-01-02T15:04:05", + "2006-01-02T15:04:05Z", + ], + ignore_missing: true, + ignore_failure: true, + })); + + builder.Add("appendDestinationEmails", function(evt) { + var list = []; + var fields = [ + 'o365audit.ExchangeMetaData.To', + 'o365audit.ExchangeMetaData.CC', + 'o365audit.ExchangeMetaData.BCC', + ]; + for (var i=0; i 1) { + evt.Put("destination.user.email", list); + } + }); + + // ExceptionInfo is documented as string but has been observed to be an object. + builder.Add("fixExceptionInfo", function(evt) { + var key = "o365audit.ExceptionInfo"; + var eInfo = evt.Get(key); + if (eInfo == null) return; + if (typeof eInfo === "string") { + if (eInfo === "") { + evt.Delete(key); + } else { + evt.Put(key, { + Reason: eInfo, + }); + } + } + }); + + builder.Add("extractRules", function(evt) { + var policies = evt.Get("o365audit.PolicyDetails"); + if (policies == null) return; + // rule.id will be an array of all rules' IDs. + var ruleIds = []; + // rule.name will be an array of all rules' names. + var ruleNames = []; + // event.severity will be the higher severity seen. + var maxSeverity = -1; + // event.outcome will determine if access to sensitive data was allowed. + // Either because the rules were configured to only alert or because + // the alert was overridden by the user. + var allowed = true; + for (var i = 0; i < policies.length; i++) { + var rules = policies[i].Rules; + if (rules == null) continue; + for (var j = 0; j < rules.length; j++) { + var rule = rules[j]; + var id = rule.RuleId; + var name = rule.RuleName; + var sev = severityToCode(rule.Severity); + if (id != null && name != null) { + ruleIds.push(id); + ruleNames.push(name); + } + if (sev > maxSeverity) maxSeverity = sev; + if (allowed) { + if (rule.Actions != null && rule.Actions.indexOf("BlockAccess") > -1) { + allowed = false; + } + } + } + } + if (ruleIds.length === 1) { + evt.Put("rule.id", ruleIds[0]); + evt.Put("rule.name", ruleNames[0]); + } else if (ruleIds.length > 0) { + evt.Put("rule.id", ruleIds); + evt.Put("rule.name", ruleNames); + } + if (maxSeverity > -1) { + evt.Put("event.severity", maxSeverity); + } + evt.Put("event.outcome", (allowed || isBlockOverride(evt))? "success" : "failure"); + }); + return builder.Build(); +} + +// Numeric mapping for o365 mgmt API severities. +function severityToCode(str) { + if (str == null) return -1; + switch (str.toLowerCase()) { + case 'informational': return 1; // undocumented severity. + case 'low': return 2; + case 'medium': return 3; + case 'high': return 4; + default: return -1; + } +} + +// Was a DLP alert overridden with an exception? +function isBlockOverride(evt) { + switch (evt.Get("o365audit.Operation").toLowerCase()) { + // Undo means the block was undone via change of policy or override. + case "dlpruleundo": return true; + // Info means it was detected as a false positive but no action taken. + case "dlpinfo": return false; + } + // It's not clear to me the format of ExceptionInfo. It could be an object + // or a string containing a JSON object. Assume that if present, an exception + // is made. + var exInfo = evt.Get('o365audit.ExceptionInfo'); + return exInfo != null && exInfo !== ""; +} + +function yammerSchema(debug) { + var builder = new PipelineBuilder("o365.audit.Yammer", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.ActorUserId', to: 'user.email'}, + {from: 'o365audit.ActorYammerUserId', to: 'user.id', type: 'string'}, + {from: 'o365audit.FileId', to:'file.inode'}, + {from: 'o365audit.FileName', to: 'file.name'}, + {from: 'o365audit.GroupName', to: 'group.name'}, + {from: 'o365audit.TargetUserId', to: 'destination.user.email'}, + {from: 'o365audit.TargetYammerUserId', to: 'destination.user.id'}, + ], + ignore_missing: true, + fail_on_error: false + })); + + var actionToCategoryType = { + // Network or verified admin changes the information that appears on + // member profiles for network users network. + ProcessProfileFields: [ "iam", "user"], + // Verified admin updates the Yammer network's security configuration. + // This includes setting password expiration policies and restrictions + // on IP addresses. + NetworkSecurityConfigurationUpdated: [ "iam", "admin"], + // User uploads a file. + FileCreated: [ "file", "creation"], + // User creates a group. + GroupCreation: [ "iam", ["group", "creation"] ], + // A group is deleted from Yammer. + GroupDeletion: [ "iam", ["group", "deletion"] ], + // User downloads a file. + FileDownloaded: [ "file", "access"], + // User shares a file with another user. + FileShared: [ "file", "access"], + // Network or verified admin suspends (deactivates) a user from Yammer. + NetworkUserSuspended: [ "iam", "user"], + // User account is suspended (deactivated). + UserSuspension: [ "iam", "user"], + // User changes the description of a file. + FileUpdateDescription: [ "file", "access"], + // User changes the name of a file. + FileUpdateName: [ "file", "creation"], + // User views a file. + FileVisited: [ "file", "access"], + }; + + builder.Add("setEventFields", function(evt) { + var action = evt.Get("event.action"); + if (action == null) return; + var fields = actionToCategoryType[action]; + if (fields == null) return; + evt.Put("event.category", fields[0]); + evt.Put("event.type", fields[1]); + }); + return builder.Build(); +} + +function securityComplianceAlertsSchema(debug) { + var builder = new PipelineBuilder("o365.audit.SecurityComplianceAlerts", debug); + builder.Add("saveFields", new processor.Convert({ + fields: [ + {from: 'o365audit.Comments', to: 'message'}, + {from: 'o365audit.Name', to: 'rule.name'}, + {from: 'o365audit.PolicyId', to: 'rule.id'}, + {from: 'o365audit.Category', to: 'rule.category'}, + {from: 'o365audit.EntityType', to: 'rule.ruleset'}, + // This contains the entity that triggered the alert. + // Name of a malware or email address. + // Need to find a better ECS field for it. + {from: 'o365audit.AlertEntityId', to: 'rule.description'}, + {from: 'o365audit.AlertLinks', to: 'rule.reference'}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'alert', + category: 'web', + type: 'info', + }, + })); + // event.severity is numeric. + builder.Add("mapSeverity", function(evt) { + var sev = severityToCode(evt.Get("o365audit.Severity")); + if (sev >= 0) { + evt.Put("event.severity", sev); + } + }); + builder.Add("mapCategory", makeMapper({ + from: 'o365audit.Category', + to: 'event.category', + default: 'authentication', + lowercase: true, + mappings: { + 'accessgovernance': 'authentication', + 'datagovernance': 'file', + 'datalossprevention': 'file', + 'threatmanagement': 'malware', + }, + })); + builder.Add("saveEntity", makeConditional({ + condition: function(evt) { + return evt.Get("o365audit.EntityType"); + }, + 'User': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.id", type: 'string'}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'Recipients': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.email"}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'Sender': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "user.email"}, + ], + ignore_missing: true, + fail_on_error: false + }), + 'MalwareFamily': new processor.Convert({ + fields: [ + {from: "o365audit.AlertEntityId", to: "threat.technique.id"}, + ], + ignore_missing: true, + fail_on_error: false + }), + })); + return builder.Build(); +} + +function AuditProcessor(tenant_names, debug) { + var builder = new PipelineBuilder("o365.audit", debug); + + var unsetIPValues = {"null": true, "": true, "": true}; + builder.Add("cleanupNulls", function(event) { + [ + "o365audit.ClientIP", + "o365audit.ClientIPAddress", + "o365audit.ActorIpAddress", + "o365audit.OriginatingServer" + ].forEach(function(field) { + if (event.Get(field) in unsetIPValues) event.Delete(field); + }); + }); + builder.Add("convertCommonAuditRecordFields", new processor.Convert({ + fields: [ + {from: "o365audit.Id", to: "event.id"}, + {from: "o365audit.ClientIP", to: "client.address"}, + {from: "o365audit.ClientIPAddress", to: "client.address"}, + {from: "o365audit.ActorIpAddress", to: "client.address"}, + {from: "o365audit.UserId", to: "user.id", type: "string"}, + {from: "o365audit.Workload", to: "event.provider"}, + {from: "o365audit.Operation", to: "event.action"}, + {from: "o365audit.OrganizationId", to: "organization.id"}, + // Extra common fields: + {from: "o365audit.UserAgent", to: "user_agent.original"}, + ], + ignore_missing: true, + fail_on_error: false + })); + builder.Add("mapEventType", makeMapper({ + from: 'o365audit.RecordType', + to: 'event.code', + // Keep original RecordType for unknown mappings. + default: function(recordType) { + return recordType; + }, + mappings: { + 1: 'ExchangeAdmin', // Events from the Exchange admin audit log. + 2: 'ExchangeItem', // Events from an Exchange mailbox audit log for actions that are performed on a single item, such as creating or receiving an email message. + 3: 'ExchangeItemGroup', // Events from an Exchange mailbox audit log for actions that can be performed on multiple items, such as moving or deleted one or more email messages. + 4: 'SharePoint', // SharePoint events. + 6: 'SharePointFileOperation', // SharePoint file operation events. + 8: 'AzureActiveDirectory', // Azure Active Directory events. + 9: 'AzureActiveDirectoryAccountLogon', // Azure Active Directory OrgId logon events (deprecating). + 10: 'DataCenterSecurityCmdlet', // Data Center security cmdlet events. + 11: 'ComplianceDLPSharePoint', // Data loss protection (DLP) events in SharePoint and OneDrive for Business. + 12: 'Sway', // Events from the Sway service and clients. + 13: 'ComplianceDLPExchange', // Data loss protection (DLP) events in Exchange, when configured via Unified DLP Policy. DLP events based on Exchange Transport Rules are not supported. + 14: 'SharePointSharingOperation', // SharePoint sharing events. + 15: 'AzureActiveDirectoryStsLogon', // Secure Token Service (STS) logon events in Azure Active Directory. + 18: 'SecurityComplianceCenterEOPCmdlet', // Admin actions from the Security & Compliance Center. + 20: 'PowerBIAudit', // Power BI events. + 21: 'CRM', // Microsoft CRM events. + 22: 'Yammer', // Yammer events. + 23: 'SkypeForBusinessCmdlets', // Skype for Business events. + 24: 'Discovery', // Events for eDiscovery activities performed by running content searches and managing eDiscovery cases in the Security & Compliance Center. + 25: 'MicrosoftTeams', // Events from Microsoft Teams. + 28: 'ThreatIntelligence', // Phishing and malware events from Exchange Online Protection and Office 365 Advanced Threat Protection. + 30: 'MicrosoftFlow', // Microsoft Power Automate (formerly called Microsoft Flow) events. + 31: 'AeD', // Advanced eDiscovery events. + 32: 'MicrosoftStream', // Microsoft Stream events. + 33: 'ComplianceDLPSharePointClassification', // Events related to DLP classification in SharePoint. + 35: 'Project', // Microsoft Project events. + 36: 'SharePointListOperation', // SharePoint List events. + 38: 'DataGovernance', // Events related to retention policies and retention labels in the Security & Compliance Center + 40: 'SecurityComplianceAlerts', // Security and compliance alert signals. + 41: 'ThreatIntelligenceUrl', // Safe links time-of-block and block override events from Office 365 Advanced Threat Protection. + 42: 'SecurityComplianceInsights', // Events related to insights and reports in the Office 365 security and compliance center. + 44: 'WorkplaceAnalytics', // Workplace Analytics events. + 45: 'PowerAppsApp', // Power Apps events. + 47: 'ThreatIntelligenceAtpContent', // Phishing and malware events for files in SharePoint, OneDrive for Business, and Microsoft Teams from Office 365 Advanced Threat Protection. + 49: 'TeamsHealthcare', // Events related to the Patients application in Microsoft Teams for Healthcare. + 52: 'DataInsightsRestApiAudit', // Data Insights REST API events. + 54: 'SharePointListItemOperation', // SharePoint list item events. + 55: 'SharePointContentTypeOperation', // SharePoint list content type events. + 56: 'SharePointFieldOperation', // SharePoint list field events. + 64: 'AirInvestigation', // Automated incident response (AIR) events. + 66: 'MicrosoftForms', // Microsoft Forms events. + }, + })); + + builder.Add("setEventFields", new processor.AddFields({ + target: 'event', + fields: { + kind: 'event', + type: 'info', + // Not so sure about web as a default category: + category: 'web', + }, + })); + + builder.Add("mapEventOutcome", makeMapper({ + from: 'o365audit.ResultStatus', + to: 'event.outcome', + lowercase: true, + default: 'success', + mappings: { + 'success': 'success', // This one is necessary to map Success + 'succeeded': 'success', + 'partiallysucceeded': 'success', + 'true': 'success', + 'failed': 'failure', + 'false': 'failure', + }, + })); + + builder.Add("makeParametersDict", makeObjFromNameValuePairArray({ + from: 'o365audit.Parameters', + to: 'o365audit.Parameters', + })); + + builder.Add("makeExtendedPropertiesDict", makeObjFromNameValuePairArray({ + from: 'o365audit.ExtendedProperties', + to: 'o365audit.ExtendedProperties', + })); + + builder.Add("makeModifiedPropertyDict", makeDictFromModifiedPropertyArray({ + from: 'o365audit.ModifiedProperties', + to: 'o365audit.ModifiedProperties', + })); + + // Turn AlertLinks into an array of keyword instead of array of objects. + builder.Add("alertLinks", function (evt) { + var list = evt.Get("o365audit.AlertLinks"); + if (list == null || !(list instanceof Array)) return; + var links = []; + for (var i=0; i 0) { + links.push(link); + } + } + switch (links.length) { + case 0: + evt.Delete('o365audit.AlertLinks'); + break; + case 1: + evt.Put("o365audit.AlertLinks", links[0]); + break; + default: + evt.Put("o365audit.AlertLinks", links); + } + }); + + // Populate event specific fields. + var dlp = dataLossPreventionSchema(debug); + builder.Add("productSpecific", makeConditional({ + condition: function(event) { + return event.Get("event.code"); + }, + 'ExchangeAdmin': exchangeAdminSchema(debug).Run, + 'ExchangeItem': exchangeMailboxSchema(debug).Run, + 'AzureActiveDirectoryStsLogon': azureADLogonSchema(debug).Run, + 'SharePointFileOperation': sharePointFileOperationSchema(debug).Run, + 'SecurityComplianceAlerts': securityComplianceAlertsSchema(debug).Run, + 'ComplianceDLPSharePoint': dlp.Run, + 'ComplianceDLPExchange': dlp.Run, + 'Yammer': yammerSchema(debug).Run, + })); + + builder.Add("extractClientIPv4Port", new processor.Dissect({ + tokenizer: '%{ip}:%{port}', + field: 'client.address', + target_prefix: 'client', + 'when.and': [ + {'contains.client.address': '.'}, + {'contains.client.address': ':'}, + ], + })); + builder.Add("extractClientIPv6Port", new processor.Dissect({ + tokenizer: '[%{ip}]:%{port}', + field: 'client.address', + target_prefix: 'client', + 'when.and': [ + {'contains.client.address': '['}, + {'contains.client.address': ':'}, + ], + })); + + // Copy the client/server.address to .ip fields if they are valid IPs. + builder.Add("convertIPs", new processor.Convert({ + fields: [ + {from: "client.address", to: "client.ip", type: "ip"}, + {from: "server.address", to: "server.ip", type: "ip"}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setSrcDstFields", new processor.Convert({ + fields: [ + {from: "client.ip", to: "source.ip"}, + {from: "client.port", to: "source.port"}, + {from: "server.ip", to: "destination.ip"}, + ], + ignore_missing: true, + fail_on_error: false + })); + + builder.Add("setUserFieldsFromId", new processor.Dissect({ + tokenizer: "%{name}@%{domain}", + field: "user.id", + target_prefix: "user", + 'when.contains.user.id': '@', + })); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("client.ip"); + if (ip == null) return; + event.Put("network.type", ip.indexOf(".") !== -1? "ipv4" : "ipv6"); + }); + + builder.Add("setRelatedIP", appendFields({ + fields: [ + "client.ip", + "server.ip", + ], + to: 'related.ip' + })); + + builder.Add("setRelatedUser", appendFields({ + fields: [ + "user.name", + "file.owner", + ], + to: 'related.user' + })); + + // Set user-agent from an alternative location. + builder.Add("altUserAgent", function(evt) { + var ext = evt.Get("o365audit.ExtendedProperties.UserAgent"); + if (ext != null) evt.Put("user_agent.original", ext); + }); + + // Set host.name to the O365 tenant. This is necessary to aggregate events + // in SIEM app based on the tenant instead of the host where Filebeat is + // running. + builder.Add("setHostName", function(evt) { + var value; + if ((value=evt.Get("organization.id"))!=null) { + value = value.toLowerCase(); + evt.Put("host.id", value); + // Use tenant name provided in the configuration. + if (value in tenant_names && value !== "") { + evt.Put("organization.name", value); + evt.Put("host.name", tenant_names[value]); + return; + } + } + if ((value=evt.Get("organization.name"))!=null || + (value=evt.Get("user.domain")) != null ) { + evt.Put("host.name", value); + } + }); + + builder.Add("saveRaw", new processor.Convert({ + fields: [ + {from: "o365audit", to: "o365.audit"}, + ], + mode: "rename" + })); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + + +var audit; + +// Register params from configuration. +function register(params) { + var tenant_names = {}; + if (params.tenants != null) { + for (var i = 0; i < params.tenants.length; i++) { + tenant_names[params.tenants[i].id] = params.tenants[i].name.toLowerCase(); + } + } + audit = new AuditProcessor(tenant_names, params.debug); +} + +function process(evt) { + return audit.process(evt); +} diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/o365/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..27621928503 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,34 @@ +--- +description: Pipeline for Office 365 Audit logs + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/o365/0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 00000000000..2f81dd587b0 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,197 @@ +- name: o365.o365.audit + type: group + fields: + - name: Actor + type: array + fields: + - name: ID + type: keyword + - name: Type + type: keyword + - name: ActorContextId + type: keyword + - name: ActorIpAddress + type: keyword + - name: ActorUserId + type: keyword + - name: ActorYammerUserId + type: keyword + - name: AlertEntityId + type: keyword + - name: AlertId + type: keyword + - name: AlertLinks + type: array + - name: AlertType + type: keyword + - name: AppId + type: keyword + - name: ApplicationDisplayName + type: keyword + - name: ApplicationId + type: keyword + - name: AzureActiveDirectoryEventType + type: keyword + - name: ExchangeMetaData.* + type: object + - name: Category + type: keyword + - name: ClientAppId + type: keyword + - name: ClientInfoString + type: keyword + - name: ClientIP + type: keyword + - name: ClientIPAddress + type: keyword + - name: Comments + type: text + - name: CorrelationId + type: keyword + - name: CreationTime + type: keyword + - name: CustomUniqueId + type: keyword + - name: Data + type: keyword + - name: DataType + type: keyword + - name: EntityType + type: keyword + - name: EventData + type: keyword + - name: EventSource + type: keyword + - name: ExceptionInfo.* + type: object + - name: ExtendedProperties.* + type: object + - name: ExternalAccess + type: keyword + - name: GroupName + type: keyword + - name: Id + type: keyword + - name: ImplicitShare + type: keyword + - name: IncidentId + type: keyword + - name: InternalLogonType + type: keyword + - name: InterSystemsId + type: keyword + - name: IntraSystemId + type: keyword + - name: Item.* + type: object + - name: Item.*.* + type: object + - name: ItemName + type: keyword + - name: ItemType + type: keyword + - name: ListId + type: keyword + - name: ListItemUniqueId + type: keyword + - name: LogonError + type: keyword + - name: LogonType + type: keyword + - name: LogonUserSid + type: keyword + - name: MailboxGuid + type: keyword + - name: MailboxOwnerMasterAccountSid + type: keyword + - name: MailboxOwnerSid + type: keyword + - name: MailboxOwnerUPN + type: keyword + - name: Members + type: array + - name: Members.* + type: object + - name: ModifiedProperties.*.* + type: object + - name: Name + type: keyword + - name: ObjectId + type: keyword + - name: Operation + type: keyword + - name: OrganizationId + type: keyword + - name: OrganizationName + type: keyword + - name: OriginatingServer + type: keyword + - name: Parameters.* + type: object + - name: PolicyDetails + type: array + - name: PolicyId + type: keyword + - name: RecordType + type: keyword + - name: ResultStatus + type: keyword + - name: SensitiveInfoDetectionIsIncluded + type: keyword + - name: SharePointMetaData.* + type: object + - name: SessionId + type: keyword + - name: Severity + type: keyword + - name: Site + type: keyword + - name: SiteUrl + type: keyword + - name: Source + type: keyword + - name: SourceFileExtension + type: keyword + - name: SourceFileName + type: keyword + - name: SourceRelativeUrl + type: keyword + - name: Status + type: keyword + - name: SupportTicketId + type: keyword + - name: Target + type: array + fields: + - name: ID + type: keyword + - name: Type + type: keyword + - name: TargetContextId + type: keyword + - name: TargetUserOrGroupName + type: keyword + - name: TargetUserOrGroupType + type: keyword + - name: TeamName + type: keyword + - name: TeamGuid + type: keyword + - name: UniqueSharingId + type: keyword + - name: UserAgent + type: keyword + - name: UserId + type: keyword + - name: UserKey + type: keyword + - name: UserType + type: keyword + - name: Version + type: keyword + - name: WebId + type: keyword + - name: Workload + type: keyword + - name: YammerNetworkId + type: keyword diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/fields/package-fields.yml b/dev/packages/beats/o365/0.0.1/dataset/audit/fields/package-fields.yml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/fields/package-fields.yml @@ -0,0 +1 @@ +[] diff --git a/dev/packages/beats/o365/0.0.1/dataset/audit/manifest.yml b/dev/packages/beats/o365/0.0.1/dataset/audit/manifest.yml new file mode 100644 index 00000000000..bc006469d04 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/dataset/audit/manifest.yml @@ -0,0 +1,19 @@ +title: Office 365 audit logs +release: experimental +type: logs +streams: +- input: o365audit + template_path: o365audit.yml.hbs + title: Office 365 audit logs (o365audit) + description: Collect Office 365 audit logs using o365audit input +- input: logs + vars: + - name: tenants + type: text + title: Tenants + multi: false + required: false + show_user: true + template_path: log.yml.hbs + title: Office 365 audit logs (log) + description: Collect Office 365 audit logs using log input diff --git a/dev/packages/beats/o365/0.0.1/docs/README.md b/dev/packages/beats/o365/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/img/filebeat-o365-audit.png b/dev/packages/beats/o365/0.0.1/img/filebeat-o365-audit.png new file mode 100644 index 00000000000..a2413e7b909 Binary files /dev/null and b/dev/packages/beats/o365/0.0.1/img/filebeat-o365-audit.png differ diff --git a/dev/packages/beats/o365/0.0.1/img/filebeat-o365-azure-permissions.png b/dev/packages/beats/o365/0.0.1/img/filebeat-o365-azure-permissions.png new file mode 100644 index 00000000000..19a98e687ad Binary files /dev/null and b/dev/packages/beats/o365/0.0.1/img/filebeat-o365-azure-permissions.png differ diff --git a/dev/packages/beats/o365/0.0.1/kibana/dashboard/712e2c00-685d-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/dashboard/712e2c00-685d-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..c5350bc0437 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/dashboard/712e2c00-685d-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,186 @@ +{ + "attributes": { + "description": "Sample dashboard for Office 365 Management Activity events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Total audit events" + }, + "gridData": { + "h": 6, + "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "panelRefName": "panel_0", + "title": "Total audit events", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Event histogram by service" + }, + "gridData": { + "h": 14, + "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "panelRefName": "panel_1", + "title": "Event histogram by service", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "colors": { + "alert": "#EF843C", + "event": "#7EB26D" + }, + "legendOpen": true, + "title": "Events by type", + "vis": { + "colors": { + "alert": "#E24D42", + "event": "#7EB26D" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 8, + "i": "70ab7239-c65c-41da-8242-da61750745d7", + "w": 10, + "x": 0, + "y": 6 + }, + "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", + "panelRefName": "panel_2", + "title": "Events by type", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": false, + "title": "Top users by authentication failures", + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "gridData": { + "h": 17, + "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "w": 10, + "x": 0, + "y": 14 + }, + "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "panelRefName": "panel_3", + "title": "Top users by authentication failures", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 42.68781, + "lon": -48.94209, + "zoom": 1.88 + }, + "openTOCDetails": [], + "title": "Client geolocation map" + }, + "gridData": { + "h": 17, + "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "w": 38, + "x": 10, + "y": 14 + }, + "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "panelRefName": "panel_4", + "title": "Client geolocation map", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "title": "Data Loss Prevention alerts" + }, + "gridData": { + "h": 13, + "i": "481f1778-caad-4971-b598-bb61c94bf998", + "w": 48, + "x": 0, + "y": 31 + }, + "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", + "panelRefName": "panel_5", + "title": "Data Loss Prevention alerts", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Logs o365] Audit Dashboard ECS", + "version": 1 + }, + "id": "712e2c00-685d-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8b033510-685a-11ea-8d6a-292ef5d68366", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "897d0c70-6869-11ea-8d6a-292ef5d68366", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366", + "name": "panel_4", + "type": "map" + }, + { + "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366", + "name": "panel_5", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..f24ae4fcfe9 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,199 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -52.43037, + 65.94892 + ], + [ + -52.43037, + -22.98633 + ], + [ + 85.77811, + -22.98633 + ], + [ + 85.77811, + 65.94892 + ], + [ + -52.43037, + 65.94892 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "0b910b6c-77c8-4223-892a-1ebf69b0ccb4", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "acc53b7b-3411-406b-9371-6fa62b6b9365", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "geoField": "source.geo.location", + "id": "3ba31ffc-7051-44bf-96a0-a684020cd2a3", + "indexPatternRefName": "layer_1_source_index_pattern", + "requestType": "point", + "resolution": "FINE", + "type": "ES_GEO_GRID" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "Yellow to Red", + "colorCategory": "palette_0", + "field": { + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "type": "ORDINAL", + "useCustomColorRamp": false + }, + "type": "DYNAMIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "field": { + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "maxSize": 32, + "minSize": 8 + }, + "type": "DYNAMIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "field": { + "name": "doc_count", + "origin": "source" + } + }, + "type": "DYNAMIC" + }, + "lineColor": { + "options": { + "color": "#FFF" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 0 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 30.87292, + "lon": 16.67387 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "stream.dataset:\"o365.audit\" " + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" + }, + "zoom": 2.88 + }, + "title": "Client Geo Map [Logs o365 audit]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/search/8b8e5a10-6886-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/search/8b8e5a10-6886-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..69a8853ed81 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/search/8b8e5a10-6886-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,137 @@ +{ + "attributes": { + "columns": [ + "event.category", + "event.type", + "event.action", + "event.outcome", + "user.name", + "file.name", + "rule.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "o365.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "o365.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "alert" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "alert" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "ComplianceDLPSharePoint", + "ComplianceDLPExchange" + ], + "type": "phrases", + "value": "ComplianceDLPSharePoint, ComplianceDLPExchange" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "ComplianceDLPSharePoint" + } + }, + { + "match_phrase": { + "event.code": "ComplianceDLPExchange" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Data Loss Prevention [Logs o365]", + "version": 1 + }, + "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/search/fdc14020-6859-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/search/fdc14020-6859-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..227b9b1bfeb --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/search/fdc14020-6859-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:\"o365.audit\" " + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Audit Events [Logs O365]", + "version": 1 + }, + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/visualization/0be1adb0-6860-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/visualization/0be1adb0-6860-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..3938dfc8264 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/visualization/0be1adb0-6860-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Count [Logs o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Audit Event Count [Logs o365]", + "type": "metric" + } + }, + "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/visualization/897d0c70-6869-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/visualization/897d0c70-6869-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..84bbf9dd448 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/visualization/897d0c70-6869-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,246 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Authentication Failures [Logs o365]", + "uiStateJSON": { + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "row": true, + "size": 15 + }, + "schema": "split", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": false, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.outcome: Ascending", + "params": {} + } + ], + "splitRow": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "user.name: Descending", + "params": {} + } + ], + "x": null, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "orderBucketsBySum": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Authentication Failures [Logs o365]", + "type": "horizontal_bar" + } + }, + "id": "897d0c70-6869-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/visualization/8b033510-685a-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/visualization/8b033510-685a-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..ab3e8d58634 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/visualization/8b033510-685a-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,202 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Events Histogram [Logs o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.code: Descending", + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "label": "@timestamp per 12 hours", + "params": { + "bounds": { + "max": "2020-02-29T10:59:01.067Z", + "min": "2020-02-05T03:25:59.045Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H", + "intervalESUnit": "h", + "intervalESValue": 12 + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Events Histogram [Logs o365]", + "type": "histogram" + } + }, + "id": "8b033510-685a-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/kibana/visualization/d43c95a0-6864-11ea-8d6a-292ef5d68366.json b/dev/packages/beats/o365/0.0.1/kibana/visualization/d43c95a0-6864-11ea-8d6a-292ef5d68366.json new file mode 100644 index 00000000000..75c8df351ec --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/kibana/visualization/d43c95a0-6864-11ea-8d6a-292ef5d68366.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Type [Logs o365]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.kind", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Event Type [Logs o365]", + "type": "pie" + } + }, + "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366", + "references": [ + { + "id": "fdc14020-6859-11ea-8d6a-292ef5d68366", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/o365/0.0.1/manifest.yml b/dev/packages/beats/o365/0.0.1/manifest.yml new file mode 100644 index 00000000000..f7957d8d2b0 --- /dev/null +++ b/dev/packages/beats/o365/0.0.1/manifest.yml @@ -0,0 +1,33 @@ +format_version: 1.0.0 +name: o365 +title: Office 365 +version: 0.0.1 +license: basic +description: Office 365 Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.6.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-o365-azure-permissions.png + title: filebeat o365 azure permissions + size: 2660x1030 + type: image/png +- src: /img/filebeat-o365-audit.png + title: filebeat o365 audit + size: 1924x1409 + type: image/png +datasources: +- name: o365 + title: Office 365 logs + description: Collect logs from Office 365 instances + inputs: + - type: logs + title: Collect logs from Office 365 instances + description: Collecting Office 365 audit logs diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/httpjson.yml.hbs b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/httpjson.yml.hbs new file mode 100644 index 00000000000..e1f7daa3ff8 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/httpjson.yml.hbs @@ -0,0 +1,20 @@ +api_key: {{api_key}} +authentication_scheme: {{authentication_scheme}} +http_client_timeout: {{http_client_timeout}} +http_method: {{http_method}} +http_headers: {{http_headers}} +http_request_body: {{http_request_body}} +no_http_body: {{no_http_body}} +interval: {{interval}} +json_objects_array: {{json_objects_array}} +pagination: {{pagination}} +rate_limit: {{rate_limit}} +url: {{url}} +ssl: {{ssl}} +processors: + - script: + lang: javascript + id: okta_system_script + file: ${path.home}/module/okta/system/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/log.yml.hbs b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e06a8936d62 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/log.yml.hbs @@ -0,0 +1,12 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +processors: + - script: + lang: javascript + id: okta_system_script + file: ${path.home}/module/okta/system/config/pipeline.js + params: + keep_original_message: {{keep_original_message}} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/pipeline.js b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/pipeline.js new file mode 100644 index 00000000000..396650259c5 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/agent/stream/pipeline.js @@ -0,0 +1,206 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function OktaSystem(keep_original_message) { + var processor = require("processor"); + + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + var parseTimestamp = new processor.Timestamp({ + field: "json.published", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999Z"], + tests: ["2020-02-05T18:19:23.599Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropOriginalMessage = function(evt) { + evt.Delete("message"); + }; + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + category: ["authentication"], + kind: "event", + type: ["access"], + + }, + }); + + var convertFields = new processor.Convert({ + fields: [ + { from: "json.displayMessage", to: "okta.display_message" }, + { from: "json.eventType", to: "okta.event_type" }, + { from: "json.uuid", to: "okta.uuid" }, + { from: "json.actor.alternateId", to: "okta.actor.alternate_id" }, + { from: "json.actor.displayName", to: "okta.actor.display_name" }, + { from: "json.actor.id", to: "okta.actor.id" }, + { from: "json.actor.type", to: "okta.actor.type" }, + { from: "json.client.device", to: "okta.client.device" }, + { from: "json.client.geographicalContext.geolocation", to: "client.geo.location" }, + { from: "json.client.geographicalContext.city", to: "client.geo.city_name" }, + { from: "json.client.geographicalContext.state", to: "client.geo.region_name" }, + { from: "json.client.geographicalContext.country", to: "client.geo.country_name" }, + { from: "json.client.id", to: "okta.client.id" }, + { from: "json.client.ipAddress", to: "okta.client.ip" }, + { from: "json.client.userAgent.browser", to: "okta.client.user_agent.browser" }, + { from: "json.client.userAgent.os", to: "okta.client.user_agent.os" }, + { from: "json.client.userAgent.rawUserAgent", to: "okta.client.user_agent.raw_user_agent" }, + { from: "json.client.zone", to: "okta.client.zone" }, + { from: "json.outcome.reason", to: "okta.outcome.reason" }, + { from: "json.outcome.result", to: "okta.outcome.result" }, + { from: "json.target", to: "okta.target" }, + { from: "json.transaction.id", to: "okta.transaction.id" }, + { from: "json.transaction.type", to: "okta.transaction.type" }, + { from: "json.debugContext.debugData.deviceFingerprint", to: "okta.debug_context.debug_data.device_fingerprint" }, + { from: "json.debugContext.debugData.requestId", to: "okta.debug_context.debug_data.request_id" }, + { from: "json.debugContext.debugData.requestUri", to: "okta.debug_context.debug_data.request_uri" }, + { from: "json.debugContext.debugData.threatSuspected", to: "okta.debug_context.debug_data.threat_suspected" }, + { from: "json.debugContext.debugData.url", to: "okta.debug_context.debug_data.url" }, + { from: "json.authenticationContext.authenticationProvider", to: "okta.authentication_context.authentication_provider" }, + { from: "json.authenticationContext.authenticationStep", to: "okta.authentication_context.authentication_step" }, + { from: "json.authenticationContext.credentialProvider", to: "okta.authentication_context.credential_provider" }, + { from: "json.authenticationContext.credentialType", to: "okta.authentication_context.credential_type" }, + { from: "json.authenticationContext.externalSessionId", to: "okta.authentication_context.external_session_id" }, + { from: "json.authenticationContext.interface", to: "okta.authentication_context.authentication_provider" }, + { from: "json.authenticationContext.issuer", to: "okta.authentication_context.issuer" }, + { from: "json.securityContext.asNumber", to: "okta.security_context.as.number" }, + { from: "json.securityContext.asOrg", to: "okta.security_context.as.organization.name" }, + { from: "json.securityContext.domain", to: "okta.security_context.domain" }, + { from: "json.securityContext.isProxy", to: "okta.security_context.is_proxy" }, + { from: "json.securityContext.isp", to: "okta.security_context.isp" }, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false, + }); + + var copyFields = new processor.Convert({ + fields: [ + { from: "okta.client.user_agent.raw_user_agent", to: "user_agent.original" }, + { from: "okta.client.ip", to: "client.ip" }, + { from: "okta.client.ip", to: "source.ip" }, + { from: "okta.event_type", to: "event.action" }, + { from: "okta.security_context.as.number", to: "client.as.number" }, + { from: "okta.security_context.as.organization.name", to: "client.as.organization.name" }, + { from: "okta.security_context.domain", to: "client.domain" }, + { from: "okta.security_context.domain", to: "source.domain" }, + { from: "okta.uuid", to: "event.id" }, + { from: "okta.uuid", to: "_id" }, + ], + ignore_missing: true, + fail_on_error: false, + }); + + var setEventOutcome = function(evt) { + var outcome = evt.Get("okta.outcome.result") + if (outcome != null) { + var o = outcome.toLowerCase(); + if (o == "success" || o == "allow") { + evt.Put("event.outcome", "success"); + } else if (o == "failure" || o == "deny") { + evt.Put("event.outcome", "failure"); + } else { + evt.Put("event.outcome", "unknown"); + } + } + } + + // Update nested fields + var renameNestedFields = function(evt) { + var arr = evt.Get("okta.target"); + if (arr != null) { + for (var i = 0; i < arr.length; i++) { + arr[i].alternate_id = arr[i].alternateId; + arr[i].display_name = arr[i].displayName; + delete arr[i].alternateId; + delete arr[i].displayName; + delete arr[i].detailEntry; + } + } + }; + + // Set user info if actor type is User + var setUserInfo = function(evt) { + if (evt.Get("okta.actor.type") === "User") { + evt.Put("client.user.full_name", evt.Get("okta.actor.display_name")); + evt.Put("source.user.full_name", evt.Get("okta.actor.display_name")); + evt.Put("related.user", evt.Get("okta.actor.display_name")); + evt.Put("client.user.id", evt.Get("okta.actor.id")); + evt.Put("source.user.id", evt.Get("okta.actor.id")); + } + }; + + // Set related.ip field + var setRelatedIP = function(event) { + if (event.Get("source.ip") != null) { + event.AppendTo("related.ip", event.Get("source.ip")); + } + if (event.Get("destination.ip") != null) { + event.AppendTo("related.ip", event.Get("destination.ip")); + } + }; + + // Drop extra fields + var dropExtraFields = function(evt) { + evt.Delete("json"); + }; + + // Remove null fields + var dropNullFields = function(evt) { + function dropNull(obj) { + Object.keys(obj).forEach(function(key) { + (obj[key] && typeof obj[key] === 'object') && dropNull(obj[key]) || + (obj[key] === null) && delete obj[key] + }); + return obj; + }; + dropNull(evt); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropOriginalMessage) + .Add(categorizeEvent) + .Add(convertFields) + .Add(copyFields) + .Add(setEventOutcome) + .Add(renameNestedFields) + .Add(setUserInfo) + .Add(setRelatedIP) + .Add(dropExtraFields) + .Add(dropNullFields) + .Build(); + + return { + process: pipeline.Run, + }; +}; + +var oktaSystem; + +// Register params from configuration. +function register(params) { + oktaSystem = new OktaSystem(params.keep_original_message); +} + +function process(evt) { + return oktaSystem.process(evt); +} diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/okta/0.0.1/dataset/system/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..d4a7d9ef388 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for Okta system logs. + +processors: + - user_agent: + field: user_agent.original + ignore_missing: true + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: source.geo + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/fields/fields.yml b/dev/packages/beats/okta/0.0.1/dataset/system/fields/fields.yml new file mode 100644 index 00000000000..f37c5c87a18 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/fields/fields.yml @@ -0,0 +1,262 @@ +- name: okta.uuid + title: UUID + type: keyword + description: | + The unique identifier of the Okta LogEvent. +- name: okta.event_type + title: Event Type + type: keyword + description: | + The type of the LogEvent. +- name: okta.version + title: Version + type: keyword + description: | + The version of the LogEvent. +- name: okta.severity + title: Severity + type: keyword + description: | + The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. +- name: okta.display_message + title: Display Message + type: keyword + description: | + The display message of the LogEvent. +- name: okta.actor + title: Actor + type: group + fields: + - name: id + type: keyword + description: | + Identifier of the actor. + - name: type + type: keyword + description: | + Type of the actor. + - name: alternate_id + type: keyword + description: | + Alternate identifier of the actor. + - name: display_name + type: keyword + description: | + Display name of the actor. +- name: okta.client + title: Client + type: group + fields: + - name: ip + type: ip + description: | + The IP address of the client. + - name: user_agent + type: group + fields: + - name: raw_user_agent + type: keyword + description: | + The raw informaton of the user agent. + - name: os + type: keyword + description: | + The OS informaton. + - name: browser + type: keyword + description: | + The browser informaton of the client. + - name: zone + type: keyword + description: | + The zone information of the client. + - name: device + type: keyword + description: | + The information of the client device. + - name: id + type: keyword + description: | + The identifier of the client. +- name: okta.outcome + title: Outcome of the LogEvent. + type: group + fields: + - name: reason + type: keyword + description: | + The reason of the outcome. + - name: result + type: keyword + description: | + The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. +- name: okta.target + title: Target + type: array + description: | + The list of targets. + fields: + - name: id + type: keyword + description: | + Identifier of the actor. + - name: type + type: keyword + description: | + Type of the actor. + - name: alternate_id + type: keyword + description: | + Alternate identifier of the actor. + - name: display_name + type: keyword + description: | + Display name of the actor. +- name: okta.transaction + title: Transaction + type: group + fields: + - name: id + type: keyword + description: | + Identifier of the transaction. + - name: type + type: keyword + description: | + The type of transaction. Must be one of "WEB", "JOB". +- name: okta.debug_context + title: Debug Context + type: group + fields: + - name: debug_data + type: group + fields: + - name: device_fingerprint + type: keyword + description: | + The fingerprint of the device. + - name: request_id + type: keyword + description: | + The identifier of the request. + - name: request_uri + type: keyword + description: | + The request URI. + - name: threat_suspected + type: keyword + description: | + Threat suspected. + - name: url + type: keyword + description: | + The URL. +- name: okta.authentication_context + title: Authentication Context + type: group + fields: + - name: authentication_provider + type: keyword + description: | + The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. + - name: authentication_step + type: integer + description: | + The authentication step. + - name: credential_provider + type: keyword + description: | + The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. + - name: credential_type + type: keyword + description: | + The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. + - name: issuer + type: array + description: | + The information about the issuer. + fields: + - name: id + type: keyword + description: | + The identifier of the issuer. + - name: type + type: keyword + description: | + The type of the issuer. + - name: external_session_id + type: keyword + description: | + The session identifer of the external session if any. + - name: interface + type: keyword + description: | + The interface used. e.g., Outlook, Office365, wsTrust +- name: okta.security_context + title: Security Context + type: group + fields: + - name: as + type: group + fields: + - name: number + type: integer + description: | + The AS number. + - name: organization + type: group + fields: + - name: name + type: keyword + description: | + The organization name. + - name: isp + type: keyword + description: | + The Internet Service Provider. + - name: domain + type: keyword + description: | + The domain name. + - name: is_proxy + type: boolean + description: | + Whether it is a proxy or not. +- name: okta.request + title: Request + type: group + fields: + - name: ip_chain + type: group + fields: + - name: ip + type: ip + description: | + IP address. + - name: version + type: keyword + description: | + IP version. Must be one of V4, V6. + - name: source + type: keyword + description: | + Source information. + - name: geographical_context + type: group + fields: + - name: city + type: keyword + description: The city. + - name: state + type: keyword + description: The state. + - name: postal_code + type: keyword + description: The postal code. + - name: country + type: keyword + description: The country. + - name: geolocation + type: geo_point + description: | + Geolocation information. diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/fields/package-fields.yml b/dev/packages/beats/okta/0.0.1/dataset/system/fields/package-fields.yml new file mode 100644 index 00000000000..d09e98329ab --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: okta + type: group diff --git a/dev/packages/beats/okta/0.0.1/dataset/system/manifest.yml b/dev/packages/beats/okta/0.0.1/dataset/system/manifest.yml new file mode 100644 index 00000000000..c800711142d --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/dataset/system/manifest.yml @@ -0,0 +1,20 @@ +title: Okta system logs +release: experimental +type: logs +streams: +- input: httpjson + template_path: httpjson.yml.hbs + title: Okta system logs (httpjson) + description: Collect Okta system logs using httpjson input +- input: logs + vars: + - name: keep_original_message + type: bool + title: Keep Original Message + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Okta system logs (log) + description: Collect Okta system logs using log input diff --git a/dev/packages/beats/okta/0.0.1/docs/README.md b/dev/packages/beats/okta/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/img/filebeat-okta-dashboard.png b/dev/packages/beats/okta/0.0.1/img/filebeat-okta-dashboard.png new file mode 100644 index 00000000000..6a28b4363b0 Binary files /dev/null and b/dev/packages/beats/okta/0.0.1/img/filebeat-okta-dashboard.png differ diff --git a/dev/packages/beats/okta/0.0.1/kibana/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..8359c11679a --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "Logs Okta integration Kibana dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 26.54701, + "lon": -44.69098, + "zoom": 2.75 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 22, + "i": "8013824b-5a66-494c-acc5-3df8b7678879", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "w": 10, + "x": 0, + "y": 22 + }, + "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "w": 9, + "x": 10, + "y": 22 + }, + "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "w": 19, + "x": 29, + "y": 22 + }, + "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 11, + "i": "a25a43ed-3262-486c-a482-1fac52f26128", + "w": 10, + "x": 19, + "y": 22 + }, + "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "w": 48, + "x": 0, + "y": 33 + }, + "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Okta] Overview", + "version": 1 + }, + "id": "749203a0-67b1-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "281ca660-67b1-11ea-a76f-bf44814e437d", + "name": "panel_0", + "type": "map" + }, + { + "id": "545d6a00-67ae-11ea-a76f-bf44814e437d", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "7c6ec080-67c6-11ea-a76f-bf44814e437d", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cda883a0-67c6-11ea-a76f-bf44814e437d", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0a784b30-67c7-11ea-a76f-bf44814e437d", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "21028750-67ca-11ea-a76f-bf44814e437d", + "name": "panel_5", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/map/281ca660-67b1-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/map/281ca660-67b1-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..9eda1111da4 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/map/281ca660-67b1-11ea-a76f-bf44814e437d.json @@ -0,0 +1,206 @@ +{ + "attributes": { + "bounds": { + "coordinates": [ + [ + [ + -138.87786, + 64.23743 + ], + [ + -138.87786, + -28.21681 + ], + [ + 49.49591, + -28.21681 + ], + [ + 49.49591, + 64.23743 + ], + [ + -138.87786, + 64.23743 + ] + ] + ], + "type": "Polygon" + }, + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "6908e81b-1695-4445-aee4-8bc8c9f65600", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "dc52e707-92d7-4de7-becf-a3a8bfaa2c2d", + "label": "Okta ", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "stream.dataset : \"okta.system\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": false, + "geoField": "client.geo.location", + "id": "4b8bd321-4b90-4d97-83e0-2b12bf091f66", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 26.54701, + "lon": -44.69098 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "okta.system" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "timeFilters": { + "from": "now-15w", + "to": "now" + }, + "zoom": 2.75 + }, + "title": "Geolocation [Logs Okta]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "281ca660-67b1-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/search/21028750-67ca-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/search/21028750-67ca-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..be75686e465 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/search/21028750-67ca-11ea-a76f-bf44814e437d.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "okta.system" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.outcome", + "negate": false, + "params": { + "query": "FAILURE" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "FAILURE" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ], + [ + "event.created", + "desc" + ] + ], + "title": "Okta Failure Events", + "version": 1 + }, + "id": "21028750-67ca-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/visualization/0a784b30-67c7-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/visualization/0a784b30-67c7-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..b9f91f27a38 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/visualization/0a784b30-67c7-11ea-a76f-bf44814e437d.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Actor Types [Logs Okta]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.actor.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Actor Types [Logs Okta]", + "type": "pie" + } + }, + "id": "0a784b30-67c7-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/visualization/545d6a00-67ae-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/visualization/545d6a00-67ae-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..0154bb0ebb3 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/visualization/545d6a00-67ae-11ea-a76f-bf44814e437d.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event Outcome [Logs Okta]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Event Outcome [Logs Okta]", + "type": "pie" + } + }, + "id": "545d6a00-67ae-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/visualization/7c6ec080-67c6-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/visualization/7c6ec080-67c6-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..b6571281335 --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/visualization/7c6ec080-67c6-11ea-a76f-bf44814e437d.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Transaction Types [Logs Okta]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.transaction.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Transaction Types [Logs Okta]", + "type": "pie" + } + }, + "id": "7c6ec080-67c6-11ea-a76f-bf44814e437d", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/kibana/visualization/cda883a0-67c6-11ea-a76f-bf44814e437d.json b/dev/packages/beats/okta/0.0.1/kibana/visualization/cda883a0-67c6-11ea-a76f-bf44814e437d.json new file mode 100644 index 00000000000..4c127f8dd5a --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/kibana/visualization/cda883a0-67c6-11ea-a76f-bf44814e437d.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Time Series [Logs Okta]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "abd68650-67c6-11ea-8c7d-ed286611413e" + } + ], + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "stream.dataset : \"okta.system\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Time Series [Logs Okta]", + "type": "metrics" + } + }, + "id": "cda883a0-67c6-11ea-a76f-bf44814e437d", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/okta/0.0.1/manifest.yml b/dev/packages/beats/okta/0.0.1/manifest.yml new file mode 100644 index 00000000000..5f6a0dffc4c --- /dev/null +++ b/dev/packages/beats/okta/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: okta +title: Okta +version: 0.0.1 +license: basic +description: Okta Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-okta-dashboard.png + title: filebeat okta dashboard + size: 1024x662 + type: image/png +datasources: +- name: okta + title: Okta logs + description: Collect logs from Okta instances + inputs: + - type: logs + title: Collect logs from Okta instances + description: Collecting Okta system logs diff --git a/dev/packages/beats/openmetrics/0.0.1/dataset/collector/agent/stream/stream.yml.hbs b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b440eefdd26 --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["collector"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if metrics_filters.exclude}} +metrics_filters.exclude: {{metrics_filters.exclude}} +{{/if}} +{{#if metrics_filters.include}} +metrics_filters.include: {{metrics_filters.include}} +{{/if}} +{{#if metrics_path}} +metrics_path: {{metrics_path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/fields.yml b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/fields.yml new file mode 100644 index 00000000000..4f21a5d804e --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/fields.yml @@ -0,0 +1,3 @@ +- name: openmetrics. + type: keyword + release: beta diff --git a/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/package-fields.yml b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/package-fields.yml new file mode 100644 index 00000000000..ce9449cb226 --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: openmetrics + type: group + fields: + - name: labels.* + type: object + description: | + Prometheus metric labels + - name: metrics.* + type: object + description: | + Prometheus metric diff --git a/dev/packages/beats/openmetrics/0.0.1/dataset/collector/manifest.yml b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/manifest.yml new file mode 100644 index 00000000000..372a7142f17 --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/dataset/collector/manifest.yml @@ -0,0 +1,15 @@ +title: Openmetrics collector metrics +release: experimental +type: metrics +streams: +- input: openmetrics/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Openmetrics collector metrics + description: Collect Openmetrics collector metrics diff --git a/dev/packages/beats/openmetrics/0.0.1/docs/README.md b/dev/packages/beats/openmetrics/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/openmetrics/0.0.1/img/openmetrics.svg b/dev/packages/beats/openmetrics/0.0.1/img/openmetrics.svg new file mode 100644 index 00000000000..1a00be6ab30 --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/img/openmetrics.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/openmetrics/0.0.1/manifest.yml b/dev/packages/beats/openmetrics/0.0.1/manifest.yml new file mode 100644 index 00000000000..ad69b25f42a --- /dev/null +++ b/dev/packages/beats/openmetrics/0.0.1/manifest.yml @@ -0,0 +1,57 @@ +format_version: 1.0.0 +name: openmetrics +title: Openmetrics +version: 0.0.1 +license: basic +description: Openmetrics Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/openmetrics.svg + title: openmetrics + size: 64x64 + type: image/svg+xml +datasources: +- name: openmetrics + title: Openmetrics metrics + description: Collect metrics from Openmetrics instances + inputs: + - type: openmetrics/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:9090 + - name: metrics_filters.exclude + type: text + title: Metrics Filters Exclude + multi: true + required: true + show_user: true + default: [] + - name: metrics_filters.include + type: text + title: Metrics Filters Include + multi: true + required: true + show_user: true + default: [] + - name: metrics_path + type: text + title: Metrics Path + multi: false + required: true + show_user: true + default: /metrics + title: Collect metrics from Openmetrics instances + description: Collecting Openmetrics collector metrics diff --git a/dev/packages/beats/oracle/0.0.1/dataset/performance/agent/stream/stream.yml.hbs b/dev/packages/beats/oracle/0.0.1/dataset/performance/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..cbfefe3b029 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/performance/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["performance"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/fields.yml b/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/fields.yml new file mode 100644 index 00000000000..b5315a086f2 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/fields.yml @@ -0,0 +1,87 @@ +- name: oracle.performance + type: group + release: ga + fields: + - name: machine + type: keyword + description: Operating system machine name + - name: buffer_pool + type: keyword + description: Name of the buffer pool in the instance + - name: username + type: keyword + description: Oracle username + - name: io_reloads + type: double + description: Reloads / Pins ratio. A Reload is any PIN of an object that is not + the first PIN performed since the object handle was created, and which requires + loading the object from disk. Pins are the number of times a PIN was requested + for objects of this namespace + - name: lock_requests + type: long + description: Average of the ratio between 'gethits' and 'gets' being 'Gethits' + the number of times an object's handle was found in memory and 'gets' the number + of times a lock was requested for objects of this namespace. + - name: pin_requests + type: double + description: Average of all pinhits/pins ratios being 'PinHits' the number of + times all of the metadata pieces of the library object were found in memory + and 'pins' the number of times a PIN was requested for objects of this namespace + - name: cache + type: group + fields: + - name: buffer.hit.pct + type: double + description: The cache hit ratio of the specified buffer pool. + - name: physical_reads + type: long + description: Physical reads + - name: get + type: group + fields: + - name: consistent + type: long + description: Consistent gets statistic + - name: db_blocks + type: long + description: Database blocks gotten + - name: cursors + type: group + fields: + - name: avg + type: double + description: Average cursors opened by username and machine + - name: max + type: double + description: Max cursors opened by username and machine + - name: total + type: double + description: Total opened cursors by username and machine + - name: opened + type: group + fields: + - name: current + type: long + description: Total number of current open cursors + - name: total + type: long + description: Total number of cursors opened since the instance started + - name: parse + type: group + fields: + - name: real + type: long + description: 'Real number of parses that occurred: session cursor cache hits + - parse count (total)' + - name: total + type: long + description: Total number of parse calls (hard and soft). A soft parse is + a check on an object already in the shared pool, to verify that the permissions + on the underlying object have not changed. + - name: session.cache_hits + type: long + description: Number of hits in the session cursor cache. A hit means that the + SQL statement did not have to be reparsed. + - name: cache_hit.pct + type: double + description: Ratio of session cursor cache hits from total number of cursors diff --git a/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/package-fields.yml b/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/package-fields.yml new file mode 100644 index 00000000000..10a9da109f1 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/performance/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: oracle + type: group diff --git a/dev/packages/beats/oracle/0.0.1/dataset/performance/manifest.yml b/dev/packages/beats/oracle/0.0.1/dataset/performance/manifest.yml new file mode 100644 index 00000000000..a736a7b068f --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/performance/manifest.yml @@ -0,0 +1,15 @@ +title: Oracle performance metrics +release: experimental +type: metrics +streams: +- input: oracle/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Oracle performance metrics + description: Collect Oracle performance metrics diff --git a/dev/packages/beats/oracle/0.0.1/dataset/tablespace/agent/stream/stream.yml.hbs b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..959addb6f9f --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["tablespace"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/fields.yml b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/fields.yml new file mode 100644 index 00000000000..0399eba5435 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/fields.yml @@ -0,0 +1,55 @@ +- name: oracle.tablespace + type: group + release: ga + fields: + - name: name + type: keyword + description: Tablespace name + - name: data_file + type: group + fields: + - name: id + type: long + description: Tablespace unique identifier + - name: name + type: keyword + description: Filename of the data file + - name: size + type: group + fields: + - name: max.bytes + type: long + format: bytes + description: Maximum file size in bytes + - name: bytes + type: long + format: bytes + description: Size of the file in bytes + - name: free.bytes + type: long + format: bytes + description: | + The size of the file available for user data. The actual size of the file minus this value is used to store file related metadata. + - name: status + type: keyword + description: | + 'File status: AVAILABLE or INVALID (INVALID means that the file number is not in use, for example, a file in a tablespace that was dropped)' + - name: online_status + type: keyword + description: Last known online status of the data file. One of SYSOFF, SYSTEM, + OFFLINE, ONLINE or RECOVER. + - name: space + type: group + fields: + - name: free.bytes + type: long + format: bytes + description: Tablespace total free space available, in bytes. + - name: used.bytes + type: long + format: bytes + description: Tablespace used space, in bytes. + - name: total.bytes + type: long + format: bytes + description: Tablespace total size, in bytes. diff --git a/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/package-fields.yml b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/package-fields.yml new file mode 100644 index 00000000000..10a9da109f1 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: oracle + type: group diff --git a/dev/packages/beats/oracle/0.0.1/dataset/tablespace/manifest.yml b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/manifest.yml new file mode 100644 index 00000000000..57a2841a760 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/dataset/tablespace/manifest.yml @@ -0,0 +1,15 @@ +title: Oracle tablespace metrics +release: experimental +type: metrics +streams: +- input: oracle/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Oracle tablespace metrics + description: Collect Oracle tablespace metrics diff --git a/dev/packages/beats/oracle/0.0.1/docs/README.md b/dev/packages/beats/oracle/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/img/metricbeat-oracle-overview.png b/dev/packages/beats/oracle/0.0.1/img/metricbeat-oracle-overview.png new file mode 100644 index 00000000000..0cc76d07961 Binary files /dev/null and b/dev/packages/beats/oracle/0.0.1/img/metricbeat-oracle-overview.png differ diff --git a/dev/packages/beats/oracle/0.0.1/kibana/dashboard/3f018af0-ec08-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/dashboard/3f018af0-ec08-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..97e333a239f --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/dashboard/3f018af0-ec08-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,294 @@ +{ + "attributes": { + "description": "An overview of key metrics from all Metricsets in the Oracle database Metrics integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "1", + "w": 17, + "x": 18, + "y": 31 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Tablespace Total Size", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "2", + "w": 12, + "x": 28, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Ratio of used space in Tablespaces", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "3", + "w": 28, + "x": 20, + "y": 18 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Avg data file size by filename", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "5", + "w": 20, + "x": 0, + "y": 8 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "title": "Total Cursors by machine (Top 10)", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 8, + "x": 20, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "title": "Cache Buffer Hit Ratio gauge", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "9", + "w": 20, + "x": 0, + "y": 15 + }, + "panelIndex": "9", + "panelRefName": "panel_5", + "title": "Current opened cursors", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "10", + "w": 13, + "x": 35, + "y": 31 + }, + "panelIndex": "10", + "panelRefName": "panel_6", + "title": "Session cache hits", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "11", + "w": 20, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "panelRefName": "panel_7", + "title": "Average Cursors by machine (Top 10)", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "12", + "w": 18, + "x": 0, + "y": 31 + }, + "panelIndex": "12", + "panelRefName": "panel_8", + "title": "Max Cursors by machine (Top 10)", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "13", + "w": 20, + "x": 0, + "y": 23 + }, + "panelIndex": "13", + "panelRefName": "panel_9", + "title": "DB Blocks Gets by buffer pool (Top 10)", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "14", + "w": 30, + "x": 18, + "y": 39 + }, + "panelIndex": "14", + "panelRefName": "panel_10", + "title": "Consistent Gets by buffer pool (Top 10)", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "15", + "w": 18, + "x": 0, + "y": 39 + }, + "panelIndex": "15", + "panelRefName": "panel_11", + "title": "Total / Real parsed cursors", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "16", + "w": 28, + "x": 20, + "y": 8 + }, + "panelIndex": "16", + "panelRefName": "panel_12", + "title": "Lock/Pin requests and IO reloads ratios", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "17", + "panelRefName": "panel_13", + "title": "Cursors cache hit ratio gauge", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Metrics Oracle] Overview", + "version": 1 + }, + "id": "3f018af0-ec08-11e9-a4bb-7b5324058fcc", + "references": [ + { + "id": "05acae50-9bf0-11e9-a61b-f742ed613c57", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "981779d0-9bfc-11e9-a61b-f742ed613c57", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "c92efe60-9bef-11e9-a61b-f742ed613c57", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "62fb9430-ec0f-11e9-a4bb-7b5324058fcc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "ec2b2010-ec0d-11e9-a4bb-7b5324058fcc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "43369a60-ec0e-11e9-a4bb-7b5324058fcc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "234013d0-ec0e-11e9-a4bb-7b5324058fcc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "5a422660-ec0f-11e9-a4bb-7b5324058fcc", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "4f569650-ec0f-11e9-a4bb-7b5324058fcc", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "68ce1940-ec10-11e9-a4bb-7b5324058fcc", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "3ae419d0-ec10-11e9-a4bb-7b5324058fcc", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "c46de8c0-ec10-11e9-a4bb-7b5324058fcc", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "0b1da750-ec12-11e9-a4bb-7b5324058fcc", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "bc977600-ec12-11e9-a4bb-7b5324058fcc", + "name": "panel_13", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/dashboard/862e2c20-9bf0-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/dashboard/862e2c20-9bf0-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..2c7c669e824 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/dashboard/862e2c20-9bf0-11e9-a61b-f742ed613c57.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "Overview of Oracle Tablespaces", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 19, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Avg data file size by filename", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Tablespace Total Size", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 19, + "x": 19, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Maximum data file size", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Ratio of used space in Tablespaces", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Ratio of used space in data files", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Metrics Oracle] Tablespaces", + "version": 1 + }, + "id": "862e2c20-9bf0-11e9-a61b-f742ed613c57", + "references": [ + { + "id": "c92efe60-9bef-11e9-a61b-f742ed613c57", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "05acae50-9bf0-11e9-a61b-f742ed613c57", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "4c051a90-9bf0-11e9-a61b-f742ed613c57", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "981779d0-9bfc-11e9-a61b-f742ed613c57", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "072de430-9bfd-11e9-a61b-f742ed613c57", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/05acae50-9bf0-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/05acae50-9bf0-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..d116e37312c --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/05acae50-9bf0-11e9-a61b-f742ed613c57.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Tablespace Total Size [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Tablespace total size", + "line_width": 1, + "metrics": [ + { + "field": "oracle.tablespace.space.total.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.tablespace.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Tablespace Total Size [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "05acae50-9bf0-11e9-a61b-f742ed613c57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/072de430-9bfd-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/072de430-9bfd-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..5b9c177c252 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/072de430-9bfd-11e9-a61b-f742ed613c57.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Ratio of used space in data files [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "da9fa430-9bfc-11e9-baad-815beb8da1b5" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(204,204,204,1)", + "fill": 0.5, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Ratio of used space in data files", + "line_width": 1, + "metrics": [ + { + "field": "oracle.tablespace.data_file.size.max.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "oracle.tablespace.data_file.size.bytes", + "id": "c0f200a0-9bfc-11e9-baad-815beb8da1b5", + "type": "avg" + }, + { + "id": "c8289f00-9bfc-11e9-baad-815beb8da1b5", + "script": "params.used / params.max", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "c9a63e50-9bfc-11e9-baad-815beb8da1b5", + "name": "max" + }, + { + "field": "c0f200a0-9bfc-11e9-baad-815beb8da1b5", + "id": "cddc46e0-9bfc-11e9-baad-815beb8da1b5", + "name": "used" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.tablespace.data_file.name", + "terms_order_by": "c0f200a0-9bfc-11e9-baad-815beb8da1b5" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Ratio of used space in data files [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "072de430-9bfd-11e9-a61b-f742ed613c57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/0b1da750-ec12-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/0b1da750-ec12-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..dd4466ae403 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/0b1da750-ec12-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lock/Pin requests and IO reloads ratios [Metrics Oracle]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(247,251,255)", + "50 - 75": "rgb(107,174,214)", + "75 - 100": "rgb(8,48,107)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "IO Reloads", + "field": "oracle.performance.io_reloads" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Lock requests", + "field": "oracle.performance.lock_requests" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Pin requests", + "field": "oracle.performance.pin_requests" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "avg", + "format": { + "id": "number" + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "avg", + "format": { + "id": "number" + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "avg", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "gauge": { + "alignment": "automatic", + "backStyle": "Full", + "colorSchema": "Blues", + "colorsRange": [ + { + "from": 0, + "to": 0.5 + }, + { + "from": 0.5, + "to": 0.75 + }, + { + "from": 0.75, + "to": 1 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": true, + "scale": { + "color": "rgba(105,112,125,0.2)", + "labels": false, + "show": true + }, + "style": { + "bgColor": true, + "bgFill": "rgba(105,112,125,0.2)", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "title": "Lock/Pin requests and IO reloads ratios [Metrics Oracle]", + "type": "gauge" + } + }, + "id": "0b1da750-ec12-11e9-a4bb-7b5324058fcc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/234013d0-ec0e-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/234013d0-ec0e-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..0ecde246599 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/234013d0-ec0e-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Session cache hits [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(219,223,0,1)", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Session cache hits", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.session.cache_hits", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Session cache hits [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "234013d0-ec0e-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/3ae419d0-ec10-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/3ae419d0-ec10-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..2479f0c2459 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/3ae419d0-ec10-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Consistent Gets by buffer pool (Top 10) [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Consistent Gets", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cache.get.consistent", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "oracle.performance.buffer_pool" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Consistent Gets by buffer pool (Top 10) [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "3ae419d0-ec10-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/43369a60-ec0e-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/43369a60-ec0e-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..f62eb1abeeb --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/43369a60-ec0e-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Current opened cursors [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Current opened cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.opened.current", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Current opened cursors [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "43369a60-ec0e-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/4c051a90-9bf0-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/4c051a90-9bf0-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..7fd80520eb6 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/4c051a90-9bf0-11e9-a61b-f742ed613c57.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Maximum data file size [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Maximum data file size", + "line_width": 1, + "metrics": [ + { + "field": "oracle.tablespace.data_file.size.max.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.tablespace.data_file.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Maximum data file size [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "4c051a90-9bf0-11e9-a61b-f742ed613c57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/4f569650-ec0f-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/4f569650-ec0f-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..468bf6a840e --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/4f569650-ec0f-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Max Cursors by machine (Top 10) [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "number", + "id": "6e3a42c0-ec0e-11e9-bea4-bdae5d622976", + "label": "Top 10 Max cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.max", + "id": "6e3a42c1-ec0e-11e9-bea4-bdae5d622976", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.performance.machine" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Max Cursors by machine (Top 10) [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "4f569650-ec0f-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/5a422660-ec0f-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/5a422660-ec0f-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..9827aeee388 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/5a422660-ec0f-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Average Cursors by machine (Top 10) [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "15889d10-ec0f-11e9-bea4-bdae5d622976" + } + ], + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.performance.machine" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Average Cursors by machine (Top 10) [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "5a422660-ec0f-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/62fb9430-ec0f-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/62fb9430-ec0f-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..84645cf58a1 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/62fb9430-ec0f-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total Cursors by machine (Top 10) [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "78091830-ec0e-11e9-bea4-bdae5d622976", + "label": "Top 10 Total cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.total", + "id": "78091831-ec0e-11e9-bea4-bdae5d622976", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked_within_series", + "steps": 0, + "terms_field": "oracle.performance.machine" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Total Cursors by machine (Top 10) [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "62fb9430-ec0f-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/68ce1940-ec10-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/68ce1940-ec10-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..9112ca75022 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/68ce1940-ec10-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DB Blocks Gets by buffer pool (Top 10) [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "1547f520-ec10-11e9-bea4-bdae5d622976", + "label": "DB Blocks gets", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cache.get.db_blocks", + "id": "1547f521-ec10-11e9-bea4-bdae5d622976", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "oracle.performance.buffer_pool" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "DB Blocks Gets by buffer pool (Top 10) [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "68ce1940-ec10-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/981779d0-9bfc-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/981779d0-9bfc-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..7e47aaa9939 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/981779d0-9bfc-11e9-a61b-f742ed613c57.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Ratio of used space in Tablespaces [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "70de46f0-9bfc-11e9-baad-815beb8da1b5" + } + ], + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "oracle.tablespace.space.used.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "oracle.tablespace.space.total.bytes", + "id": "37c93d70-9bfc-11e9-baad-815beb8da1b5", + "type": "avg" + }, + { + "denominator": "2", + "field": "oracle.tablespace.space.total.bytes", + "id": "0d474830-9bfc-11e9-baad-815beb8da1b5", + "numerator": "1", + "script": "params.used / params.total", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "34e8d9d0-9bfc-11e9-baad-815beb8da1b5", + "name": "used" + }, + { + "field": "37c93d70-9bfc-11e9-baad-815beb8da1b5", + "id": "467fdf40-9bfc-11e9-baad-815beb8da1b5", + "name": "total" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "oracle.tablespace.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Ratio of used space in Tablespaces [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "981779d0-9bfc-11e9-a61b-f742ed613c57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/bc977600-ec12-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/bc977600-ec12-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..d4960a1eb7a --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/bc977600-ec12-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cursors cache hit ratio gauge [Metrics Oracle]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(0,104,55)", + "50 - 75": "rgb(255,255,190)", + "75 - 100": "rgb(165,0,38)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cursors cache hit ratio", + "field": "oracle.performance.cursors.cache_hit.pct" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "avg", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "gauge": { + "alignment": "automatic", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 0.5 + }, + { + "from": 0.5, + "to": 0.75 + }, + { + "from": 0.75, + "to": 1 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": false + }, + "orientation": "vertical", + "percentageMode": true, + "scale": { + "color": "rgba(105,112,125,0.2)", + "labels": false, + "show": true + }, + "style": { + "bgColor": true, + "bgFill": "rgba(105,112,125,0.2)", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "title": "Cursors cache hit ratio gauge [Metrics Oracle]", + "type": "gauge" + } + }, + "id": "bc977600-ec12-11e9-a4bb-7b5324058fcc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/c46de8c0-ec10-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/c46de8c0-ec10-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..fdd6a052cb6 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/c46de8c0-ec10-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total / Real parsed cursors [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Real parsed cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.parse.real", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "a1dae560-ec10-11e9-bea4-bdae5d622976", + "label": "Total parsed cursors", + "line_width": 1, + "metrics": [ + { + "field": "oracle.performance.cursors.parse.total", + "id": "a1dae561-ec10-11e9-bea4-bdae5d622976", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Total / Real parsed cursors [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "c46de8c0-ec10-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/c92efe60-9bef-11e9-a61b-f742ed613c57.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/c92efe60-9bef-11e9-a61b-f742ed613c57.json new file mode 100644 index 00000000000..a236e018a76 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/c92efe60-9bef-11e9-a61b-f742ed613c57.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Avg data file size by filename [Metrics Oracle]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Data file size by filename", + "line_width": 1, + "metrics": [ + { + "agg_with": "noop", + "field": "oracle.tablespace.data_file.size.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "order": "desc", + "size": 1, + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "oracle.tablespace.data_file.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Avg data file size by filename [Metrics Oracle]", + "type": "metrics" + } + }, + "id": "c92efe60-9bef-11e9-a61b-f742ed613c57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/kibana/visualization/ec2b2010-ec0d-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/oracle/0.0.1/kibana/visualization/ec2b2010-ec0d-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..a583f0ee0d0 --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/kibana/visualization/ec2b2010-ec0d-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,118 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cache Buffer Hit Ratio gauge [Metrics Oracle]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(165,0,38)", + "50 - 75": "rgb(255,255,190)", + "75 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cache Buffer Hit Ratio", + "field": "oracle.performance.cache.buffer.hit.pct" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "x": null, + "y": [ + { + "accessor": 0, + "aggType": "avg", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "gauge": { + "alignment": "automatic", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 0.5 + }, + { + "from": 0.5, + "to": 0.75 + }, + { + "from": 0.75, + "to": 1 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": true, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": true, + "scale": { + "color": "rgba(105,112,125,0.2)", + "labels": false, + "show": true + }, + "style": { + "bgColor": true, + "bgFill": "rgba(105,112,125,0.2)", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "title": "Cache Buffer Hit Ratio gauge [Metrics Oracle]", + "type": "gauge" + } + }, + "id": "ec2b2010-ec0d-11e9-a4bb-7b5324058fcc", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/oracle/0.0.1/manifest.yml b/dev/packages/beats/oracle/0.0.1/manifest.yml new file mode 100644 index 00000000000..f42700e94da --- /dev/null +++ b/dev/packages/beats/oracle/0.0.1/manifest.yml @@ -0,0 +1,37 @@ +format_version: 1.0.0 +name: oracle +title: Oracle +version: 0.0.1 +license: basic +description: Oracle Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-oracle-overview.png + title: metricbeat oracle overview + size: 3840x2160 + type: image/png +datasources: +- name: oracle + title: Oracle metrics + description: Collect metrics from Oracle instances + inputs: + - type: oracle/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - oracle://user:pass@localhost:1521/ORCLPDB1.localdomain?sysdba=1 + title: Collect metrics from Oracle instances + description: Collecting Oracle performance and tablespace metrics diff --git a/dev/packages/beats/osquery/0.0.1/dataset/result/agent/stream/log.yml.hbs b/dev/packages/beats/osquery/0.0.1/dataset/result/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..31a3bc90730 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/dataset/result/agent/stream/log.yml.hbs @@ -0,0 +1,7 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +json.overwrite_keys: true +json.add_error_key: true \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/dataset/result/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/osquery/0.0.1/dataset/result/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..c67fb71cef5 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/dataset/result/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,53 @@ +{ + "description": "Pipeline for parsing osquery result logs", + "processors": [ + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, { + "date": { + "field": "json.unixTime", + "target_field": "@timestamp", + "formats": ["UNIX"], + "ignore_failure": true + } + }, + + { + "script": { + "lang": "painless", + "source": "def dict = ['result': new HashMap()]; for (entry in ctx['json'].entrySet()) { dict['result'][entry.getKey()] = entry.getValue(); } ctx['osquery'] = dict; ctx.remove('json');" + } + }, + + { + "rename": { + "field": "osquery.result.hostIdentifier", + "target_field": "osquery.result.host_identifier", + "ignore_missing": true + } + }, + { + "rename": { + "field": "osquery.result.unixTime", + "target_field": "osquery.result.unix_time", + "ignore_missing": true + } + }, + { + "rename": { + "field": "osquery.result.calendarTime", + "target_field": "osquery.result.calendar_time", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/osquery/0.0.1/dataset/result/fields/fields.yml b/dev/packages/beats/osquery/0.0.1/dataset/result/fields/fields.yml new file mode 100644 index 00000000000..739eb7d48ef --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/dataset/result/fields/fields.yml @@ -0,0 +1,23 @@ +- name: osquery.result + type: group + fields: + - name: name + type: keyword + description: | + The name of the query that generated this event. + - name: action + type: keyword + description: | + For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot". + - name: host_identifier + type: keyword + description: | + The identifier for the host on which the osquery agent is running. Normally the hostname. + - name: unix_time + type: long + description: | + Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column. + - name: calendar_time + type: keyword + description: | + String representation of the collection time, as formatted by osquery. diff --git a/dev/packages/beats/osquery/0.0.1/dataset/result/fields/package-fields.yml b/dev/packages/beats/osquery/0.0.1/dataset/result/fields/package-fields.yml new file mode 100644 index 00000000000..9554d21d840 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/dataset/result/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: osquery + type: group diff --git a/dev/packages/beats/osquery/0.0.1/dataset/result/manifest.yml b/dev/packages/beats/osquery/0.0.1/dataset/result/manifest.yml new file mode 100644 index 00000000000..0bc63fd7e62 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/dataset/result/manifest.yml @@ -0,0 +1,25 @@ +title: Osquery result logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/osquery/osqueryd.results.log* + os: + darwin: + default: + - /var/log/osquery/osqueryd.results.log* + - /private/var/log/osquery/osqueryd.results.log* + windows: + default: + - C:/ProgramData/osquery/log/osqueryd.results.log* + template_path: log.yml.hbs + title: Osquery result logs (log) + description: Collect Osquery result logs using log input diff --git a/dev/packages/beats/osquery/0.0.1/docs/README.md b/dev/packages/beats/osquery/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/img/kibana-osquery-compatibility.png b/dev/packages/beats/osquery/0.0.1/img/kibana-osquery-compatibility.png new file mode 100644 index 00000000000..f26106dce56 Binary files /dev/null and b/dev/packages/beats/osquery/0.0.1/img/kibana-osquery-compatibility.png differ diff --git a/dev/packages/beats/osquery/0.0.1/img/logo_osquery.svg b/dev/packages/beats/osquery/0.0.1/img/logo_osquery.svg new file mode 100644 index 00000000000..cbcb76d38a1 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/img/logo_osquery.svg @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/dev/packages/beats/osquery/0.0.1/kibana/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..645cdaa7592 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "1", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "2", + "w": 28, + "x": 20, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 20, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 20, + "x": 0, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "gridData": { + "h": 1, + "i": "6", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "6.1.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Osquery] Compliance pack ECS", + "version": 1 + }, + "id": "69f5ae20-eb02-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs", + "name": "panel_0", + "type": "search" + }, + { + "id": "a9fd8bb0-eb01-11e7-8f04-51231daa5b05-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "3824b080-eb02-11e7-8f04-51231daa5b05-ecs", + "name": "panel_2", + "type": "search" + }, + { + "id": "1da1ed30-eb03-11e7-8f04-51231daa5b05-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "240f3630-eb05-11e7-8f04-51231daa5b05-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..528ddff22f8 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "gridData": { + "h": 2, + "i": "1", + "w": 4, + "x": 8, + "y": 1 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 2, + "i": "2", + "w": 4, + "x": 4, + "y": 1 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 2, + "i": "3", + "w": 4, + "x": 0, + "y": 1 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 1, + "i": "4", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 4, + "i": "5", + "w": 12, + "x": 0, + "y": 3 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "6.1.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Osquery] OSSEC rootkit pack ECS", + "version": 1 + }, + "id": "c0a7ce90-f4aa-11e7-8647-534bb4c21040-ecs", + "references": [ + { + "id": "6ec10290-f4aa-11e7-8647-534bb4c21040-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ffdbba50-f4a9-11e7-8647-534bb4c21040-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "ab587180-f4a9-11e7-8647-534bb4c21040-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs", + "name": "panel_4", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/search/0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/search/0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..c7ace329662 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/search/0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "columns": [ + "osquery.result.name", + "osquery.result.columns.path", + "agent.hostname" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"osquery.result.name\":\"pack_ossec-rootkit\"}}" + }, + "query": { + "prefix": { + "osquery.result.name": "pack_ossec-rootkit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"osquery.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "osquery." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "result", + "type": "phrase" + }, + "type": "phrase", + "value": "result" + }, + "query": { + "match": { + "fileset.name": { + "query": "result", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "OSSEC Rootkits [Logs Osquery] ECS", + "version": 1 + }, + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/search/3824b080-eb02-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/search/3824b080-eb02-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..54cc89cea61 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/search/3824b080-eb02-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "columns": [ + "osquery.result.columns.name", + "osquery.result.columns.version", + "osquery.result.columns.revision" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_deb_packages", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_deb_packages" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_deb_packages", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "DEB packages installed [Logs Osquery] ECS", + "version": 1 + }, + "id": "3824b080-eb02-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/search/7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/search/7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..58022a753ad --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/search/7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "columns": [ + "osquery.result.columns.path", + "osquery.result.columns.type", + "osquery.result.columns.flags" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_mounts", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_mounts" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_mounts", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Mounts [Logs Osquery] ECS", + "version": 1 + }, + "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/search/b5d6baa0-eb02-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/search/b5d6baa0-eb02-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..009efd3a48f --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/search/b5d6baa0-eb02-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "columns": [ + "osquery.result.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_os_version", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_os_version" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_os_version", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "OS versions [Logs Osquery] ECS", + "version": 1 + }, + "id": "b5d6baa0-eb02-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/search/f59e21e0-eb03-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/search/f59e21e0-eb03-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..2e9e5334c86 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/search/f59e21e0-eb03-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "columns": [ + "osquery.result.name", + "osquery.result.columns.name", + "osquery.result.columns.status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_kernel_integrations", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_kernel_integrations" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_kernel_integrations", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Kernel integrations [Logs Osquery] ECS", + "version": 1 + }, + "id": "f59e21e0-eb03-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/1da1ed30-eb03-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/1da1ed30-eb03-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..f26cea86c0c --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/1da1ed30-eb03-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "OS versions [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "osquery.result.host_identifier" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "osquery.result.columns.platform_like", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "OS versions [Logs Osquery] ECS", + "type": "pie" + } + }, + "id": "1da1ed30-eb03-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "b5d6baa0-eb02-11e7-8f04-51231daa5b05-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/240f3630-eb05-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/240f3630-eb05-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..b7b6edb9b8d --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/240f3630-eb05-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,127 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.columns.status", + "negate": false, + "params": { + "query": "Live", + "type": "phrase" + }, + "type": "phrase", + "value": "Live" + }, + "query": { + "match": { + "osquery.result.columns.status": { + "query": "Live", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Number of Kernel integrations [Logs Osquery] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Live Kernel integrations", + "field": "osquery.result.columns.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true + }, + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "title": "Number of Kernel integrations [Logs Osquery] ECS", + "type": "gauge" + } + }, + "id": "240f3630-eb05-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "f59e21e0-eb03-11e7-8f04-51231daa5b05-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..6d288d19c07 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "[Compilance](#/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05-ecs) | [OSSEC Rootkit](#/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040-ecs)" + }, + "title": "Navigation [Logs Osquery] ECS", + "type": "markdown" + } + }, + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/6ec10290-f4aa-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/6ec10290-f4aa-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..4f50a6bb764 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/6ec10290-f4aa-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Info OSSEC rootkit [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." + }, + "title": "Info OSSEC rootkit [Logs Osquery] ECS", + "type": "markdown" + } + }, + "id": "6ec10290-f4aa-11e7-8647-534bb4c21040-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/a9fd8bb0-eb01-11e7-8f04-51231daa5b05-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/a9fd8bb0-eb01-11e7-8f04-51231daa5b05-ecs.json new file mode 100644 index 00000000000..4f8d9c55cd7 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/a9fd8bb0-eb01-11e7-8f04-51231daa5b05-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Mounts by type [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.path", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Mounts by type [Logs Osquery] ECS", + "type": "pie" + } + }, + "id": "a9fd8bb0-eb01-11e7-8f04-51231daa5b05-ecs", + "references": [ + { + "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/ab587180-f4a9-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/ab587180-f4a9-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..848f1a8faff --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/ab587180-f4a9-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Number of hosts infected [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "agent.hostname" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of hosts infected [Logs Osquery] ECS", + "type": "metric" + } + }, + "id": "ab587180-f4a9-11e7-8647-534bb4c21040-ecs", + "references": [ + { + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/kibana/visualization/ffdbba50-f4a9-11e7-8647-534bb4c21040-ecs.json b/dev/packages/beats/osquery/0.0.1/kibana/visualization/ffdbba50-f4a9-11e7-8647-534bb4c21040-ecs.json new file mode 100644 index 00000000000..b149ed0cab8 --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/kibana/visualization/ffdbba50-f4a9-11e7-8647-534bb4c21040-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Number of rootkits found [Logs Osquery] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Rootkits", + "field": "osquery.result.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of rootkits found [Logs Osquery] ECS", + "type": "metric" + } + }, + "id": "ffdbba50-f4a9-11e7-8647-534bb4c21040-ecs", + "references": [ + { + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/osquery/0.0.1/manifest.yml b/dev/packages/beats/osquery/0.0.1/manifest.yml new file mode 100644 index 00000000000..28f1d1cdecc --- /dev/null +++ b/dev/packages/beats/osquery/0.0.1/manifest.yml @@ -0,0 +1,34 @@ +format_version: 1.0.0 +name: osquery +title: Osquery +version: 0.0.1 +license: basic +description: Osquery Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-osquery-compatibility.png + title: kibana osquery compatibility + size: 2560x2204 + type: image/png +icons: +- src: /img/logo_osquery.svg + title: logo osquery + size: 32x32 + type: image/svg+xml +datasources: +- name: osquery + title: Osquery logs + description: Collect logs from Osquery instances + inputs: + - type: logs + title: Collect logs from Osquery instances + description: Collecting Osquery result logs diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/log.yml.hbs b/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..4b8d78d4027 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/log.yml.hbs @@ -0,0 +1,147 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - add_locale: ~ + - decode_csv_fields: + fields: + message: csv + - extract_array: + field: csv + overwrite_keys: true + mappings: + event.created: 1 + observer.serial_number: 2 + _temp_.message_type: 3 + _temp_.message_subtype: 4 + _temp_.generated_time: 6 + - extract_array: + when: + equals: + _temp_.message_type: TRAFFIC + field: csv + overwrite_keys: true + omit_empty: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + network.bytes: 31 + client.bytes: 32 + destination.bytes: 32 + server.bytes: 33 + source.bytes: 33 + network.packets: 34 + event.start: 35 + event.duration: 36 + panw.panos.url.category: 37 + panw.panos.sequence_number: 39 + server.packets: 44 + destination.packets: 44 + client.packets: 45 + source.packets: 45 + observer.hostname: 52 + - extract_array: + when: + equals: + _temp_.message_type: THREAT + field: csv + omit_empty: true + overwrite_keys: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + panw.panos.threat.resource: 31 + url.original: 31 + panw.panos.threat.name: 32 + panw.panos.url.category: 33 + log.level: 34 + _temp_.direction: 35 + _temp_.srcloc: 38 + _temp_.dstloc: 39 + panw.panos.network.pcap_id: 42 + panw.panos.file.hash: 43 + user_agent.original: 46 + file.type: 47 + network.forwarded_ip: 48 + http.request.referer: 49 + source.user.email: 50 + panw.panos.subject: 51 + destination.user.email: 52 + observer.hostname: 59 + - drop_fields: + fields: + - csv + - community_id: ~ + - community_id: + target: panw.panos.network.nat.community_id + fields: + source_ip: source.nat.ip + source_port: source.nat.port + destination_ip: destination.nat.ip + destination_port: destination.nat.port + # Copy NAT data from ECS fields to the original non-ECS fields to retain + # backward compatibility. This should be removed for 8.0. + - convert: + ignore_missing: true + fields: + - {from: source.nat.ip, to: panw.panos.source.nat.ip, type: ip} + - {from: destination.nat.ip, to: panw.panos.destination.nat.ip, type: ip} + - {from: source.nat.port, to: panw.panos.source.nat.port, type: long} + - {from: destination.nat.port, to: panw.panos.destination.nat.port, type: long} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/syslog.yml.hbs b/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/syslog.yml.hbs new file mode 100644 index 00000000000..7e1144cd133 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/agent/stream/syslog.yml.hbs @@ -0,0 +1,144 @@ +protocol.udp: + host: "{{syslog_host}}:{{syslog_port}}" +tags: {{tags}} +processors: + - add_locale: ~ + - decode_csv_fields: + fields: + message: csv + - extract_array: + field: csv + overwrite_keys: true + mappings: + event.created: 1 + observer.serial_number: 2 + _temp_.message_type: 3 + _temp_.message_subtype: 4 + _temp_.generated_time: 6 + - extract_array: + when: + equals: + _temp_.message_type: TRAFFIC + field: csv + overwrite_keys: true + omit_empty: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + network.bytes: 31 + client.bytes: 32 + destination.bytes: 32 + server.bytes: 33 + source.bytes: 33 + network.packets: 34 + event.start: 35 + event.duration: 36 + panw.panos.url.category: 37 + panw.panos.sequence_number: 39 + server.packets: 44 + destination.packets: 44 + client.packets: 45 + source.packets: 45 + observer.hostname: 52 + - extract_array: + when: + equals: + _temp_.message_type: THREAT + field: csv + omit_empty: true + overwrite_keys: true + fail_on_error: false + mappings: + client.ip: 7 + source.ip: 7 + source.address: 7 + server.ip: 8 + destination.ip: 8 + destination.address: 8 + source.nat.ip: 9 + destination.nat.ip: 10 + panw.panos.ruleset: 11 + client.user.name: 12 + source.user.name: 12 + server.user.name: 13 + destination.user.name: 13 + network.application: 14 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 + client.port: 24 + source.port: 24 + destination.port: 25 + server.port: 25 + source.nat.port: 26 + destination.nat.port: 27 + _temp_.labels: 28 + network.transport: 29 + panw.panos.action: 30 + panw.panos.threat.resource: 31 + url.original: 31 + panw.panos.threat.name: 32 + panw.panos.url.category: 33 + log.level: 34 + _temp_.direction: 35 + _temp_.srcloc: 38 + _temp_.dstloc: 39 + panw.panos.network.pcap_id: 42 + panw.panos.file.hash: 43 + user_agent.original: 46 + file.type: 47 + network.forwarded_ip: 48 + http.request.referer: 49 + source.user.email: 50 + panw.panos.subject: 51 + destination.user.email: 52 + observer.hostname: 59 + - drop_fields: + fields: + - csv + - community_id: ~ + - community_id: + target: panw.panos.network.nat.community_id + fields: + source_ip: source.nat.ip + source_port: source.nat.port + destination_ip: destination.nat.ip + destination_port: destination.nat.port + # Copy NAT data from ECS fields to the original non-ECS fields to retain + # backward compatibility. This should be removed for 8.0. + - convert: + ignore_missing: true + fields: + - {from: source.nat.ip, to: panw.panos.source.nat.ip, type: ip} + - {from: destination.nat.ip, to: panw.panos.destination.nat.ip, type: ip} + - {from: source.nat.port, to: panw.panos.source.nat.port, type: long} + - {from: destination.nat.port, to: panw.panos.destination.nat.port, type: long} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/panw/0.0.1/dataset/panos/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..f6f5e2661ed --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,486 @@ +--- +description: "Pipeline for Palo Alto Networks PAN-OS Logs" +processors: + +# keep message as log.original. + - rename: + field: message + target_field: log.original + +# Set @timestamp to the time when the entry was generated at the data plane. + - date: + if: "ctx.event.timezone == null" + field: "_temp_.generated_time" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null" + field: "_temp_.generated_time" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# event.created is the time the event was received at the management plane. + - date: + if: "ctx.event.timezone == null && ctx.event.created != null " + field: "event.created" + target_field: "event.created" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null && ctx.event.created != null " + field: "event.created" + target_field: "event.created" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# event.start (traffic only) is the time the session started. + - date: + if: "ctx.event.timezone == null && ctx.event.start != null" + field: "event.start" + target_field: "event.start" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + - date: + if: "ctx.event.timezone != null && ctx.event.start != null" + field: "event.start" + target_field: "event.start" + timezone: "{{ event.timezone }}" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + +# convert integer fields as the output of the CSV processor is always a string. + - convert: { type: long, ignore_missing: true, field: client.bytes } + - convert: { type: long, ignore_missing: true, field: client.packets } + - convert: { type: long, ignore_missing: true, field: client.port } + - convert: { type: long, ignore_missing: true, field: server.bytes } + - convert: { type: long, ignore_missing: true, field: server.packets } + - convert: { type: long, ignore_missing: true, field: server.port } + - convert: { type: long, ignore_missing: true, field: source.bytes } + - convert: { type: long, ignore_missing: true, field: source.packets } + - convert: { type: long, ignore_missing: true, field: source.port } + - convert: { type: long, ignore_missing: true, field: destination.bytes } + - convert: { type: long, ignore_missing: true, field: destination.packets } + - convert: { type: long, ignore_missing: true, field: destination.port } + - convert: { type: long, ignore_missing: true, field: network.bytes } + - convert: { type: long, ignore_missing: true, field: network.packets } + - convert: { type: long, ignore_missing: true, field: event.duration } + - convert: { type: long, ignore_missing: true, field: _temp_.labels } + - convert: { type: long, ignore_missing: true, field: panw.panos.sequence_number } + - convert: { type: long, ignore_missing: true, field: source.nat.port } + - convert: { type: long, ignore_missing: true, field: destination.nat.port } + +# Remove PCAP ID when zero (no packet capture). + - remove: + if: 'ctx?.panw?.panos?.network?.pcap_id == "0"' + field: + - panw.panos.network.pcap_id + +# Extract 'flags' bitfield into labels. + - script: + lang: painless + if: 'ctx?._temp_?.labels != null && ctx._temp_.labels != 0' + params: + pcap_included: 0x80000000 + ipv6_session: 0x02000000 + ssl_decrypted: 0x01000000 + url_filter_denied: 0x00800000 + nat_translated: 0x00400000 + captive_portal: 0x00200000 + x_forwarded_for: 0x00080000 + http_proxy: 0x00040000 + container_page: 0x00008000 + temporary_match: 0x00002000 + symmetric_return: 0x00000800 + source: > + def labels = ctx?.labels; + if (labels == null) { + labels = new HashMap(); + ctx['labels'] = labels; + } + long value = ctx._temp_.labels; + for (entry in params.entrySet()) { + if ((value & entry.getValue()) != 0) { + labels[entry.getKey()] = true; + } + } + +# normalize event.duration and determine event.end. + - script: + lang: painless + if: 'ctx?.event?.duration != null' + params: + NANOS_IN_A_SECOND: 1000000000 + source: > + long nanos = ctx['event']['duration'] * params.NANOS_IN_A_SECOND; + ctx['event']['duration'] = nanos; + def start = ctx.event?.start; + if (start != null) { + ctx.event['end'] = ZonedDateTime.parse(start).plusNanos(nanos); + } + +# Set network.direction using src/dst zone (traffic logs). + - set: + field: network.direction + value: inbound + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "trust"' + - set: + field: network.direction + value: outbound + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + - set: + field: network.direction + value: internal + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "trust"' + - set: + field: network.direction + value: external + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + - set: + field: network.direction + value: unknown + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ((ctx?.panw?.panos?.source?.zone != "trust" && ctx?.panw?.panos?.source?.zone != "untrust") || (ctx?.panw?.panos?.destination?.zone != "trust" && ctx?.panw?.panos?.destination?.zone != "untrust"))' + +# Set network.direction from threat direction (Threat logs). + - set: + field: network.direction + value: inbound + if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "0" || ctx?._temp_?.direction == "client-to-server")' + + - set: + field: network.direction + value: outbound + if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "1" || ctx?._temp_?.direction == "server-to-client")' + + - set: + field: network.direction + value: unknown + if: 'ctx?._temp_?.message_type == "THREAT" && ctx?.network?.direction == null' + +# Set network.type for TRAFFIC. + - set: + field: network.type + value: 'ipv4' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session == null' + - set: + field: network.type + value: 'ipv6' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session != null' + + # Set event.category depending on log type. + - set: + field: event.kind + value: event + if: 'ctx?._temp_?.message_type == "TRAFFIC"' + - append: + field: event.category + value: + - network_traffic + - network + if: 'ctx?._temp_?.message_type == "TRAFFIC"' + - set: + field: event.kind + value: alert + if: 'ctx?._temp_?.message_type == "THREAT"' + - append: + field: event.category + value: + - security_threat + - intrusion_detection + - network + if: 'ctx?._temp_?.message_type == "THREAT"' + - drop: + if: 'ctx?.event?.category == null' + - append: + field: event.type + value: allowed + if: "ctx?.panw?.panos?.action != null && ['alert', 'allow', 'continue'].contains(ctx.panw.panos.action)" + - append: + field: event.type + value: denied + if: "ctx?.panw?.panos?.action != null && ['deny', 'drop', 'reset-client', 'reset-server', 'reset-both', 'block-url', 'block-ip', 'random-drop', 'sinkhole', 'block'].contains(ctx.panw.panos.action)" + - set: + field: event.outcome + value: success + + +# event.action for traffic logs. + - set: + field: event.action + value: flow_started + if: 'ctx?._temp_?.message_subtype == "start"' + - append: + field: event.type + value: + - start + - connection + if: 'ctx?._temp_?.message_subtype == "start"' + - set: + field: event.action + value: flow_terminated + if: 'ctx?._temp_?.message_subtype == "end"' + - append: + field: event.type + value: + - end + - connection + if: 'ctx?._temp_?.message_subtype == "end"' + - set: + field: event.action + value: flow_dropped + if: 'ctx?._temp_?.message_subtype == "drop"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "drop"' + - set: + field: event.action + value: flow_denied + if: 'ctx?._temp_?.message_subtype == "deny"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "deny"' + +# event.action for threat logs. + - set: + field: event.action + value: data_match + if: 'ctx?._temp_?.message_subtype == "data"' + - set: + field: event.action + value: file_match + if: 'ctx?._temp_?.message_subtype == "file"' + - set: + field: event.action + value: flood_detected + if: 'ctx?._temp_?.message_subtype == "flood"' + - set: + field: event.action + value: packet_attack + if: 'ctx?._temp_?.message_subtype == "packet"' + - set: + field: event.action + value: scan_detected + if: 'ctx?._temp_?.message_subtype == "scan"' + - set: + field: event.action + value: spyware_detected + if: 'ctx?._temp_?.message_subtype == "spyware"' + - set: + field: event.action + value: url_filtering + if: 'ctx?._temp_?.message_subtype == "url"' + - set: + field: event.action + value: virus_detected + if: 'ctx?._temp_?.message_subtype == "virus"' + - set: + field: event.action + value: exploit_detected + if: 'ctx?._temp_?.message_subtype == "vulnerability"' + - set: + field: event.action + value: wildfire_veredict + if: 'ctx?._temp_?.message_subtype == "wildfire"' + - set: + field: event.action + value: wildfire_virus_detected + if: 'ctx?._temp_?.message_subtype == "wildfire-virus"' + + +# Set numeric log.level from event.severity. + - set: + field: "event.severity" + if: 'ctx.log.level == "critical"' + value: 1 + - set: + field: "event.severity" + if: 'ctx.log.level == "high"' + value: 2 + - set: + field: "event.severity" + if: 'ctx.log.level == "medium"' + value: 3 + - set: + field: "event.severity" + if: 'ctx.log.level == "low"' + value: 4 + - set: + field: "event.severity" + if: 'ctx.log.level == "informational"' + value: 5 + +# Normalize event.outcome. +# These values appear in the TRAFFIC docs but look like a mistake. + - set: + field: panw.panos.action + value: 'drop-icmp' + if: 'ctx?.panw?.panos?.action == "drop icmp" || ctx?.panw?.panos?.action == "drop ICMP"' + - set: + field: panw.panos.action + value: 'reset-both' + if: 'ctx?.panw?.panos?.action == "reset both"' + - set: + field: panw.panos.action + value: 'reset-client' + if: 'ctx?.panw?.panos?.action == "reset client"' + - set: + field: panw.panos.action + value: 'reset-server' + if: 'ctx?.panw?.panos?.action == "reset server"' + +# Build related.ip array from src/dest/NAT IPs. + - append: + if: 'ctx?.source?.ip != null' + field: related.ip + value: + - '{{source.ip}}' + - append: + if: 'ctx?.destination?.ip != null' + field: related.ip + value: + - '{{destination.ip}}' + - append: + if: 'ctx?.source?.nat?.ip != null' + field: related.ip + value: + - '{{source.nat.ip}}' + - append: + if: 'ctx?.destination?.nat?.ip != null' + field: related.ip + value: + - '{{destination.nat.ip}}' + +# Geolocation for source. + - geoip: + if: 'ctx?.source?.ip != null' + field: source.ip + target_field: source.geo + +# Geolocation for destination. + - geoip: + if: 'ctx?.destination?.ip != null' + field: destination.ip + target_field: destination.geo + +# IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +# Set source|destination.geo.name from panw's srcloc|dstloc + - rename: + if: 'ctx.source?.geo?.name == null' + field: _temp_.srcloc + target_field: source.geo.name + ignore_missing: true + - rename: + if: 'ctx.destination?.geo?.name == null' + field: _temp_.dstloc + target_field: destination.geo.name + ignore_missing: true + +# Append NAT community_id to network.community_id + - append: + if: 'ctx?.panw?.panos?.network?.nat?.community_id != null && ctx.panw.panos.network.nat.community_id != ctx?.network?.community_id' + field: network.community_id + value: + - '{{panw.panos.network.nat.community_id}}' + + - grok: + if: 'ctx?.panw?.panos?.threat?.name != null' + field: panw.panos.threat.name + ignore_failure: true + patterns: + - '%{GREEDYDATA:panw.panos.threat.name}\(\s*%{GREEDYDATA:panw.panos.threat.id}\s*\)' + + - set: + field: panw.panos.threat.name + value: 'URL-filtering' + if: 'ctx?.panw?.panos?.threat?.id == "9999"' + + - set: + field: rule.name + value: "{{panw.panos.ruleset}}" + if: "ctx?.panw?.panos?.ruleset != null" + + - append: + field: related.user + value: "{{client.user.name}}" + if: "ctx?.client?.user?.name != null" + + - append: + field: related.user + value: "{{source.user.name}}" + if: "ctx?.source?.user?.name != null" + + - append: + field: related.user + value: "{{server.user.name}}" + if: "ctx?.server?.user?.name != null" + + - append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx?.destination?.user?.name != null" + + - append: + field: related.hash + value: "{{panw.panos.file.hash}}" + if: "ctx?.panw?.panos?.file?.hash != null" + +# Remove temporary fields. + - remove: + field: + - _temp_ + ignore_missing: true + +on_failure: + - set: + field: "error.message" + value: "{{ _ingest.on_failure_message }}" + - remove: + field: + - _temp_ + ignore_missing: true diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/fields/fields.yml b/dev/packages/beats/panw/0.0.1/dataset/panos/fields/fields.yml new file mode 100644 index 00000000000..2f42a7acb84 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/fields/fields.yml @@ -0,0 +1,102 @@ +- name: panw.panos + type: group + fields: + - name: ruleset + type: keyword + description: | + Name of the rule that matched this session. + - name: source + type: group + fields: + - name: zone + type: keyword + description: | + Source zone for this session. + - name: interface + type: keyword + description: | + Source interface for this session. + - name: nat + type: group + fields: + - name: ip + type: ip + description: | + Post-NAT source IP. + - name: port + type: long + description: | + Post-NAT source port. + - name: destination + type: group + fields: + - name: zone + type: keyword + description: | + Destination zone for this session. + - name: interface + type: keyword + description: | + Destination interface for this session. + - name: nat + type: group + fields: + - name: ip + type: ip + description: | + Post-NAT destination IP. + - name: port + type: long + description: | + Post-NAT destination port. + - name: network + type: group + fields: + - name: pcap_id + type: keyword + description: | + Packet capture ID for a threat. + - name: nat + type: group + fields: + - name: community_id + type: keyword + description: | + Community ID flow-hash for the NAT 5-tuple. + - name: file + type: group + fields: + - name: hash + type: keyword + description: | + Binary hash for a threat file sent to be analyzed by the WildFire service. + - name: url + type: group + fields: + - name: category + type: keyword + description: | + For threat URLs, it's the URL category. For WildFire, the verdict on the file and is either 'malicious', 'grayware', or 'benign'. + - name: flow_id + type: keyword + description: | + Internal numeric identifier for each session. + - name: sequence_number + type: long + description: | + Log entry identifier that is incremented sequentially. Unique for each log type. + - name: threat.resource + type: keyword + description: | + URL or file name for a threat. + - name: threat.id + type: keyword + description: | + Palo Alto Networks identifier for the threat. + - name: threat.name + type: keyword + description: | + Palo Alto Networks name for the threat. + - name: action + type: keyword + description: Action taken for the session. diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/fields/package-fields.yml b/dev/packages/beats/panw/0.0.1/dataset/panos/fields/package-fields.yml new file mode 100644 index 00000000000..14a3dcca1b6 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: panw + type: group diff --git a/dev/packages/beats/panw/0.0.1/dataset/panos/manifest.yml b/dev/packages/beats/panw/0.0.1/dataset/panos/manifest.yml new file mode 100644 index 00000000000..bcd850e89ec --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/dataset/panos/manifest.yml @@ -0,0 +1,29 @@ +title: panw panos logs +release: experimental +type: logs +streams: +- input: syslog + template_path: syslog.yml.hbs + title: panw panos logs (syslog) + description: Collect panw panos logs using syslog input +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/pan-os.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - pan-os + template_path: log.yml.hbs + title: panw panos logs (log) + description: Collect panw panos logs using log input diff --git a/dev/packages/beats/panw/0.0.1/docs/README.md b/dev/packages/beats/panw/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/img/filebeat-panw-threat.png b/dev/packages/beats/panw/0.0.1/img/filebeat-panw-threat.png new file mode 100644 index 00000000000..46959b21a75 Binary files /dev/null and b/dev/packages/beats/panw/0.0.1/img/filebeat-panw-threat.png differ diff --git a/dev/packages/beats/panw/0.0.1/img/filebeat-panw-traffic.png b/dev/packages/beats/panw/0.0.1/img/filebeat-panw-traffic.png new file mode 100644 index 00000000000..ef9d5f706ec Binary files /dev/null and b/dev/packages/beats/panw/0.0.1/img/filebeat-panw-traffic.png differ diff --git a/dev/packages/beats/panw/0.0.1/kibana/dashboard/772964e0-7591-11e9-aacf-79a3704914a0.json b/dev/packages/beats/panw/0.0.1/kibana/dashboard/772964e0-7591-11e9-aacf-79a3704914a0.json new file mode 100644 index 00000000000..a911ad3c11a --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/dashboard/772964e0-7591-11e9-aacf-79a3704914a0.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "Palo Alto Networks PAN-OS Threats Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 31, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Threat outcome histogram", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Top threats by name", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Top threats by resource", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Top attackers (clients)", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Top attackers (servers)", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Outcome by threat type", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Threats Overview ECS", + "version": 1 + }, + "id": "772964e0-7591-11e9-aacf-79a3704914a0", + "references": [ + { + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/dashboard/e40ba240-7572-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/dashboard/e40ba240-7572-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..08edc2ff18b --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/dashboard/e40ba240-7572-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,162 @@ +{ + "attributes": { + "description": "Palo Alto Networks PAN-OS Networks Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Network Flows ECS", + "version": 1 + }, + "id": "e40ba240-7572-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/search/290685e0-7569-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/search/290685e0-7569-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..d10d90fa4d1 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/search/290685e0-7569-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "panw.panos:* and event.category: \"network_traffic\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "PAN-OS Flows [Logs PANW] ECS", + "version": 1 + }, + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/search/3cea1360-7569-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/search/3cea1360-7569-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..57375aa000c --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/search/3cea1360-7569-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "panw.panos:* and event.category: \"security_threat\"" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "PAN-OS Threats [Logs PANW] ECS", + "version": 1 + }, + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/0407a3e0-756f-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/0407a3e0-756f-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..8914b520830 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/0407a3e0-756f-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Network Application breakout [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Application breakout [Logs PANW] ECS", + "type": "pie" + } + }, + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/091fe860-756a-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/091fe860-756a-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..cc5373b6111 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/091fe860-756a-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Flows Map [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Destination Flows Map [Logs PANW] ECS", + "type": "tile_map" + } + }, + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/0bd2a0c0-7574-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/0bd2a0c0-7574-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..b74da2cfe76 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/0bd2a0c0-7574-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat outcome histogram [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Threat outcome histogram [Logs PANW] ECS", + "type": "histogram" + } + }, + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/135930b0-7570-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/135930b0-7570-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..00bb1101f55 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/135930b0-7570-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,170 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Zone breakout [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.destination.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Destination Zone breakout [Logs PANW] ECS", + "type": "horizontal_bar" + } + }, + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/3eca1070-7589-11e9-aacf-79a3704914a0.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/3eca1070-7589-11e9-aacf-79a3704914a0.json new file mode 100644 index 00000000000..dc57260c3a8 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/3eca1070-7589-11e9-aacf-79a3704914a0.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat ID Cloud [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat ID Cloud [Logs PANW] ECS", + "type": "tagcloud" + } + }, + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/5bd32b20-7575-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/5bd32b20-7575-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..03c146a10c4 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/5bd32b20-7575-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat Resource Cloud [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat Resource Cloud [Logs PANW] ECS", + "type": "tagcloud" + } + }, + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/6dce7930-758c-11e9-aacf-79a3704914a0.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/6dce7930-758c-11e9-aacf-79a3704914a0.json new file mode 100644 index 00000000000..4d017abb4cc --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/6dce7930-758c-11e9-aacf-79a3704914a0.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Threat Type [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Outcome by Threat Type [Logs PANW] ECS", + "type": "pie" + } + }, + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/78e7e820-756d-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/78e7e820-756d-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..7632ef76588 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/78e7e820-756d-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,170 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_terminated" + }, + "type": "phrase", + "value": "flow_terminated" + }, + "query": { + "match": { + "event.action": { + "query": "flow_terminated", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Flow Creation Histogram [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Flow Creation Histogram [Logs PANW] ECS", + "type": "histogram" + } + }, + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/87f30f60-7569-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/87f30f60-7569-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..c4d634f04b9 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/87f30f60-7569-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Flows Map [Logs PANW] ECS", + "uiStateJSON": { + "mapCenter": [ + -0.17578097424708533, + 0.17578125 + ], + "mapZoom": 1 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Source Flows Map [Logs PANW] ECS", + "type": "tile_map" + } + }, + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/90ce3300-758a-11e9-aacf-79a3704914a0.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/90ce3300-758a-11e9-aacf-79a3704914a0.json new file mode 100644 index 00000000000..75feb92dc19 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/90ce3300-758a-11e9-aacf-79a3704914a0.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "inbound" + }, + "type": "phrase", + "value": "inbound" + }, + "query": { + "match": { + "network.direction": { + "query": "inbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (clients) [Logs PANW] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (clients) [Logs PANW] ECS", + "type": "table" + } + }, + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/a95aaf20-758a-11e9-aacf-79a3704914a0.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/a95aaf20-758a-11e9-aacf-79a3704914a0.json new file mode 100644 index 00000000000..d2c9d8c4809 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/a95aaf20-758a-11e9-aacf-79a3704914a0.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "outbound" + }, + "type": "phrase", + "value": "outbound" + }, + "query": { + "match": { + "network.direction": { + "query": "outbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (servers) [Logs PANW] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (servers) [Logs PANW] ECS", + "type": "table" + } + }, + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/d9cab170-756f-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/d9cab170-756f-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..30fa3d02054 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/d9cab170-756f-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,170 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Zone breakout [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.source.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Source Zone breakout [Logs PANW] ECS", + "type": "horizontal_bar" + } + }, + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/kibana/visualization/e46331c0-756a-11e9-976e-65a8f47cc4c1.json b/dev/packages/beats/panw/0.0.1/kibana/visualization/e46331c0-756a-11e9-976e-65a8f47cc4c1.json new file mode 100644 index 00000000000..c614f56535f --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/kibana/visualization/e46331c0-756a-11e9-976e-65a8f47cc4c1.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Event Outcome by Transport and Destination Port [Logs PANW] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Event Outcome by Transport and Destination Port [Logs PANW] ECS", + "type": "pie" + } + }, + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/panw/0.0.1/manifest.yml b/dev/packages/beats/panw/0.0.1/manifest.yml new file mode 100644 index 00000000000..3e3ca817c29 --- /dev/null +++ b/dev/packages/beats/panw/0.0.1/manifest.yml @@ -0,0 +1,33 @@ +format_version: 1.0.0 +name: panw +title: panw +version: 0.0.1 +license: basic +description: panw Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-panw-traffic.png + title: filebeat panw traffic + size: 2546x2888 + type: image/png +- src: /img/filebeat-panw-threat.png + title: filebeat panw threat + size: 2546x2496 + type: image/png +datasources: +- name: panw + title: panw logs + description: Collect logs from panw instances + inputs: + - type: logs + title: Collect logs from panw instances + description: Collecting panw panos logs diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/pool/agent/stream/stream.yml.hbs b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..60bcdacbc9e --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["pool"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if status_path}} +status_path: {{status_path}} +{{/if}} diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/fields.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/fields.yml new file mode 100644 index 00000000000..0eafd4ab996 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/fields.yml @@ -0,0 +1,62 @@ +- name: php_fpm.pool + type: group + release: ga + fields: + - name: process_manager + type: keyword + description: | + Static, dynamic or ondemand. + - name: connections + type: group + fields: + - name: accepted + type: long + description: | + The number of incoming requests that the PHP-FPM server has accepted; when a connection is accepted it is removed from the listen queue. + - name: queued + type: long + description: | + The current number of connections that have been initiated, but not yet accepted. If this value is non-zero it typically means that all the available server processes are currently busy, and there are no processes available to serve the next request. Raising `pm.max_children` (provided the server can handle it) should help keep this number low. This property follows from the fact that PHP-FPM listens via a socket (TCP or file based), and thus inherits some of the characteristics of sockets. + - name: max_listen_queue + type: long + description: | + The maximum number of requests in the queue of pending connections since FPM has started. + - name: listen_queue_len + type: long + description: | + The size of the socket queue of pending connections. + - name: processes + type: group + fields: + - name: idle + type: long + description: | + The number of servers in the `waiting to process` state (i.e. not currently serving a page). This value should fall between the `pm.min_spare_servers` and `pm.max_spare_servers` values when the process manager is `dynamic`. + - name: active + type: long + description: | + The number of servers current processing a page - the minimum is `1` (so even on a fully idle server, the result will be not read `0`). + - name: total + type: long + description: | + The number of idle + active processes. + - name: max_active + type: long + description: | + The maximum number of active processes since FPM has started. + - name: max_children_reached + type: long + description: | + Number of times, the process limit has been reached, when pm tries to start more children (works only for pm 'dynamic' and 'ondemand'). + - name: slow_requests + type: long + description: | + The number of times a request execution time has exceeded `request_slowlog_timeout`. + - name: start_since + type: long + description: | + Number of seconds since FPM has started. + - name: start_time + type: date + description: | + The date and time FPM has started. diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/package-fields.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/package-fields.yml new file mode 100644 index 00000000000..f2769cd12c6 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/fields/package-fields.yml @@ -0,0 +1,10 @@ +- name: php_fpm + type: group + fields: + - name: pool + type: group + fields: + - name: name + type: keyword + description: | + The name of the pool. diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/pool/manifest.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/manifest.yml new file mode 100644 index 00000000000..8dc1f100f2a --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/pool/manifest.yml @@ -0,0 +1,30 @@ +title: PHP_FPM pool metrics +release: experimental +type: metrics +streams: +- input: php_fpm/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8080 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: status_path + type: text + title: Status Path + multi: false + required: true + show_user: true + default: /status + title: PHP_FPM pool metrics + description: Collect PHP_FPM pool metrics diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/process/agent/stream/stream.yml.hbs b/dev/packages/beats/php_fpm/0.0.1/dataset/process/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ad28c2daa24 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/process/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["process"] diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/ecs.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/ecs.yml new file mode 100644 index 00000000000..90a7a1d5249 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/ecs.yml @@ -0,0 +1,60 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/fields.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/fields.yml new file mode 100644 index 00000000000..47e8420cfec --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/fields.yml @@ -0,0 +1,36 @@ +- name: php_fpm.process + type: group + release: ga + fields: + - name: state + type: keyword + description: | + The state of the process (Idle, Running, etc) + - name: start_time + type: date + description: | + The date and time the process has started + - name: start_since + type: integer + description: | + The number of seconds since the process has started + - name: requests + type: integer + description: | + The number of requests the process has served + - name: request_duration + type: integer + description: | + The duration in microseconds (1 million in a second) of the current request (my own definition) + - name: script + type: keyword + description: | + The main script called (or - if not set) (for the current request) + - name: last_request_cpu + type: long + description: | + The max amount of memory the last request consumed (it is always 0 if the process is not in Idle state because memory calculation is done when the request processing has terminated) + - name: last_request_memory + type: integer + description: | + The content length of the request (only with POST) (of the current request) diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/package-fields.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/package-fields.yml new file mode 100644 index 00000000000..f2769cd12c6 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/process/fields/package-fields.yml @@ -0,0 +1,10 @@ +- name: php_fpm + type: group + fields: + - name: pool + type: group + fields: + - name: name + type: keyword + description: | + The name of the pool. diff --git a/dev/packages/beats/php_fpm/0.0.1/dataset/process/manifest.yml b/dev/packages/beats/php_fpm/0.0.1/dataset/process/manifest.yml new file mode 100644 index 00000000000..793d23d5d30 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/dataset/process/manifest.yml @@ -0,0 +1,7 @@ +title: PHP_FPM process metrics +release: experimental +type: metrics +streams: +- input: php_fpm/metrics + title: PHP_FPM process metrics + description: Collect PHP_FPM process metrics diff --git a/dev/packages/beats/php_fpm/0.0.1/docs/README.md b/dev/packages/beats/php_fpm/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/php_fpm/0.0.1/img/logo_php.svg b/dev/packages/beats/php_fpm/0.0.1/img/logo_php.svg new file mode 100644 index 00000000000..43521dc8f4c --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/img/logo_php.svg @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dev/packages/beats/php_fpm/0.0.1/manifest.yml b/dev/packages/beats/php_fpm/0.0.1/manifest.yml new file mode 100644 index 00000000000..e0b85e136f7 --- /dev/null +++ b/dev/packages/beats/php_fpm/0.0.1/manifest.yml @@ -0,0 +1,27 @@ +format_version: 1.0.0 +name: php_fpm +title: PHP_FPM +version: 0.0.1 +license: basic +description: PHP_FPM Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/logo_php.svg + title: logo php + size: 32x32 + type: image/svg+xml +datasources: +- name: php_fpm + title: PHP_FPM metrics + description: Collect metrics from PHP_FPM instances + inputs: + - type: php_fpm/metrics + title: Collect metrics from PHP_FPM instances + description: Collecting PHP_FPM pool and process metrics diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/activity/agent/stream/stream.yml.hbs b/dev/packages/beats/postgresql/0.0.1/dataset/activity/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ec2fb421109 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/activity/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["activity"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/fields.yml new file mode 100644 index 00000000000..86ce2254214 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/fields.yml @@ -0,0 +1,78 @@ +- name: postgresql.activity + type: group + release: ga + fields: + - name: database.oid + type: long + description: | + OID of the database this backend is connected to. + - name: database.name + type: keyword + description: | + Name of the database this backend is connected to. + - name: pid + type: long + description: | + Process ID of this backend. + - name: user.id + type: long + description: | + OID of the user logged into this backend. + - name: user.name + type: keyword + description: | + Name of the user logged into this backend. + - name: application_name + type: keyword + description: | + Name of the application that is connected to this backend. + - name: client.address + type: keyword + description: | + IP address of the client connected to this backend. + - name: client.hostname + type: keyword + description: | + Host name of the connected client, as reported by a reverse DNS lookup of client_addr. + - name: client.port + type: long + description: | + TCP port number that the client is using for communication with this backend, or -1 if a Unix socket is used. + - name: backend_start + type: date + description: | + Time when this process was started, i.e., when the client connected to the server. + - name: transaction_start + type: date + description: | + Time when this process' current transaction was started. + - name: query_start + type: date + description: | + Time when the currently active query was started, or if state is not active, when the last query was started. + - name: state_change + type: date + description: | + Time when the state was last changed. + - name: waiting + type: boolean + description: | + True if this backend is currently waiting on a lock. + - name: state + type: keyword + description: | + Current overall state of this backend. Possible values are: + + * active: The backend is executing a query. + * idle: The backend is waiting for a new client command. + * idle in transaction: The backend is in a transaction, but is not + currently executing a query. + * idle in transaction (aborted): This state is similar to idle in + transaction, except one of the statements in the transaction caused + an error. + * fastpath function call: The backend is executing a fast-path function. + * disabled: This state is reported if track_activities is disabled in this backend. + - name: query + type: keyword + description: | + Text of this backend's most recent query. If state is active this field shows the currently executing query. In all other states, it shows the last query that was executed. diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/package-fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/package-fields.yml new file mode 100644 index 00000000000..7094d614dd0 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/activity/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: postgresql + type: group diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/activity/manifest.yml b/dev/packages/beats/postgresql/0.0.1/dataset/activity/manifest.yml new file mode 100644 index 00000000000..7e56ed81032 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/activity/manifest.yml @@ -0,0 +1,23 @@ +title: PostgreSQL activity metrics +release: experimental +type: metrics +streams: +- input: postgresql/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - postgres://localhost:5432 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: PostgreSQL activity metrics + description: Collect PostgreSQL activity metrics diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/agent/stream/stream.yml.hbs b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a2ff6f48582 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["bgwriter"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/fields.yml new file mode 100644 index 00000000000..c0b03aadc7f --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/fields.yml @@ -0,0 +1,48 @@ +- name: postgresql.bgwriter + type: group + release: ga + fields: + - name: checkpoints.scheduled + type: long + description: | + Number of scheduled checkpoints that have been performed. + - name: checkpoints.requested + type: long + description: | + Number of requested checkpoints that have been performed. + - name: checkpoints.times.write.ms + type: float + description: | + Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds. + - name: checkpoints.times.sync.ms + type: float + description: | + Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds. + - name: buffers.checkpoints + type: long + description: | + Number of buffers written during checkpoints. + - name: buffers.clean + type: long + description: | + Number of buffers written by the background writer. + - name: buffers.clean_full + type: long + description: | + Number of times the background writer stopped a cleaning scan because it had written too many buffers. + - name: buffers.backend + type: long + description: | + Number of buffers written directly by a backend. + - name: buffers.backend_fsync + type: long + description: | + Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write) + - name: buffers.allocated + type: long + description: | + Number of buffers allocated. + - name: stats_reset + type: date + description: | + Time at which these statistics were last reset. diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/package-fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/package-fields.yml new file mode 100644 index 00000000000..7094d614dd0 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: postgresql + type: group diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/manifest.yml b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/manifest.yml new file mode 100644 index 00000000000..aac950aa1a8 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/bgwriter/manifest.yml @@ -0,0 +1,23 @@ +title: PostgreSQL bgwriter metrics +release: experimental +type: metrics +streams: +- input: postgresql/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - postgres://localhost:5432 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: PostgreSQL bgwriter metrics + description: Collect PostgreSQL bgwriter metrics diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/database/agent/stream/stream.yml.hbs b/dev/packages/beats/postgresql/0.0.1/dataset/database/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3f6834db1b1 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/database/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["database"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/fields.yml new file mode 100644 index 00000000000..499d3d1031d --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/fields.yml @@ -0,0 +1,80 @@ +- name: postgresql.database + type: group + release: ga + fields: + - name: oid + type: long + description: | + OID of the database this backend is connected to. + - name: name + type: keyword + description: | + Name of the database this backend is connected to. + - name: number_of_backends + type: long + description: | + Number of backends currently connected to this database. + - name: transactions.commit + type: long + description: | + Number of transactions in this database that have been committed. + - name: transactions.rollback + type: long + description: | + Number of transactions in this database that have been rolled back. + - name: blocks.read + type: long + description: | + Number of disk blocks read in this database. + - name: blocks.hit + type: long + description: | + Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache). + - name: blocks.time.read.ms + type: long + description: | + Time spent reading data file blocks by backends in this database, in milliseconds. + - name: blocks.time.write.ms + type: long + description: | + Time spent writing data file blocks by backends in this database, in milliseconds. + - name: rows.returned + type: long + description: | + Number of rows returned by queries in this database. + - name: rows.fetched + type: long + description: | + Number of rows fetched by queries in this database. + - name: rows.inserted + type: long + description: | + Number of rows inserted by queries in this database. + - name: rows.updated + type: long + description: | + Number of rows updated by queries in this database. + - name: rows.deleted + type: long + description: | + Number of rows deleted by queries in this database. + - name: conflicts + type: long + description: | + Number of queries canceled due to conflicts with recovery in this database. + - name: temporary.files + type: long + description: | + Number of temporary files created by queries in this database. All temporary files are counted, regardless of why the temporary file was created (e.g., sorting or hashing), and regardless of the log_temp_files setting. + - name: temporary.bytes + type: long + description: | + Total amount of data written to temporary files by queries in this database. All temporary files are counted, regardless of why the temporary file was created, and regardless of the log_temp_files setting. + - name: deadlocks + type: long + description: | + Number of deadlocks detected in this database. + - name: stats_reset + type: date + description: | + Time at which these statistics were last reset. diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/package-fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/package-fields.yml new file mode 100644 index 00000000000..7094d614dd0 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/database/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: postgresql + type: group diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/database/manifest.yml b/dev/packages/beats/postgresql/0.0.1/dataset/database/manifest.yml new file mode 100644 index 00000000000..90f827bd458 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/database/manifest.yml @@ -0,0 +1,23 @@ +title: PostgreSQL database metrics +release: experimental +type: metrics +streams: +- input: postgresql/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - postgres://localhost:5432 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: PostgreSQL database metrics + description: Collect PostgreSQL database metrics diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/postgresql/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..4aef7322a2c --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,9 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: '^\d{4}-\d{2}-\d{2} ' + negate: true + match: after \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/postgresql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..3f16e5ff015 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,58 @@ +--- +description: Pipeline for parsing PostgreSQL logs. +processors: +- grok: + field: message + ignore_missing: true + patterns: + - '^%{DATETIME:postgresql.log.timestamp} \[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\] + ((\[%{USERNAME:user.name}\]@\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) + )?%{WORD:log.level}: (?:%{NUMBER:postgresql.log.error.code:long}|%{SPACE})(duration: + %{NUMBER:temp.duration:float} ms %{POSTGRESQL_QUERY_STEP}: %{GREEDYDATA:postgresql.log.query}|: + %{GREEDYDATA:message}|%{GREEDYDATA:message})' + pattern_definitions: + DATETIME: '[-0-9]+ %{TIME} %{WORD:event.timezone}' + GREEDYDATA: |- + (.| + | )* + POSTGRESQL_DB_NAME: '[a-zA-Z0-9_]+[a-zA-Z0-9_\$]*' + POSTGRESQL_QUERY_STEP: '%{WORD:postgresql.log.query_step}(?: | %{WORD:postgresql.log.query_name})?' +- date: + field: postgresql.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS zz + - yyyy-MM-dd HH:mm:ss zz +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: + - database +- append: + field: event.type + value: + - info +- append: + field: event.type + value: + - error + if: "ctx?.postgresql?.log?.error?.code != null && ctx.postgresql.log.error.code >= 02000" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..94e9b2887ae --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,57 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: event + title: Event + group: 2 + type: group + fields: + - name: timezone + level: extended + type: keyword + description: |- + This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. + Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). + ignore_above: 1024 +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..73dc5ac4262 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,30 @@ +- name: postgresql.log + type: group + fields: + - name: timestamp + type: keyword + description: | + The timestamp from the log line. + - name: core_id + type: long + description: | + Core id + - name: database + type: keyword + description: | + Name of database + - name: query + type: keyword + description: | + Query statement. + - name: query_step + type: keyword + description: | + Statement step when using extended query protocol (one of statement, parse, bind or execute) + - name: query_name + type: keyword + description: | + Name given to a query when using extended query protocol. If it is "", or not present, this field is ignored. + - name: error.code + type: long + description: Error code returned by Postgres (if any) diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..7094d614dd0 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: postgresql + type: group diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/postgresql/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..5ff081973de --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,24 @@ +title: PostgreSQL log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/postgresql/postgresql-*-*.log* + os: + darwin: + default: + - /usr/local/var/postgres/*.log* + windows: + default: + - c:/Program Files/PostgreSQL/*/logs/*.log* + template_path: log.yml.hbs + title: PostgreSQL log logs (log) + description: Collect PostgreSQL log logs using log input diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/statement/agent/stream/stream.yml.hbs b/dev/packages/beats/postgresql/0.0.1/dataset/statement/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9f9c47cc626 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/statement/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["statement"] diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/fields.yml new file mode 100644 index 00000000000..55bca912b79 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/fields.yml @@ -0,0 +1,88 @@ +- name: postgresql.statement + type: group + release: ga + fields: + - name: user.id + type: long + description: | + OID of the user logged into the backend that ran the query. + - name: database.oid + type: long + description: | + OID of the database the query was run on. + - name: query.id + type: long + description: | + ID of the statement. + - name: query.text + type: keyword + description: | + Query text + - name: query.calls + type: long + description: | + Number of times the query has been run. + - name: query.rows + type: long + description: | + Total number of rows returned by query. + - name: query.time.total.ms + type: float + description: | + Total number of milliseconds spent running query. + - name: query.time.min.ms + type: float + description: | + Minimum number of milliseconds spent running query. + - name: query.time.max.ms + type: float + description: | + Maximum number of milliseconds spent running query. + - name: query.time.mean.ms + type: long + description: | + Mean number of milliseconds spent running query. + - name: query.time.stddev.ms + type: long + description: | + Population standard deviation of time spent running query, in milliseconds. + - name: query.memory.shared.hit + type: long + description: | + Total number of shared block cache hits by the query. + - name: query.memory.shared.read + type: long + description: | + Total number of shared block cache read by the query. + - name: query.memory.shared.dirtied + type: long + description: | + Total number of shared block cache dirtied by the query. + - name: query.memory.shared.written + type: long + description: | + Total number of shared block cache written by the query. + - name: query.memory.local.hit + type: long + description: | + Total number of local block cache hits by the query. + - name: query.memory.local.read + type: long + description: | + Total number of local block cache read by the query. + - name: query.memory.local.dirtied + type: long + description: | + Total number of local block cache dirtied by the query. + - name: query.memory.local.written + type: long + description: | + Total number of local block cache written by the query. + - name: query.memory.temp.read + type: long + description: | + Total number of temp block cache read by the query. + - name: query.memory.temp.written + type: long + description: | + Total number of temp block cache written by the query. diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/package-fields.yml b/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/package-fields.yml new file mode 100644 index 00000000000..7094d614dd0 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/statement/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: postgresql + type: group diff --git a/dev/packages/beats/postgresql/0.0.1/dataset/statement/manifest.yml b/dev/packages/beats/postgresql/0.0.1/dataset/statement/manifest.yml new file mode 100644 index 00000000000..c1f9924e698 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/dataset/statement/manifest.yml @@ -0,0 +1,7 @@ +title: PostgreSQL statement metrics +release: experimental +type: metrics +streams: +- input: postgresql/metrics + title: PostgreSQL statement metrics + description: Collect PostgreSQL statement metrics diff --git a/dev/packages/beats/postgresql/0.0.1/docs/README.md b/dev/packages/beats/postgresql/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-overview.png b/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-overview.png new file mode 100644 index 00000000000..b4fc428c4d0 Binary files /dev/null and b/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-overview.png differ diff --git a/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-slowlog-overview.png b/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-slowlog-overview.png new file mode 100644 index 00000000000..944a2577852 Binary files /dev/null and b/dev/packages/beats/postgresql/0.0.1/img/filebeat-postgresql-slowlog-overview.png differ diff --git a/dev/packages/beats/postgresql/0.0.1/img/logo_postgres.svg b/dev/packages/beats/postgresql/0.0.1/img/logo_postgres.svg new file mode 100644 index 00000000000..0306131fcd3 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/img/logo_postgres.svg @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/dev/packages/beats/postgresql/0.0.1/img/metricbeat-postgresql-overview.png b/dev/packages/beats/postgresql/0.0.1/img/metricbeat-postgresql-overview.png new file mode 100644 index 00000000000..9d75e9addb2 Binary files /dev/null and b/dev/packages/beats/postgresql/0.0.1/img/metricbeat-postgresql-overview.png differ diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs.json new file mode 100644 index 00000000000..aea83f25e02 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "Overview dashboard for the Logs PostgreSQL integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "log.level", + "message", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 24, + "i": "2", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs PostgreSQL] Overview ECS", + "version": 1 + }, + "id": "158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs", + "references": [ + { + "id": "PostgreSQL Log Level Count-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "PostgreSQL All Logs-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/4288b790-b79f-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/4288b790-b79f-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..60dc3a2cfdf --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/4288b790-b79f-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,238 @@ +{ + "attributes": { + "description": "This PostgreSQL dashboard shows the most important database related metrics.\n\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Query Latency" + }, + "gridData": { + "h": 13, + "i": "1", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Query Latency", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Database Transactions" + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Database Transactions", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Fileblock IO" + }, + "gridData": { + "h": 10, + "i": "3", + "w": 24, + "x": 0, + "y": 19 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Fileblock IO", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Rows Fetched/Returned" + }, + "gridData": { + "h": 6, + "i": "4", + "w": 14, + "x": 10, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Rows Fetched/Returned", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Rows Inserted/Deleted/Updated" + }, + "gridData": { + "h": 9, + "i": "5", + "w": 24, + "x": 24, + "y": 22 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Rows Inserted/Deleted/Updated", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Conflict/Deadlock Rates" + }, + "gridData": { + "h": 11, + "i": "6", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Conflict/Deadlock Rates", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Database Filter" + }, + "gridData": { + "h": 6, + "i": "7", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Database Filter", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Top Queries" + }, + "gridData": { + "h": 10, + "i": "8", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Top Queries", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Local block cache stats" + }, + "gridData": { + "h": 9, + "i": "9", + "w": 12, + "x": 24, + "y": 31 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Local block cache stats", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "title": "Shared block cache stats" + }, + "gridData": { + "h": 9, + "i": "10", + "w": 12, + "x": 36, + "y": 31 + }, + "panelIndex": "10", + "panelRefName": "panel_9", + "title": "Shared block cache stats", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Metrics PostgreSQL] Database Overview", + "version": 1 + }, + "id": "4288b790-b79f-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "fbfa67e0-b796-11e9-a579-f5c0a5d81340", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "d733c630-b797-11e9-a579-f5c0a5d81340", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "570973a0-b798-11e9-a579-f5c0a5d81340", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "66d67200-b799-11e9-a579-f5c0a5d81340", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "20931ef0-b79a-11e9-a579-f5c0a5d81340", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "960ecdf0-b79a-11e9-a579-f5c0a5d81340", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "98e6b0a0-b79b-11e9-a579-f5c0a5d81340", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "147875b0-b903-11e9-a579-f5c0a5d81340", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "0cb65170-b909-11e9-a579-f5c0a5d81340", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "e2b28ce0-b908-11e9-a579-f5c0a5d81340", + "name": "panel_9", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs.json new file mode 100644 index 00000000000..2e4b24e1518 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/dashboard/e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "description": "Dashboard for analyzing the query durations of the Logs PostgreSQL integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "postgresql.log.query:*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "3", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs PostgreSQL] Query Duration Overview ECS", + "version": 1 + }, + "id": "e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "references": [ + { + "id": "PostgreSQL Query Count and Duration-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Slow PostgreSQL Queries-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "PostgreSQL Query Durations-ecs", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL All Logs-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL All Logs-ecs.json new file mode 100644 index 00000000000..5ed1e62fa68 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL All Logs-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "log.level", + "message", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"postgresql.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "postgresql." + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "All Logs [Logs PostgreSQL] ECS", + "version": 1 + }, + "id": "PostgreSQL All Logs-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL Query Durations-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL Query Durations-ecs.json new file mode 100644 index 00000000000..ab635272f42 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/search/PostgreSQL Query Durations-ecs.json @@ -0,0 +1,41 @@ +{ + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.duration:*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Query Durations [Logs PostgreSQL] ECS", + "version": 1 + }, + "id": "PostgreSQL Query Durations-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/search/Slow PostgreSQL Queries-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/search/Slow PostgreSQL Queries-ecs.json new file mode 100644 index 00000000000..715a4a29730 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/search/Slow PostgreSQL Queries-ecs.json @@ -0,0 +1,41 @@ +{ + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.duration\u003e30000000" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Slow Queries [Logs PostgreSQL] ECS", + "version": 1 + }, + "id": "Slow PostgreSQL Queries-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/0cb65170-b909-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/0cb65170-b909-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..e298049aa4d --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/0cb65170-b909-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,115 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Local block cache stats [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "8f49dbd0-b908-11e9-a256-6d0ec934f3f9", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "8f49dbd1-b908-11e9-a256-6d0ec934f3f9", + "label": "cache hits", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.memory.local.hit", + "id": "8f49dbd2-b908-11e9-a256-6d0ec934f3f9", + "type": "max" + }, + { + "field": "8f49dbd2-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd4-b908-11e9-a256-6d0ec934f3f9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "8f49dbd2-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd3-b908-11e9-a256-6d0ec934f3f9", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "8f49dbd5-b908-11e9-a256-6d0ec934f3f9", + "label": "cache read", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.memory.local.read", + "id": "8f49dbd6-b908-11e9-a256-6d0ec934f3f9", + "type": "max" + }, + { + "field": "8f49dbd6-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd8-b908-11e9-a256-6d0ec934f3f9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "8f49dbd6-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd7-b908-11e9-a256-6d0ec934f3f9", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Local block cache stats [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "0cb65170-b909-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/147875b0-b903-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/147875b0-b903-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..922d4435be3 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/147875b0-b903-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Query Calls Count [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "d3cc2560-484b-11ea-a805-d7a3b4bc3300" + } + ], + "bar_color_rules": [ + { + "id": "6da7d6e0-b902-11e9-9f00-7b1f283b2282" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "d22727f0-484b-11ea-a805-d7a3b4bc3300" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "2bc5fea0-b902-11e9-8b8c-f99be54b4271", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "pivot_id": "postgresql.statement.query.text", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "not postgresql.statement.query.text : (\"BEGIN;\" or \"begin\" or \"commit\" or \"end\" or \"END;\" or \"SELECT * FROM pg_stat_statements\" or \"SELECT * FROM pg_stat_database\" or \"SELECT * FROM pg_stat_bgwriter\" or \"SELECT * FROM pg_stat_activity\")" + }, + "formatter": "'0a'", + "id": "2bc5fea1-b902-11e9-8b8c-f99be54b4271", + "label": "Number of times the query has been run", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.calls", + "id": "2bc5fea2-b902-11e9-8b8c-f99be54b4271", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "postgresql.statement.query.text", + "terms_order_by": "2bc5fea2-b902-11e9-8b8c-f99be54b4271", + "terms_size": "20", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "type": "top_n" + }, + "title": "Query Calls Count [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "147875b0-b903-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/20931ef0-b79a-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/20931ef0-b79a-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..b08c8bf6c6b --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/20931ef0-b79a-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,148 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Rows Inserted/Deleted/Updated [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "fc474800-b799-11e9-bfa6-bd2fe13c0445", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "fc474801-b799-11e9-bfa6-bd2fe13c0445", + "label": "inserted", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.rows.inserted", + "id": "fc474802-b799-11e9-bfa6-bd2fe13c0445", + "type": "max" + }, + { + "field": "fc474802-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc474804-b799-11e9-bfa6-bd2fe13c0445", + "type": "derivative", + "unit": "1s" + }, + { + "field": "fc474804-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc474803-b799-11e9-bfa6-bd2fe13c0445", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "fc474805-b799-11e9-bfa6-bd2fe13c0445", + "label": "deleted", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.rows.deleted", + "id": "fc474806-b799-11e9-bfa6-bd2fe13c0445", + "type": "max" + }, + { + "field": "fc474806-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc474808-b799-11e9-bfa6-bd2fe13c0445", + "type": "derivative", + "unit": "1s" + }, + { + "field": "fc474808-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc474807-b799-11e9-bfa6-bd2fe13c0445", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#00B3A4", + "fill": 0, + "formatter": "number", + "id": "fc476f10-b799-11e9-bfa6-bd2fe13c0445", + "label": "updated", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.rows.updated", + "id": "fc476f11-b799-11e9-bfa6-bd2fe13c0445", + "type": "max" + }, + { + "field": "fc476f11-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc476f13-b799-11e9-bfa6-bd2fe13c0445", + "type": "derivative", + "unit": "1s" + }, + { + "field": "fc476f13-b799-11e9-bfa6-bd2fe13c0445", + "id": "fc476f12-b799-11e9-bfa6-bd2fe13c0445", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Rows Inserted/Deleted/Updated [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "20931ef0-b79a-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs.json new file mode 100644 index 00000000000..f86ea83ed40 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Logs by level over time [Logs PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per month" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Logs by level over time [Logs PostgreSQL] ECS", + "type": "histogram" + } + }, + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "references": [ + { + "id": "PostgreSQL All Logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/570973a0-b798-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/570973a0-b798-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..adcefa95de9 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/570973a0-b798-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Fileblock IO Rate [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "fbc27280-b797-11e9-b46b-4f80f005c4a5", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,196,0,1)", + "fill": 0, + "formatter": "number", + "id": "fbc27281-b797-11e9-b46b-4f80f005c4a5", + "label": "read", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.blocks.time.read.ms", + "id": "fbc27282-b797-11e9-b46b-4f80f005c4a5", + "type": "max" + }, + { + "field": "fbc27282-b797-11e9-b46b-4f80f005c4a5", + "id": "fbc27284-b797-11e9-b46b-4f80f005c4a5", + "type": "derivative", + "unit": "1s" + }, + { + "field": "fbc27284-b797-11e9-b46b-4f80f005c4a5", + "id": "fbc27283-b797-11e9-b46b-4f80f005c4a5", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}} ms" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(123,100,255,1)", + "fill": 0, + "formatter": "number", + "id": "fbc27285-b797-11e9-b46b-4f80f005c4a5", + "label": "write", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.blocks.time.write.ms", + "id": "fbc27286-b797-11e9-b46b-4f80f005c4a5", + "type": "max" + }, + { + "field": "fbc27286-b797-11e9-b46b-4f80f005c4a5", + "id": "fbc27288-b797-11e9-b46b-4f80f005c4a5", + "type": "derivative", + "unit": "1s" + }, + { + "field": "fbc27288-b797-11e9-b46b-4f80f005c4a5", + "id": "fbc27287-b797-11e9-b46b-4f80f005c4a5", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}} ms" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Fileblock IO Rate [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "570973a0-b798-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/66d67200-b799-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/66d67200-b799-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..b3f00370e8f --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/66d67200-b799-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,148 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Rows Fetched/Returned [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "bec42b70-b798-11e9-af2f-3be5a91b64a6" + } + ], + "bar_color_rules": [ + { + "id": "cc80b5d0-b798-11e9-af2f-3be5a91b64a6" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "ada89790-b798-11e9-af2f-3be5a91b64a6" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "a6981ed0-b798-11e9-a598-8baa89257193", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "'0.0 a'", + "id": "a6981ed1-b798-11e9-a598-8baa89257193", + "label": "Rows Returned", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.rows.returned", + "id": "a6981ed2-b798-11e9-a598-8baa89257193", + "percentiles": [ + { + "id": "b507cc90-b798-11e9-af2f-3be5a91b64a6", + "mode": "line", + "shade": 0.2, + "value": 50 + } + ], + "type": "max" + }, + { + "field": "a6981ed2-b798-11e9-a598-8baa89257193", + "id": "ed6f33d0-b8ff-11e9-8645-31d6a6d28728", + "type": "derivative", + "unit": "1" + }, + { + "field": "ed6f33d0-b8ff-11e9-8645-31d6a6d28728", + "id": "f58b9e50-b8ff-11e9-8645-31d6a6d28728", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0, + "formatter": "number", + "id": "a6981ed3-b798-11e9-a598-8baa89257193", + "label": "Rows Fetched", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.rows.fetched", + "id": "a6981ed4-b798-11e9-a598-8baa89257193", + "type": "max" + }, + { + "field": "a6981ed4-b798-11e9-a598-8baa89257193", + "id": "064737e0-b900-11e9-8645-31d6a6d28728", + "type": "derivative", + "unit": "1s" + }, + { + "field": "064737e0-b900-11e9-8645-31d6a6d28728", + "id": "0fea1b50-b900-11e9-8645-31d6a6d28728", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Rows Fetched/Returned [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "66d67200-b799-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/960ecdf0-b79a-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/960ecdf0-b79a-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..ddb388f1c8c --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/960ecdf0-b79a-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Conflict/Deadlock Rates [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "6c90db30-b79a-11e9-a8f0-d7983cd3d871", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(12,121,125,1)", + "fill": 0, + "formatter": "number", + "id": "6c90db31-b79a-11e9-a8f0-d7983cd3d871", + "label": "conflicts", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.conflicts", + "id": "6c90db32-b79a-11e9-a8f0-d7983cd3d871", + "type": "avg" + }, + { + "field": "6c90db32-b79a-11e9-a8f0-d7983cd3d871", + "id": "6c90db34-b79a-11e9-a8f0-d7983cd3d871", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6c90db34-b79a-11e9-a8f0-d7983cd3d871", + "id": "6c90db33-b79a-11e9-a8f0-d7983cd3d871", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0, + "formatter": "number", + "id": "6c90db35-b79a-11e9-a8f0-d7983cd3d871", + "label": "deadlocks", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.deadlocks", + "id": "6c90db36-b79a-11e9-a8f0-d7983cd3d871", + "type": "avg" + }, + { + "field": "6c90db36-b79a-11e9-a8f0-d7983cd3d871", + "id": "6c90db38-b79a-11e9-a8f0-d7983cd3d871", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6c90db38-b79a-11e9-a8f0-d7983cd3d871", + "id": "6c90db37-b79a-11e9-a8f0-d7983cd3d871", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Conflict/Deadlock Rates [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "960ecdf0-b79a-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/98e6b0a0-b79b-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/98e6b0a0-b79b-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..1c1804b7989 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/98e6b0a0-b79b-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Database Filter [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "postgresql.database.name", + "id": "1549397251041", + "indexPatternRefName": "control_0_index_pattern", + "label": "database", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Database Filter [Metrics PostgreSQL] ECS", + "type": "input_control_vis" + } + }, + "id": "98e6b0a0-b79b-11e9-a579-f5c0a5d81340", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Log Level Count-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Log Level Count-ecs.json new file mode 100644 index 00000000000..43d55e81236 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Log Level Count-ecs.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Log Level Count [Logs PostgreSQL] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 12 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Log Level Count [Logs PostgreSQL] ECS", + "type": "table" + } + }, + "id": "PostgreSQL Log Level Count-ecs", + "references": [ + { + "id": "PostgreSQL All Logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Query Count and Duration-ecs.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Query Count and Duration-ecs.json new file mode 100644 index 00000000000..1899dd23afa --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/PostgreSQL Query Count and Duration-ecs.json @@ -0,0 +1,158 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Query count and cumulated duration [Logs PostgreSQL] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Number of queries": "#0A437C", + "Sum of query duration": "#6ED0E0" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Number of queries" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sum of query duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 3 hours" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "4", + "label": "Number of queries" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Sum of query duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Query count and cumulated duration [Logs PostgreSQL] ECS", + "type": "histogram" + } + }, + "id": "PostgreSQL Query Count and Duration-ecs", + "references": [ + { + "id": "PostgreSQL Query Durations-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/d733c630-b797-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/d733c630-b797-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..79c061299f8 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/d733c630-b797-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Database Transactions [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "7af01590-b797-11e9-8816-2992f1df7a62", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,188,0,1)", + "fill": 0, + "formatter": "number", + "id": "7af01591-b797-11e9-8816-2992f1df7a62", + "label": "committed", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.transactions.commit", + "id": "7af01592-b797-11e9-8816-2992f1df7a62", + "type": "max" + }, + { + "field": "7af01592-b797-11e9-8816-2992f1df7a62", + "id": "7af01594-b797-11e9-8816-2992f1df7a62", + "type": "derivative", + "unit": "1s" + }, + { + "field": "7af01594-b797-11e9-8816-2992f1df7a62", + "id": "7af01593-b797-11e9-8816-2992f1df7a62", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0, + "formatter": "number", + "id": "7af01595-b797-11e9-8816-2992f1df7a62", + "label": "rolled back", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.database.transactions.rollback", + "id": "7af01596-b797-11e9-8816-2992f1df7a62", + "type": "max" + }, + { + "field": "7af01596-b797-11e9-8816-2992f1df7a62", + "id": "7af01598-b797-11e9-8816-2992f1df7a62", + "type": "derivative", + "unit": "1s" + }, + { + "field": "7af01598-b797-11e9-8816-2992f1df7a62", + "id": "7af01597-b797-11e9-8816-2992f1df7a62", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Database Transactions [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "d733c630-b797-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/e2b28ce0-b908-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/e2b28ce0-b908-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..c08693b12a6 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/e2b28ce0-b908-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Shared block cache stats [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "8f49dbd0-b908-11e9-a256-6d0ec934f3f9", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#3185FC", + "fill": 0, + "formatter": "number", + "id": "8f49dbd1-b908-11e9-a256-6d0ec934f3f9", + "label": "cache hits", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.memory.shared.hit", + "id": "8f49dbd2-b908-11e9-a256-6d0ec934f3f9", + "type": "max" + }, + { + "field": "8f49dbd2-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd4-b908-11e9-a256-6d0ec934f3f9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "8f49dbd4-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd3-b908-11e9-a256-6d0ec934f3f9", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": 0, + "formatter": "number", + "id": "8f49dbd5-b908-11e9-a256-6d0ec934f3f9", + "label": "cache read", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.memory.shared.read", + "id": "8f49dbd6-b908-11e9-a256-6d0ec934f3f9", + "type": "max" + }, + { + "field": "8f49dbd6-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd8-b908-11e9-a256-6d0ec934f3f9", + "type": "derivative", + "unit": "1s" + }, + { + "field": "8f49dbd8-b908-11e9-a256-6d0ec934f3f9", + "id": "8f49dbd7-b908-11e9-a256-6d0ec934f3f9", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Shared block cache stats [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "e2b28ce0-b908-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/kibana/visualization/fbfa67e0-b796-11e9-a579-f5c0a5d81340.json b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/fbfa67e0-b796-11e9-a579-f5c0a5d81340.json new file mode 100644 index 00000000000..5ceb4c0e113 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/kibana/visualization/fbfa67e0-b796-11e9-a579-f5c0a5d81340.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Query Latency [Metrics PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "919c5570-b796-11e9-8ed3-ef1959e6b366", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.1", + "filter": { + "language": "kuery", + "query": "not postgresql.statement.query.text : (\"BEGIN;\" or \"begin\" or \"commit\" or \"end\" or \"END;\" or \"SELECT * FROM pg_stat_statements\" or \"SELECT * FROM pg_stat_database\" or \"SELECT * FROM pg_stat_bgwriter\" or \"SELECT * FROM pg_stat_activity\")" + }, + "formatter": "number", + "id": "919c5571-b796-11e9-8ed3-ef1959e6b366", + "label": "Query Latency", + "line_width": 2, + "metrics": [ + { + "field": "postgresql.statement.query.time.total.ms", + "id": "919c7c80-b796-11e9-8ed3-ef1959e6b366", + "type": "max" + }, + { + "field": "919c7c80-b796-11e9-8ed3-ef1959e6b366", + "id": "9e553c60-b79f-11e9-9029-a9d302b79ec2", + "type": "derivative", + "unit": "1s" + }, + { + "field": "9e553c60-b79f-11e9-9029-a9d302b79ec2", + "id": "a58b6590-b79f-11e9-9029-a9d302b79ec2", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "postgresql.statement.query.text", + "terms_order_by": "919c7c80-b796-11e9-8ed3-ef1959e6b366", + "terms_size": "10", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Query Latency [Metrics PostgreSQL] ECS", + "type": "metrics" + } + }, + "id": "fbfa67e0-b796-11e9-a579-f5c0a5d81340", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/postgresql/0.0.1/manifest.yml b/dev/packages/beats/postgresql/0.0.1/manifest.yml new file mode 100644 index 00000000000..c57f0fa6163 --- /dev/null +++ b/dev/packages/beats/postgresql/0.0.1/manifest.yml @@ -0,0 +1,47 @@ +format_version: 1.0.0 +name: postgresql +title: PostgreSQL +version: 0.0.1 +license: basic +description: PostgreSQL Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.1 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-postgresql-overview.png + title: filebeat postgresql overview + size: 1364x655 + type: image/png +- src: /img/filebeat-postgresql-slowlog-overview.png + title: filebeat postgresql slowlog overview + size: 1363x656 + type: image/png +- src: /img/metricbeat-postgresql-overview.png + title: metricbeat postgresql overview + size: 5004x2672 + type: image/png +icons: +- src: /img/logo_postgres.svg + title: logo postgres + size: 32x32 + type: image/svg+xml +datasources: +- name: postgresql + title: PostgreSQL logs and metrics + description: Collect logs and metrics from PostgreSQL instances + inputs: + - type: logs + title: Collect logs from PostgreSQL instances + description: Collecting PostgreSQL log logs + - type: postgresql/metrics + title: Collect metrics from PostgreSQL instances + description: Collecting PostgreSQL activity, bgwriter, database and statement + metrics diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/collector/agent/stream/stream.yml.hbs b/dev/packages/beats/prometheus/0.0.1/dataset/collector/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..04180cfe510 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/collector/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["collector"] diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/fields.yml new file mode 100644 index 00000000000..6889a5ef987 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/fields.yml @@ -0,0 +1,3 @@ +- name: prometheus. + type: keyword + release: ga diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/package-fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/package-fields.yml new file mode 100644 index 00000000000..114d04966dd --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/collector/fields/package-fields.yml @@ -0,0 +1,16 @@ +- name: prometheus.*.value + type: object + description: | + Prometheus gauge metric +- name: prometheus.*.counter + type: object + description: | + Prometheus counter metric +- name: prometheus.*.rate + type: object + description: | + Prometheus rated counter metric +- name: prometheus.*.histogram + type: object + description: | + Prometheus histogram metric diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/collector/manifest.yml b/dev/packages/beats/prometheus/0.0.1/dataset/collector/manifest.yml new file mode 100644 index 00000000000..6865f76c546 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/collector/manifest.yml @@ -0,0 +1,7 @@ +title: Prometheus typed metrics collector metrics +release: experimental +type: metrics +streams: +- input: prometheus/metrics + title: Prometheus typed metrics collector metrics + description: Collect Prometheus typed metrics collector metrics diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/query/agent/stream/stream.yml.hbs b/dev/packages/beats/prometheus/0.0.1/dataset/query/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..bb4f09b131b --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/query/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["query"] diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/fields.yml new file mode 100644 index 00000000000..5c21060eb3c --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/fields.yml @@ -0,0 +1,3 @@ +- name: prometheus.query + type: group + release: beta diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/package-fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/package-fields.yml new file mode 100644 index 00000000000..be9fab1061e --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/query/fields/package-fields.yml @@ -0,0 +1,15 @@ +- name: prometheus + type: group + fields: + - name: labels.* + type: object + description: | + Prometheus metric labels + - name: metrics.* + type: object + description: | + Prometheus metric + - name: query.* + type: object + description: | + Prometheus value resulted from PromQL diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/query/manifest.yml b/dev/packages/beats/prometheus/0.0.1/dataset/query/manifest.yml new file mode 100644 index 00000000000..6c4e30e95c3 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/query/manifest.yml @@ -0,0 +1,7 @@ +title: Prometheus query metrics +release: experimental +type: metrics +streams: +- input: prometheus/metrics + title: Prometheus query metrics + description: Collect Prometheus query metrics diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/agent/stream/stream.yml.hbs b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0244638839d --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["remote_write"] diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/fields.yml new file mode 100644 index 00000000000..6502d4432e0 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/fields.yml @@ -0,0 +1,3 @@ +- name: prometheus.remote_write + type: group + release: beta diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/package-fields.yml b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/package-fields.yml new file mode 100644 index 00000000000..be9fab1061e --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/fields/package-fields.yml @@ -0,0 +1,15 @@ +- name: prometheus + type: group + fields: + - name: labels.* + type: object + description: | + Prometheus metric labels + - name: metrics.* + type: object + description: | + Prometheus metric + - name: query.* + type: object + description: | + Prometheus value resulted from PromQL diff --git a/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/manifest.yml b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/manifest.yml new file mode 100644 index 00000000000..10cddba9ce5 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/dataset/remote_write/manifest.yml @@ -0,0 +1,7 @@ +title: Prometheus remote_write metrics +release: experimental +type: metrics +streams: +- input: prometheus/metrics + title: Prometheus remote_write metrics + description: Collect Prometheus remote_write metrics diff --git a/dev/packages/beats/prometheus/0.0.1/docs/README.md b/dev/packages/beats/prometheus/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/img/logo_prometheus.svg b/dev/packages/beats/prometheus/0.0.1/img/logo_prometheus.svg new file mode 100644 index 00000000000..9ee24e53f2a --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/img/logo_prometheus.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/prometheus/0.0.1/img/metricbeat-prometheus-overview.png b/dev/packages/beats/prometheus/0.0.1/img/metricbeat-prometheus-overview.png new file mode 100644 index 00000000000..0dda569f9de Binary files /dev/null and b/dev/packages/beats/prometheus/0.0.1/img/metricbeat-prometheus-overview.png differ diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/dashboard/6a9b80c0-b2ed-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/dashboard/6a9b80c0-b2ed-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..d24387f94f6 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/dashboard/6a9b80c0-b2ed-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,180 @@ +{ + "attributes": { + "description": "Various stats for Prometheus Server", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "HTTP Requests", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Query Durations", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "3", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Number of Targets", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 0, + "y": 22 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Head Chunks", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "5", + "w": 11, + "x": 0, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "WAL Stats", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "6", + "w": 13, + "x": 11, + "y": 15 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Reload Count", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 10, + "x": 24, + "y": 22 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Remote API Reads", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 14, + "x": 34, + "y": 22 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Alert Notifications", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Prometheus] Overview", + "version": 1 + }, + "id": "6a9b80c0-b2ed-11e9-9a23-67ee28886a4b", + "references": [ + { + "id": "19886730-b2e7-11e9-9a23-67ee28886a4b", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "f77c5900-b2e4-11e9-9a23-67ee28886a4b", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "ffb70040-b2ec-11e9-9a23-67ee28886a4b", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "79345b00-b2e5-11e9-9a23-67ee28886a4b", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "138704c0-b2f8-11e9-9a23-67ee28886a4b", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d7740b40-b2fc-11e9-9a23-67ee28886a4b", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "edd33100-b305-11e9-9a23-67ee28886a4b", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "0b356630-b308-11e9-9a23-67ee28886a4b", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/0b356630-b308-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/0b356630-b308-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..22004595212 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/0b356630-b308-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Alert Notifications [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "b1741ab0-b307-11e9-95cd-c3f5589dc7d2", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": 0, + "formatter": "number", + "id": "b1741ab1-b307-11e9-95cd-c3f5589dc7d2", + "label": "Capacity of the alert notifications queue", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_notifications_queue_capacity", + "id": "b1741ab2-b307-11e9-95cd-c3f5589dc7d2", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": "0.2", + "formatter": "number", + "id": "b1741ab3-b307-11e9-95cd-c3f5589dc7d2", + "label": "Alert notifications in the queue", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.prometheus_notifications_queue_length", + "id": "b1741ab4-b307-11e9-95cd-c3f5589dc7d2", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Alert Notifications [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "0b356630-b308-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/138704c0-b2f8-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/138704c0-b2f8-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..a92ddcc9fc1 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/138704c0-b2f8-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "WAL [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "f4985140-b2f7-11e9-8481-37d39feabbb2" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ce91d200-b2f7-11e9-9e3f-5b12e64d4361", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(247,75,56,1)", + "fill": 0, + "formatter": "number", + "id": "ce91f910-b2f7-11e9-9e3f-5b12e64d4361", + "label": "Failed WAL Truncations", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_tsdb_wal_truncations_failed_total", + "id": "ce91f911-b2f7-11e9-9e3f-5b12e64d4361", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": 0, + "formatter": "number", + "id": "ce91f912-b2f7-11e9-9e3f-5b12e64d4361", + "label": "WAL Corruptions Total", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_tsdb_wal_corruptions_total", + "id": "ce91f913-b2f7-11e9-9e3f-5b12e64d4361", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "WAL [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "138704c0-b2f8-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/19886730-b2e7-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/19886730-b2e7-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..2b31582b90e --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/19886730-b2e7-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "HTTP Requests [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "b2579fe0-b2e6-11e9-96a9-535735f478e7", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(219,223,0,1)", + "fill": 0, + "formatter": "number", + "id": "b2579fe1-b2e6-11e9-96a9-535735f478e7", + "label": "HTTP Requests", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_http_requests_total", + "id": "b2579fe2-b2e6-11e9-96a9-535735f478e7", + "type": "max" + }, + { + "field": "b2579fe2-b2e6-11e9-96a9-535735f478e7", + "id": "4ff83340-b445-11e9-88c2-81f27aea5920", + "type": "derivative", + "unit": "1s" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.handler", + "terms_size": "5", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "HTTP Requests [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "19886730-b2e7-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/79345b00-b2e5-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/79345b00-b2e5-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..eeb54cfad69 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/79345b00-b2e5-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Head Chunks [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "2f5a6920-b2e5-11e9-b248-0162f01eb4ee", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(101,50,148,1)", + "fill": 0, + "formatter": "number", + "id": "2f5a9030-b2e5-11e9-b248-0162f01eb4ee", + "label": "Head Chunks", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_tsdb_head_chunks", + "id": "2f5a9031-b2e5-11e9-b248-0162f01eb4ee", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Head Chunks [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "79345b00-b2e5-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/d7740b40-b2fc-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/d7740b40-b2fc-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..6d6f9fc43e3 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/d7740b40-b2fc-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,115 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Reload Count [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "6acaf760-b2fc-11e9-86ff-9300d5a00260", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(12,121,125,1)", + "fill": "0.2", + "formatter": "'0.0[0000]'", + "id": "6acaf761-b2fc-11e9-86ff-9300d5a00260", + "label": "reloads", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.prometheus_tsdb_reloads_total", + "id": "6acaf762-b2fc-11e9-86ff-9300d5a00260", + "type": "max" + }, + { + "field": "6acaf762-b2fc-11e9-86ff-9300d5a00260", + "id": "6acaf764-b2fc-11e9-86ff-9300d5a00260", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6acaf764-b2fc-11e9-86ff-9300d5a00260", + "id": "6acaf763-b2fc-11e9-86ff-9300d5a00260", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 1, + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#DB1374", + "fill": "0.2", + "formatter": "'0.0[0000]'", + "id": "6acaf765-b2fc-11e9-86ff-9300d5a00260", + "label": "failures", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.prometheus_tsdb_reloads_failures_total", + "id": "6acaf766-b2fc-11e9-86ff-9300d5a00260", + "type": "max" + }, + { + "field": "6acaf766-b2fc-11e9-86ff-9300d5a00260", + "id": "6acaf768-b2fc-11e9-86ff-9300d5a00260", + "type": "derivative", + "unit": "1s" + }, + { + "field": "6acaf768-b2fc-11e9-86ff-9300d5a00260", + "id": "6acaf767-b2fc-11e9-86ff-9300d5a00260", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 1, + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Reload Count [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "d7740b40-b2fc-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/edd33100-b305-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/edd33100-b305-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..745e8f43e86 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/edd33100-b305-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Remote API Reads [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "a3dbf320-b305-11e9-a86d-99bede5bfcc3", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(219,223,0,1)", + "fill": 0, + "formatter": "number", + "id": "a3dbf321-b305-11e9-a86d-99bede5bfcc3", + "label": "# of remote read queries", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_api_remote_read_queries", + "id": "a3dbf322-b305-11e9-a86d-99bede5bfcc3", + "type": "max" + }, + { + "field": "a3dbf322-b305-11e9-a86d-99bede5bfcc3", + "id": "a3dbf324-b305-11e9-a86d-99bede5bfcc3", + "type": "derivative", + "unit": "1s" + }, + { + "field": "a3dbf324-b305-11e9-a86d-99bede5bfcc3", + "id": "a3dbf323-b305-11e9-a86d-99bede5bfcc3", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Remote API Reads [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "edd33100-b305-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/f77c5900-b2e4-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/f77c5900-b2e4-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..928f77b8d56 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/f77c5900-b2e4-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Query Durations [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "prometheus.labels.quantile : \"0.99\"" + }, + "id": "0fa40ac0-b2e3-11e9-9d48-591d2f459020", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0, + "filter": { + "language": "kuery", + "query": "prometheus.labels.quantile : \"0.99\" " + }, + "formatter": "'0.0[0000]'", + "id": "0fa40ac1-b2e3-11e9-9d48-591d2f459020", + "label": "Query Durations p99", + "line_width": 2, + "metrics": [ + { + "field": "prometheus.metrics.prometheus_engine_query_duration_seconds", + "id": "0fa40ac2-b2e3-11e9-9d48-591d2f459020", + "type": "max" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#3185FC", + "filter": { + "language": "kuery", + "query": "prometheus.labels.slice : \"inner_eval\" " + }, + "id": "5089a8b0-b2e3-11e9-a478-1744b9617108", + "label": "Inner" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "prometheus.labels.slice", + "terms_order_by": "_count", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Query Durations [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "f77c5900-b2e4-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/kibana/visualization/ffb70040-b2ec-11e9-9a23-67ee28886a4b.json b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/ffb70040-b2ec-11e9-9a23-67ee28886a4b.json new file mode 100644 index 00000000000..dcdde256ddd --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/kibana/visualization/ffb70040-b2ec-11e9-9a23-67ee28886a4b.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of Targets [Metrics Prometheus]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "08298160-b2ea-11e9-a1e3-dd90a90fb461", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.2", + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "08298161-b2ea-11e9-a1e3-dd90a90fb461", + "label": "Total Number of Discovered Targets", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.prometheus_sd_discovered_targets", + "id": "08298162-b2ea-11e9-a1e3-dd90a90fb461", + "type": "max" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "steps": 1, + "terms_direction": "desc", + "terms_field": "prometheus.labels.name", + "terms_order_by": "08298162-b2ea-11e9-a1e3-dd90a90fb461", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of Targets [Metrics Prometheus]", + "type": "metrics" + } + }, + "id": "ffb70040-b2ec-11e9-9a23-67ee28886a4b", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/prometheus/0.0.1/manifest.yml b/dev/packages/beats/prometheus/0.0.1/manifest.yml new file mode 100644 index 00000000000..82d87d780b3 --- /dev/null +++ b/dev/packages/beats/prometheus/0.0.1/manifest.yml @@ -0,0 +1,34 @@ +format_version: 1.0.0 +name: prometheus +title: Prometheus typed metrics +version: 0.0.1 +license: basic +description: Prometheus typed metrics Integration +type: integration +categories: +- metrics +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-prometheus-overview.png + title: metricbeat prometheus overview + size: 5010x2676 + type: image/png +icons: +- src: /img/logo_prometheus.svg + title: logo prometheus + size: 32x32 + type: image/svg+xml +datasources: +- name: prometheus + title: Prometheus typed metrics metrics + description: Collect metrics from Prometheus typed metrics instances + inputs: + - type: prometheus/metrics + title: Collect metrics from Prometheus typed metrics instances + description: Collecting Prometheus typed metrics collector metrics diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/agent/stream/stream.yml.hbs b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9e24c3b1049 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["connection"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/ecs.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/ecs.yml new file mode 100644 index 00000000000..c4b3ba7beca --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/ecs.yml @@ -0,0 +1,15 @@ +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 00000000000..d397c6ef7d6 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,69 @@ +- name: rabbitmq.connection + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The name of the connection with non-ASCII characters escaped as in C. + - name: state + type: keyword + description: | + Connection state. + - name: channels + type: long + description: | + The number of channels on the connection. + - name: channel_max + type: long + description: | + The maximum number of channels allowed on the connection. + - name: frame_max + type: long + format: bytes + description: | + Maximum permissible size of a frame (in bytes) to negotiate with clients. + - name: type + type: keyword + description: | + Type of the connection. + - name: host + type: keyword + description: | + Server hostname obtained via reverse DNS, or its IP address if reverse DNS failed or was disabled. + - name: peer.host + type: keyword + description: | + Peer hostname obtained via reverse DNS, or its IP address if reverse DNS failed or was not enabled. + - name: port + type: long + description: | + Server port. + - name: peer.port + type: long + description: | + Peer port. + - name: packet_count.sent + type: long + description: | + Number of packets sent on the connection. + - name: packet_count.received + type: long + description: | + Number of packets received on the connection. + - name: packet_count.pending + type: long + description: | + Number of packets pending on the connection. + - name: octet_count.sent + type: long + description: | + Number of octets sent on the connection. + - name: octet_count.received + type: long + description: | + Number of octets received on the connection. + - name: client_provided.name + type: keyword + description: | + User specified connection name. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/package-fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/package-fields.yml new file mode 100644 index 00000000000..c414f2a20c0 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: rabbitmq + type: group + fields: + - name: vhost + type: keyword + description: | + Virtual host name with non-ASCII characters escaped as in C. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/manifest.yml new file mode 100644 index 00000000000..157ca0f0153 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/connection/manifest.yml @@ -0,0 +1,23 @@ +title: RabbitMQ connection metrics +release: experimental +type: metrics +streams: +- input: rabbitmq/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15672 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: RabbitMQ connection metrics + description: Collect RabbitMQ connection metrics diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/agent/stream/stream.yml.hbs b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..fab57e52a98 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["exchange"] diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/ecs.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/ecs.yml new file mode 100644 index 00000000000..c4b3ba7beca --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/ecs.yml @@ -0,0 +1,15 @@ +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/fields.yml new file mode 100644 index 00000000000..8a4d68e3bb9 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/fields.yml @@ -0,0 +1,36 @@ +- name: rabbitmq.exchange + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The name of the queue with non-ASCII characters escaped as in C. + - name: durable + type: boolean + description: | + Whether or not the queue survives server restarts. + - name: auto_delete + type: boolean + description: | + Whether the queue will be deleted automatically when no longer used. + - name: internal + type: boolean + description: | + Whether the exchange is internal, i.e. cannot be directly published to by a client. + - name: messages.publish_in.count + type: long + description: | + Count of messages published "in" to an exchange, i.e. not taking account of routing. + - name: messages.publish_in.details.rate + type: float + description: | + How much the exchange publish-in count has changed per second in the most recent sampling interval. + - name: messages.publish_out.count + type: long + description: | + Count of messages published "out" of an exchange, i.e. taking account of routing. + - name: messages.publish_out.details.rate + type: float + description: | + How much the exchange publish-out count has changed per second in the most recent sampling interval. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/package-fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/package-fields.yml new file mode 100644 index 00000000000..c414f2a20c0 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: rabbitmq + type: group + fields: + - name: vhost + type: keyword + description: | + Virtual host name with non-ASCII characters escaped as in C. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/manifest.yml new file mode 100644 index 00000000000..a00eb5c4af3 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/exchange/manifest.yml @@ -0,0 +1,7 @@ +title: RabbitMQ exchange metrics +release: experimental +type: metrics +streams: +- input: rabbitmq/metrics + title: RabbitMQ exchange metrics + description: Collect RabbitMQ exchange metrics diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..13cd0400f3c --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +# If the line doesn't start with a timestamp, consider it a continuation of the previous line +# From https://www.elastic.co/guide/en/beats/filebeat/current/_examples_of_multiline_configuration.html#_timestamps +# ideally, this would be the same pattern (`DATESTAMP`) used in `processors.grok.patterns` +multiline: + pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2}' + negate: true + match: after +processors: + - add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..58097c578d8 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,35 @@ +--- +description: Pipeline for parsing RabbitMQ logs +processors: +- grok: + field: message + pattern_definitions: + GREEDYMULTILINE: "(.|\n)*" + ERL_PID: "\\<%{INT}+\\.%{INT}+\\.%{INT}+\\>" + patterns: + - "%{DATESTAMP:timestamp} \\[%{WORD:log.level}\\] %{ERL_PID:rabbitmq.log.pid} + %{GREEDYMULTILINE:message}" + ignore_missing: true +- date: + if: "ctx.event.timezone == null" + field: timestamp + target_field: "@timestamp" + formats: + - yy-MM-dd HH:mm:ss.SSS +- date: + if: "ctx.event.timezone != null" + field: "timestamp" + target_field: "@timestamp" + timezone: "{{ event.timezone }}" + formats: + - yy-MM-dd HH:mm:ss.SSS +- remove: + field: + - timestamp +- set: + field: event.kind + value: event +on_failure: +- set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..463205145f3 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,6 @@ +- name: rabbitmq.log + type: group + fields: + - name: pid + type: keyword + description: The Erlang process id diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..86bbcbc688d --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: rabbitmq + type: group diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..12edd3c973a --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,21 @@ +title: RabbitMQ log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - ${RABBITMQ_LOGS:/var/log/rabbitmq/rabbit@localhost.log*} + os: + darwin: + default: + - ${RABBITMQ_LOGS:/usr/local/var/log/rabbitmq/rabbit@localhost.log*} + template_path: log.yml.hbs + title: RabbitMQ log logs (log) + description: Collect RabbitMQ log logs using log input diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..93e178de9df --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,157 @@ +- name: rabbitmq.node + type: group + release: ga + fields: + - name: disk.free.bytes + type: long + format: bytes + description: | + Disk free space in bytes. + - name: disk.free.limit.bytes + type: long + format: bytes + description: | + Point at which the disk alarm will go off. + - name: fd.total + type: long + description: | + File descriptors available. + - name: fd.used + type: long + description: | + Used file descriptors. + - name: gc.num.count + type: long + description: | + Number of GC operations. + - name: gc.reclaimed.bytes + type: long + format: bytes + description: | + GC bytes reclaimed. + - name: io.file_handle.open_attempt.avg.ms + type: long + description: | + File handle open avg time + - name: io.file_handle.open_attempt.count + type: long + description: | + File handle open attempts + - name: io.read.avg.ms + type: long + description: | + File handle read avg time + - name: io.read.bytes + type: long + format: bytes + description: | + Data read in bytes + - name: io.read.count + type: long + description: | + Data read operations + - name: io.reopen.count + type: long + description: | + Data reopen operations + - name: io.seek.avg.ms + type: long + description: | + Data seek avg time + - name: io.seek.count + type: long + description: | + Data seek operations + - name: io.sync.avg.ms + type: long + description: | + Data sync avg time + - name: io.sync.count + type: long + description: | + Data sync operations + - name: io.write.avg.ms + type: long + description: | + Data write avg time + - name: io.write.bytes + type: long + format: bytes + description: | + Data write in bytes + - name: io.write.count + type: long + description: | + Data write operations + - name: mem.limit.bytes + type: long + format: bytes + description: | + Point at which the memory alarm will go off. + - name: mem.used.bytes + type: long + description: | + Memory used in bytes. + - name: mnesia.disk.tx.count + type: long + description: | + Number of Mnesia transactions which have been performed that required writes to disk. + - name: mnesia.ram.tx.count + type: long + description: | + Number of Mnesia transactions which have been performed that did not require writes to disk. + - name: msg.store_read.count + type: long + description: | + Number of messages which have been read from the message store. + - name: msg.store_write.count + type: long + description: | + Number of messages which have been written to the message store. + - name: name + type: keyword + description: Node name + - name: proc.total + type: long + description: | + Maximum number of Erlang processes. + - name: proc.used + type: long + description: | + Number of Erlang processes in use. + - name: processors + type: long + description: | + Number of cores detected and usable by Erlang. + - name: queue.index.journal_write.count + type: long + description: | + Number of records written to the queue index journal. + - name: queue.index.read.count + type: long + description: | + Number of records read from the queue index. + - name: queue.index.write.count + type: long + description: | + Number of records written to the queue index. + - name: run.queue + type: long + description: | + Average number of Erlang processes waiting to run. + - name: socket.total + type: long + description: | + File descriptors available for use as sockets. + - name: socket.used + type: long + description: | + File descriptors used as sockets. + - name: type + type: keyword + description: | + Node type. + - name: uptime + type: long + description: | + Node uptime. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..c414f2a20c0 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: rabbitmq + type: group + fields: + - name: vhost + type: keyword + description: | + Virtual host name with non-ASCII characters escaped as in C. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..58c78d6f9b1 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,23 @@ +title: RabbitMQ node metrics +release: experimental +type: metrics +streams: +- input: rabbitmq/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15672 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: RabbitMQ node metrics + description: Collect RabbitMQ node metrics diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..8fd8858079b --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["queue"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/fields.yml new file mode 100644 index 00000000000..a2db5d5dfe3 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/fields.yml @@ -0,0 +1,78 @@ +- name: rabbitmq.queue + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The name of the queue with non-ASCII characters escaped as in C. + - name: durable + type: boolean + description: | + Whether or not the queue survives server restarts. + - name: auto_delete + type: boolean + description: | + Whether the queue will be deleted automatically when no longer used. + - name: exclusive + type: boolean + description: | + Whether the queue is exclusive (i.e. has owner_pid). + - name: state + type: keyword + description: | + The state of the queue. Normally 'running', but may be "{syncing, MsgCount}" if the queue is synchronising. Queues which are located on cluster nodes that are currently down will be shown with a status of 'down'. + - name: arguments.max_priority + type: long + description: | + Maximum number of priority levels for the queue to support. + - name: consumers.count + type: long + description: | + Number of consumers. + - name: consumers.utilisation.pct + type: long + format: percent + description: | + Fraction of the time (between 0.0 and 1.0) that the queue is able to immediately deliver messages to consumers. This can be less than 1.0 if consumers are limited by network congestion or prefetch count. + - name: messages.total.count + type: long + description: | + Sum of ready and unacknowledged messages (queue depth). + - name: messages.total.details.rate + type: float + description: | + How much the queue depth has changed per second in the most recent sampling interval. + - name: messages.ready.count + type: long + description: | + Number of messages ready to be delivered to clients. + - name: messages.ready.details.rate + type: float + description: | + How much the count of messages ready has changed per second in the most recent sampling interval. + - name: messages.unacknowledged.count + type: long + description: | + Number of messages delivered to clients but not yet acknowledged. + - name: messages.unacknowledged.details.rate + type: float + description: | + How much the count of unacknowledged messages has changed per second in the most recent sampling interval. + - name: messages.persistent.count + type: long + description: | + Total number of persistent messages in the queue (will always be 0 for transient queues). + - name: memory.bytes + type: long + format: bytes + description: | + Bytes of memory consumed by the Erlang process associated with the queue, including stack, heap and internal structures. + - name: disk.reads.count + type: long + description: | + Total number of times messages have been read from disk by this queue since it started. + - name: disk.writes.count + type: long + description: | + Total number of times messages have been written to disk by this queue since it started. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/package-fields.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/package-fields.yml new file mode 100644 index 00000000000..c414f2a20c0 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: rabbitmq + type: group + fields: + - name: vhost + type: keyword + description: | + Virtual host name with non-ASCII characters escaped as in C. diff --git a/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/manifest.yml new file mode 100644 index 00000000000..3c7d7113ea1 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/dataset/queue/manifest.yml @@ -0,0 +1,23 @@ +title: RabbitMQ queue metrics +release: experimental +type: metrics +streams: +- input: rabbitmq/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:15672 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: RabbitMQ queue metrics + description: Collect RabbitMQ queue metrics diff --git a/dev/packages/beats/rabbitmq/0.0.1/docs/README.md b/dev/packages/beats/rabbitmq/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/img/logo_rabbitmq.svg b/dev/packages/beats/rabbitmq/0.0.1/img/logo_rabbitmq.svg new file mode 100644 index 00000000000..dabd2a5744c --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/img/logo_rabbitmq.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/dashboard/AV4YobKIge1VCbKU_qVo-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/dashboard/AV4YobKIge1VCbKU_qVo-ecs.json new file mode 100644 index 00000000000..c199910b0f3 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/dashboard/AV4YobKIge1VCbKU_qVo-ecs.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "Overview of RabbitMQ status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 12, + "x": 28, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "10", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "9", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics RabbitMQ] Overview ECS", + "version": 1 + }, + "id": "AV4YobKIge1VCbKU_qVo-ecs", + "references": [ + { + "id": "RabbitMQ-Memory-Usage-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Rabbitmq-Number-of-Nodes-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "RabbitMQ-Erlang-Process-Usage-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "RabbitMQ-Queue-Index-Operations-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/search/Metricbeat-Rabbitmq-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/search/Metricbeat-Rabbitmq-ecs.json new file mode 100644 index 00000000000..dc1f3c1f077 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/search/Metricbeat-Rabbitmq-ecs.json @@ -0,0 +1,46 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:rabbitmq.connection OR stream.dataset:rabbitmq.exchange OR stream.dataset:rabbitmq.node OR stream.dataset:rabbitmq.queue)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Metrics Rabbitmq ECS", + "version": 1 + }, + "id": "Metrics-Rabbitmq-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Erlang-Process-Usage-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Erlang-Process-Usage-ecs.json new file mode 100644 index 00000000000..0a406051961 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Erlang-Process-Usage-ecs.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Erlang Process Usage [Metrics RabbitMQ] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Used Process", + "field": "rabbitmq.node.proc.used" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "30s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Node name", + "field": "rabbitmq.node.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "top", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": false, + "smoothLines": true, + "times": [], + "yAxis": {} + }, + "title": "RabbitMQ Erlang Process Usage ECS", + "type": "line" + } + }, + "id": "RabbitMQ-Erlang-Process-Usage-ecs", + "references": [ + { + "id": "Metrics-Rabbitmq-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Memory-Usage-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Memory-Usage-ecs.json new file mode 100644 index 00000000000..675e6fda2cb --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Memory-Usage-ecs.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Memory Usage [Metrics RabbitMQ] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Used memory", + "field": "rabbitmq.node.mem.used.bytes", + "json": "" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "30s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Node name", + "field": "rabbitmq.node.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": true, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "top", + "radiusRatio": 9, + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": false, + "smoothLines": true, + "times": [], + "yAxis": {} + }, + "title": "RabbitMQ Memory Usage ECS", + "type": "line" + } + }, + "id": "RabbitMQ-Memory-Usage-ecs", + "references": [ + { + "id": "Metrics-Rabbitmq-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Queue-Index-Operations-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Queue-Index-Operations-ecs.json new file mode 100644 index 00000000000..c9931c387e5 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/RabbitMQ-Queue-Index-Operations-ecs.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Queue Index Operations [Metrics RabbitMQ] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Queue Index Read", + "field": "rabbitmq.node.queue.index.read.count" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "30s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Queue Index Jornal Write", + "field": "rabbitmq.node.queue.index.journal_write.count" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Queue Index Write", + "field": "rabbitmq.node.queue.index.write.count" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "top", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": false, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Queue Index Operations [Metrics RabbitMQ] ECS", + "type": "line" + } + }, + "id": "RabbitMQ-Queue-Index-Operations-ecs", + "references": [ + { + "id": "Metrics-Rabbitmq-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/Rabbitmq-Number-of-Nodes-ecs.json b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/Rabbitmq-Number-of-Nodes-ecs.json new file mode 100644 index 00000000000..14161cc4282 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/kibana/visualization/Rabbitmq-Number-of-Nodes-ecs.json @@ -0,0 +1,44 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Number of Nodes [Metrics RabbitMQ] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "RabbitMQ Nodes", + "field": "rabbitmq.node.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "fontSize": 60, + "handleNoResults": true + }, + "title": "Rabbitmq Number of Nodes ECS", + "type": "metric" + } + }, + "id": "Rabbitmq-Number-of-Nodes-ecs", + "references": [ + { + "id": "Metrics-Rabbitmq-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/rabbitmq/0.0.1/manifest.yml b/dev/packages/beats/rabbitmq/0.0.1/manifest.yml new file mode 100644 index 00000000000..f58b102bd84 --- /dev/null +++ b/dev/packages/beats/rabbitmq/0.0.1/manifest.yml @@ -0,0 +1,33 @@ +format_version: 1.0.0 +name: rabbitmq +title: RabbitMQ +version: 0.0.1 +license: basic +description: RabbitMQ Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +icons: +- src: /img/logo_rabbitmq.svg + title: logo rabbitmq + size: 32x32 + type: image/svg+xml +datasources: +- name: rabbitmq + title: RabbitMQ logs and metrics + description: Collect logs and metrics from RabbitMQ instances + inputs: + - type: logs + title: Collect logs from RabbitMQ instances + description: Collecting RabbitMQ log logs + - type: rabbitmq/metrics + title: Collect metrics from RabbitMQ instances + description: Collecting RabbitMQ connection, exchange, node and queue metrics diff --git a/dev/packages/beats/redis/0.0.1/dataset/info/agent/stream/stream.yml.hbs b/dev/packages/beats/redis/0.0.1/dataset/info/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b278d082375 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/info/agent/stream/stream.yml.hbs @@ -0,0 +1,18 @@ +metricsets: ["info"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if idle_timeout}} +idle_timeout: {{idle_timeout}} +{{/if}} +{{#if maxconn}} +maxconn: {{maxconn}} +{{/if}} +{{#if network}} +network: {{network}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/redis/0.0.1/dataset/info/fields/ecs.yml b/dev/packages/beats/redis/0.0.1/dataset/info/fields/ecs.yml new file mode 100644 index 00000000000..aba10287214 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/info/fields/ecs.yml @@ -0,0 +1,37 @@ +- name: os + title: Operating System + group: 2 + type: group + fields: + - name: full + level: extended + type: keyword + description: Operating system name, including the version or code name. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. +- name: service + title: Service + group: 2 + type: group + fields: + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/redis/0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/redis/0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 00000000000..50f87a110be --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,452 @@ +- name: redis.info + type: group + release: ga + fields: + - name: clients + type: group + fields: + - name: connected + type: long + description: | + Number of client connections (excluding connections from slaves). + - name: longest_output_list + type: long + description: | + Longest output list among current client connections (replaced by max_output_buffer). + - name: max_output_buffer + type: long + description: | + Longest output list among current client connections. + - name: biggest_input_buf + type: long + description: | + Biggest input buffer among current client connections (replaced by max_input_buffer). + - name: max_input_buffer + type: long + description: | + Biggest input buffer among current client connections (on redis 5.0). + - name: blocked + type: long + description: | + Number of clients pending on a blocking call (BLPOP, BRPOP, BRPOPLPUSH). + - name: cluster + type: group + fields: + - name: enabled + type: boolean + description: | + Indicates that the Redis cluster is enabled. + - name: cpu + type: group + fields: + - name: used.sys + type: scaled_float + description: | + System CPU consumed by the Redis server. + - name: used.sys_children + type: scaled_float + description: | + User CPU consumed by the Redis server. + - name: used.user + type: scaled_float + description: | + System CPU consumed by the background processes. + - name: used.user_children + type: scaled_float + description: | + User CPU consumed by the background processes. + - name: memory + type: group + fields: + - name: used.value + type: long + format: bytes + description: | + Total number of bytes allocated by Redis. + - name: used.rss + type: long + format: bytes + description: | + Number of bytes that Redis allocated as seen by the operating system (a.k.a resident set size). + - name: used.peak + type: long + format: bytes + description: | + Peak memory consumed by Redis. + - name: used.lua + type: long + format: bytes + description: "Used memory by the Lua engine. \n" + - name: used.dataset + type: long + format: bytes + description: "The size in bytes of the dataset \n" + - name: max.value + type: long + format: bytes + description: | + Memory limit. + - name: max.policy + type: keyword + description: | + Eviction policy to use when memory limit is reached. + - name: fragmentation.ratio + type: float + description: | + Ratio between used_memory_rss and used_memory + - name: fragmentation.bytes + type: long + format: bytes + description: | + Bytes between used_memory_rss and used_memory + - name: active_defrag.is_running + type: boolean + description: | + Flag indicating if active defragmentation is active + - name: allocator + type: keyword + description: | + Memory allocator. + - name: allocator_stats + type: group + fields: + - name: allocated + type: long + format: bytes + description: | + Allocated memory + - name: active + type: long + format: bytes + description: | + Active memeory + - name: resident + type: long + format: bytes + description: | + Resident memory + - name: fragmentation.ratio + type: float + description: | + Fragmentation ratio + - name: fragmentation.bytes + type: long + format: bytes + description: | + Fragmented bytes + - name: rss.ratio + type: float + description: | + Resident ratio + - name: rss.bytes + type: long + format: bytes + description: | + Resident bytes + - name: persistence + type: group + fields: + - name: loading + type: boolean + description: | + Flag indicating if the load of a dump file is on-going + - name: rdb + type: group + fields: + - name: last_save.changes_since + type: long + description: | + Number of changes since the last dump + - name: last_save.time + type: long + description: | + Epoch-based timestamp of last successful RDB save + - name: bgsave.in_progress + type: boolean + description: | + Flag indicating a RDB save is on-going + - name: bgsave.last_status + type: keyword + description: | + Status of the last RDB save operation + - name: bgsave.last_time.sec + type: long + format: duration + description: | + Duration of the last RDB save operation in seconds + - name: bgsave.current_time.sec + type: long + format: duration + description: | + Duration of the on-going RDB save operation if any + - name: copy_on_write.last_size + type: long + format: bytes + description: "The size in bytes of copy-on-write allocations during the last + RBD save operation \n" + - name: aof + type: group + fields: + - name: enabled + type: boolean + description: | + Flag indicating AOF logging is activated + - name: rewrite.in_progress + type: boolean + description: | + Flag indicating a AOF rewrite operation is on-going + - name: rewrite.scheduled + type: boolean + description: | + Flag indicating an AOF rewrite operation will be scheduled once the on-going RDB save is complete. + - name: rewrite.last_time.sec + type: long + format: duration + description: | + Duration of the last AOF rewrite operation in seconds + - name: rewrite.current_time.sec + type: long + format: duration + description: | + Duration of the on-going AOF rewrite operation if any + - name: rewrite.buffer.size + type: long + format: bytes + description: | + Size of the AOF rewrite buffer + - name: bgrewrite.last_status + type: keyword + description: | + Status of the last AOF rewrite operatio + - name: write.last_status + type: keyword + description: | + Status of the last write operation to the AOF + - name: copy_on_write.last_size + type: long + format: bytes + description: | + The size in bytes of copy-on-write allocations during the last RBD save operation + - name: buffer.size + type: long + format: bytes + description: | + Size of the AOF buffer + - name: size.current + type: long + format: bytes + description: "AOF current file size \n" + - name: size.base + type: long + format: bytes + description: | + AOF file size on latest startup or rewrite + - name: fsync.pending + type: long + description: | + Number of fsync pending jobs in background I/O queue + - name: fsync.delayed + type: long + description: | + Delayed fsync counter + - name: replication + type: group + fields: + - name: role + type: keyword + description: | + Role of the instance (can be "master", or "slave"). + - name: connected_slaves + type: long + description: | + Number of connected slaves + - name: master_offset + type: long + description: | + The server's current replication offset + - name: backlog.active + type: long + description: | + Flag indicating replication backlog is active + - name: backlog.size + type: long + format: bytes + description: | + Total size in bytes of the replication backlog buffer + - name: backlog.first_byte_offset + type: long + description: "The master offset of the replication backlog buffer \n" + - name: backlog.histlen + type: long + description: | + Size in bytes of the data in the replication backlog buffer + - name: master.offset + type: long + description: | + The server's current replication offset + - name: master.second_offset + type: long + description: | + The offset up to which replication IDs are accepted + - name: master.link_status + type: keyword + description: | + Status of the link (up/down) + - name: master.last_io_seconds_ago + type: long + format: duration + description: | + Number of seconds since the last interaction with master + - name: master.sync.in_progress + type: boolean + description: | + Indicate the master is syncing to the slave + - name: master.sync.left_bytes + type: long + format: bytes + description: | + Number of bytes left before syncing is complete + - name: master.sync.last_io_seconds_ago + type: long + format: duration + description: | + Number of seconds since last transfer I/O during a SYNC operation + - name: slave.offset + type: long + description: | + The replication offset of the slave instance + - name: slave.priority + type: long + description: | + The priority of the instance as a candidate for failover + - name: slave.is_readonly + type: boolean + description: | + Flag indicating if the slave is read-only + - name: server + type: group + fields: + - name: git_sha1 + type: keyword + - name: git_dirty + type: keyword + - name: build_id + type: keyword + - name: mode + type: keyword + - name: arch_bits + type: keyword + - name: multiplexing_api + type: keyword + - name: gcc_version + type: keyword + - name: run_id + type: keyword + - name: tcp_port + type: long + - name: uptime + type: long + - name: hz + type: long + - name: lru_clock + type: long + - name: config_file + type: keyword + - name: stats + type: group + fields: + - name: connections.received + type: long + description: Total number of connections received. + - name: connections.rejected + type: long + description: Total number of connections rejected. + - name: commands_processed + type: long + description: Total number of commands processed. + - name: net.input.bytes + type: long + description: Total network input in bytes. + - name: net.output.bytes + type: long + description: Total network output in bytes. + - name: instantaneous.ops_per_sec + type: long + description: | + Number of commands processed per second + - name: instantaneous.input_kbps + type: scaled_float + description: | + The network's read rate per second in KB/sec + - name: instantaneous.output_kbps + type: scaled_float + description: | + The network's write rate per second in KB/sec + - name: sync.full + type: long + description: | + The number of full resyncs with slaves + - name: sync.partial.ok + type: long + description: | + The number of accepted partial resync requests + - name: sync.partial.err + type: long + description: | + The number of denied partial resync requests + - name: keys.expired + type: long + description: | + Total number of key expiration events + - name: keys.evicted + type: long + description: | + Number of evicted keys due to maxmemory limit + - name: keyspace.hits + type: long + description: | + Number of successful lookup of keys in the main dictionary + - name: keyspace.misses + type: long + description: | + Number of failed lookup of keys in the main dictionary + - name: pubsub.channels + type: long + description: | + Global number of pub/sub channels with client subscriptions + - name: pubsub.patterns + type: long + description: | + Global number of pub/sub pattern with client subscriptions + - name: latest_fork_usec + type: long + description: | + Duration of the latest fork operation in microseconds + - name: migrate_cached_sockets + type: long + description: | + The number of sockets open for MIGRATE purposes + - name: slave_expires_tracked_keys + type: long + description: | + The number of keys tracked for expiry purposes (applicable only to writable slaves) + - name: active_defrag.hits + type: long + description: | + Number of value reallocations performed by active the defragmentation process + - name: active_defrag.misses + type: long + description: | + Number of aborted value reallocations started by the active defragmentation process + - name: active_defrag.key_hits + type: long + description: | + Number of keys that were actively defragmented + - name: active_defrag.key_misses + type: long + description: | + Number of keys that were skipped by the active defragmentation process + - name: slowlog.count + type: long + description: | + Count of slow operations diff --git a/dev/packages/beats/redis/0.0.1/dataset/info/fields/package-fields.yml b/dev/packages/beats/redis/0.0.1/dataset/info/fields/package-fields.yml new file mode 100644 index 00000000000..372f2b7bc9a --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/info/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redis + type: group diff --git a/dev/packages/beats/redis/0.0.1/dataset/info/manifest.yml b/dev/packages/beats/redis/0.0.1/dataset/info/manifest.yml new file mode 100644 index 00000000000..277b3bc1f26 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/info/manifest.yml @@ -0,0 +1,15 @@ +title: Redis info metrics +release: experimental +type: metrics +streams: +- input: redis/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Redis info metrics + description: Collect Redis info metrics diff --git a/dev/packages/beats/redis/0.0.1/dataset/key/agent/stream/stream.yml.hbs b/dev/packages/beats/redis/0.0.1/dataset/key/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..71b20346c95 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/key/agent/stream/stream.yml.hbs @@ -0,0 +1,21 @@ +metricsets: ["key"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if idle_timeout}} +idle_timeout: {{idle_timeout}} +{{/if}} +{{#if key.patterns}} +key.patterns: {{key.patterns}} +{{/if}} +{{#if maxconn}} +maxconn: {{maxconn}} +{{/if}} +{{#if network}} +network: {{network}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/redis/0.0.1/dataset/key/fields/fields.yml b/dev/packages/beats/redis/0.0.1/dataset/key/fields/fields.yml new file mode 100644 index 00000000000..ae99a943b68 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/key/fields/fields.yml @@ -0,0 +1,24 @@ +- name: redis.key + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Key name. + - name: id + type: keyword + description: | + Unique id for this key (With the form :). + - name: type + type: keyword + description: | + Key type as shown by `TYPE` command. + - name: length + type: long + description: | + Length of the key (Number of elements for lists, length for strings, cardinality for sets). + - name: expire.ttl + type: long + description: | + Seconds to expire. diff --git a/dev/packages/beats/redis/0.0.1/dataset/key/fields/package-fields.yml b/dev/packages/beats/redis/0.0.1/dataset/key/fields/package-fields.yml new file mode 100644 index 00000000000..372f2b7bc9a --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/key/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redis + type: group diff --git a/dev/packages/beats/redis/0.0.1/dataset/key/manifest.yml b/dev/packages/beats/redis/0.0.1/dataset/key/manifest.yml new file mode 100644 index 00000000000..48b4303df9e --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/key/manifest.yml @@ -0,0 +1,24 @@ +title: Redis key metrics +release: experimental +type: metrics +streams: +- input: redis/metrics + vars: + - name: key.patterns + type: yaml + title: Key Patterns + multi: false + required: true + show_user: true + default: | + - limit: 20 + pattern: '*' + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Redis key metrics + description: Collect Redis key metrics diff --git a/dev/packages/beats/redis/0.0.1/dataset/keyspace/agent/stream/stream.yml.hbs b/dev/packages/beats/redis/0.0.1/dataset/keyspace/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3301bfd4cef --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/keyspace/agent/stream/stream.yml.hbs @@ -0,0 +1,18 @@ +metricsets: ["keyspace"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if idle_timeout}} +idle_timeout: {{idle_timeout}} +{{/if}} +{{#if maxconn}} +maxconn: {{maxconn}} +{{/if}} +{{#if network}} +network: {{network}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/fields.yml b/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/fields.yml new file mode 100644 index 00000000000..2f5c15d8b12 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/fields.yml @@ -0,0 +1,18 @@ +- name: redis.keyspace + type: group + release: ga + fields: + - name: id + type: keyword + description: | + Keyspace identifier. + - name: avg_ttl + type: long + description: | + Average ttl. + - name: keys + type: long + description: | + Number of keys in the keyspace. + - name: expires + type: long diff --git a/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/package-fields.yml b/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/package-fields.yml new file mode 100644 index 00000000000..372f2b7bc9a --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/keyspace/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redis + type: group diff --git a/dev/packages/beats/redis/0.0.1/dataset/keyspace/manifest.yml b/dev/packages/beats/redis/0.0.1/dataset/keyspace/manifest.yml new file mode 100644 index 00000000000..a9c04e16ca3 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/keyspace/manifest.yml @@ -0,0 +1,15 @@ +title: Redis keyspace metrics +release: experimental +type: metrics +streams: +- input: redis/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Redis keyspace metrics + description: Collect Redis keyspace metrics diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/redis/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..dd460dc9081 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,6 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +exclude_lines: ["^\\s+[\\-`('.|_]"] # drop asciiart lines\n \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/redis/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..97faa1c1cef --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,85 @@ +--- +description: Pipeline for parsing redis logs +processors: +- grok: + field: message + patterns: + - (%{POSINT:process.pid:long}:%{CHAR:redis.log.role} )?(%{REDISTIMESTAMP1:redis.log.timestamp}||%{REDISTIMESTAMP2:redis.log.timestamp}) + %{REDISLEVEL:log.level} %{GREEDYDATA:message} + - '%{POSINT:process.pid:long}:signal-handler \(%{POSINT:redis.log.timestamp}\) + %{GREEDYDATA:message}' + pattern_definitions: + CHAR: '[a-zA-Z]' + REDISLEVEL: '[.\-*#]' + REDISTIMESTAMP1: '%{MONTHDAY} %{MONTH} %{TIME}' + REDISTIMESTAMP2: '%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}' +- script: + lang: painless + source: >- + if (ctx.log.level == params.dot) { + ctx.log.level = params.debug; + } else if (ctx.log.level == params.dash) { + ctx.log.level = params.verbose; + } else if (ctx.log.level == params.asterisk) { + ctx.log.level = params.notice; + } else if (ctx.log.level == params.hash) { + ctx.log.level = params.warning; + } + params: + dot: . + debug: debug + dash: '-' + verbose: verbose + asterisk: '*' + notice: notice + hash: '#' + warning: warning +- script: + lang: painless + source: >- + if (ctx.redis.log.role == params.master_abbrev) { + ctx.redis.log.role = params.master; + } else if (ctx.redis.log.role == params.slave_abbrev) { + ctx.redis.log.role = params.slave; + } else if (ctx.redis.log.role == params.child_abbrev) { + ctx.redis.log.role = params.child; + } else if (ctx.redis.log.role == params.sentinel_abbrev) { + ctx.redis.log.role = params.sentinel; + } + params: + master_abbrev: M + master: master + slave_abbrev: S + slave: slave + child_abbrev: C + child: child + sentinel_abbrev: X + sentinel: sentinel +- rename: + field: '@timestamp' + target_field: event.created +- date: + field: redis.log.timestamp + target_field: '@timestamp' + formats: + - dd MMM yyyy H:m:s.SSS + - dd MMM H:m:s.SSS + - dd MMM H:m:s + - UNIX + ignore_failure: true +- remove: + field: redis.log.timestamp + ignore_failure: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: database +- append: + field: event.type + value: info +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/fields/ecs.yml b/dev/packages/beats/redis/0.0.1/dataset/log/fields/ecs.yml new file mode 100644 index 00000000000..0e62d1c053c --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/fields/ecs.yml @@ -0,0 +1,30 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: log + title: Log + group: 2 + type: group + fields: + - name: level + level: core + type: keyword + description: |- + Original log level of the log event. + If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). + Some examples are `warn`, `err`, `i`, `informational`. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: pid + level: core + type: long + format: string + description: Process id. diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/redis/0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 00000000000..7b418fa8570 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,7 @@ +- name: redis.log + type: group + fields: + - name: role + type: keyword + description: | + The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/redis/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..372f2b7bc9a --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redis + type: group diff --git a/dev/packages/beats/redis/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/redis/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..e7391417211 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,25 @@ +title: Redis log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/redis/redis-server.log* + os: + darwin: + default: + - /usr/local/var/log/redis/redis-server.log* + - /usr/local/var/db/redis/redis-server.log* + windows: + default: + - c:/program files/Redis/logs/redis.log* + template_path: log.yml.hbs + title: Redis log logs (log) + description: Collect Redis log logs using log input diff --git a/dev/packages/beats/redis/0.0.1/dataset/slowlog/agent/stream/redis.yml.hbs b/dev/packages/beats/redis/0.0.1/dataset/slowlog/agent/stream/redis.yml.hbs new file mode 100644 index 00000000000..d5a2bf1ffa9 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/slowlog/agent/stream/redis.yml.hbs @@ -0,0 +1,5 @@ +hosts: +{{#each hosts as |host i|}} + - {{host}} +{{/each}} +password: {{password}} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/redis/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..688cbbf59fa --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/slowlog/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,11 @@ +{ + "description": "Pipeline for parsing redis slowlog logs", + "processors": [ + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 00000000000..ea1a6cb8323 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,23 @@ +- name: redis.slowlog + type: group + fields: + - name: cmd + type: keyword + description: | + The command executed. + - name: duration.us + type: long + description: | + How long it took to execute the command in microseconds. + - name: id + type: long + description: | + The ID of the query. + - name: key + type: keyword + description: | + The key on which the command was executed. + - name: args + type: keyword + description: | + The arguments with which the command was called. diff --git a/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/package-fields.yml b/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/package-fields.yml new file mode 100644 index 00000000000..372f2b7bc9a --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/slowlog/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redis + type: group diff --git a/dev/packages/beats/redis/0.0.1/dataset/slowlog/manifest.yml b/dev/packages/beats/redis/0.0.1/dataset/slowlog/manifest.yml new file mode 100644 index 00000000000..302a34d96b1 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/dataset/slowlog/manifest.yml @@ -0,0 +1,24 @@ +title: Redis slowlog logs +release: experimental +type: logs +streams: +- input: redis + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:6379 + - name: password + type: password + title: Password + multi: false + required: false + show_user: true + default: "" + template_path: redis.yml.hbs + title: Redis slowlog logs (redis) + description: Collect Redis slowlog logs using redis input diff --git a/dev/packages/beats/redis/0.0.1/docs/README.md b/dev/packages/beats/redis/0.0.1/docs/README.md new file mode 100644 index 00000000000..1dd844d2d44 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/docs/README.md @@ -0,0 +1,226 @@ +# Redis Integration + +This integration periodically fetches logs and metrics from [https://redis.io/](Redis) servers. + +## Compatibility + +The `log` and `slowlog` datasets were tested with logs from Redis versions 1.2.6, 2.4.6, and 3.0.2, so we expect +compatibility with any version 1.x, 2.x, or 3.x. + +The `info`, `key` and `keyspace` datasets were tested with Redis 3.2.12, 4.0.11 and 5.0-rc4, and are expected to work +with all versions >= 3.0. + +## Logs + +### log + +The `log` dataset collects the Redis standard logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| process.pid | Process id. | long | +| redis.log.role | The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. | keyword | + + +### slowlog + +The `slowlog` dataset collects the Redis slow logs. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| process.pid | Process id. | long | +| redis.log.role | The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. | keyword | + + +## Metrics + +### info + +The `info` dataset collects information and statistics from Redis by running the `INFO` command and parsing the returned +result. + +An example event for `info` looks as following: + +```$json +TODO +``` + +The fields reported are: + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| os.full | Operating system name, including the version or code name. | keyword | +| process.pid | Process id. | long | +| redis.info.clients.biggest_input_buf | Biggest input buffer among current client connections (replaced by max_input_buffer). | long | +| redis.info.clients.blocked | Number of clients pending on a blocking call (BLPOP, BRPOP, BRPOPLPUSH). | long | +| redis.info.clients.connected | Number of client connections (excluding connections from slaves). | long | +| redis.info.clients.longest_output_list | Longest output list among current client connections (replaced by max_output_buffer). | long | +| redis.info.clients.max_input_buffer | Biggest input buffer among current client connections (on redis 5.0). | long | +| redis.info.clients.max_output_buffer | Longest output list among current client connections. | long | +| redis.info.cluster.enabled | Indicates that the Redis cluster is enabled. | boolean | +| redis.info.cpu.used.sys | System CPU consumed by the Redis server. | scaled_float | +| redis.info.cpu.used.sys_children | User CPU consumed by the Redis server. | scaled_float | +| redis.info.cpu.used.user | System CPU consumed by the background processes. | scaled_float | +| redis.info.cpu.used.user_children | User CPU consumed by the background processes. | scaled_float | +| redis.info.memory.active_defrag.is_running | Flag indicating if active defragmentation is active | boolean | +| redis.info.memory.allocator | Memory allocator. | keyword | +| redis.info.memory.allocator_stats.active | Active memeory | long | +| redis.info.memory.allocator_stats.allocated | Allocated memory | long | +| redis.info.memory.allocator_stats.fragmentation.bytes | Fragmented bytes | long | +| redis.info.memory.allocator_stats.fragmentation.ratio | Fragmentation ratio | float | +| redis.info.memory.allocator_stats.resident | Resident memory | long | +| redis.info.memory.allocator_stats.rss.bytes | Resident bytes | long | +| redis.info.memory.allocator_stats.rss.ratio | Resident ratio | float | +| redis.info.memory.fragmentation.bytes | Bytes between used_memory_rss and used_memory | long | +| redis.info.memory.fragmentation.ratio | Ratio between used_memory_rss and used_memory | float | +| redis.info.memory.max.policy | Eviction policy to use when memory limit is reached. | keyword | +| redis.info.memory.max.value | Memory limit. | long | +| redis.info.memory.used.dataset | The size in bytes of the dataset | long | +| redis.info.memory.used.lua | Used memory by the Lua engine. | long | +| redis.info.memory.used.peak | Peak memory consumed by Redis. | long | +| redis.info.memory.used.rss | Number of bytes that Redis allocated as seen by the operating system (a.k.a resident set size). | long | +| redis.info.memory.used.value | Total number of bytes allocated by Redis. | long | +| redis.info.persistence.aof.bgrewrite.last_status | Status of the last AOF rewrite operatio | keyword | +| redis.info.persistence.aof.buffer.size | Size of the AOF buffer | long | +| redis.info.persistence.aof.copy_on_write.last_size | The size in bytes of copy-on-write allocations during the last RBD save operation | long | +| redis.info.persistence.aof.enabled | Flag indicating AOF logging is activated | boolean | +| redis.info.persistence.aof.fsync.delayed | Delayed fsync counter | long | +| redis.info.persistence.aof.fsync.pending | Number of fsync pending jobs in background I/O queue | long | +| redis.info.persistence.aof.rewrite.buffer.size | Size of the AOF rewrite buffer | long | +| redis.info.persistence.aof.rewrite.current_time.sec | Duration of the on-going AOF rewrite operation if any | long | +| redis.info.persistence.aof.rewrite.in_progress | Flag indicating a AOF rewrite operation is on-going | boolean | +| redis.info.persistence.aof.rewrite.last_time.sec | Duration of the last AOF rewrite operation in seconds | long | +| redis.info.persistence.aof.rewrite.scheduled | Flag indicating an AOF rewrite operation will be scheduled once the on-going RDB save is complete. | boolean | +| redis.info.persistence.aof.size.base | AOF file size on latest startup or rewrite | long | +| redis.info.persistence.aof.size.current | AOF current file size | long | +| redis.info.persistence.aof.write.last_status | Status of the last write operation to the AOF | keyword | +| redis.info.persistence.loading | Flag indicating if the load of a dump file is on-going | boolean | +| redis.info.persistence.rdb.bgsave.current_time.sec | Duration of the on-going RDB save operation if any | long | +| redis.info.persistence.rdb.bgsave.in_progress | Flag indicating a RDB save is on-going | boolean | +| redis.info.persistence.rdb.bgsave.last_status | Status of the last RDB save operation | keyword | +| redis.info.persistence.rdb.bgsave.last_time.sec | Duration of the last RDB save operation in seconds | long | +| redis.info.persistence.rdb.copy_on_write.last_size | The size in bytes of copy-on-write allocations during the last RBD save operation | long | +| redis.info.persistence.rdb.last_save.changes_since | Number of changes since the last dump | long | +| redis.info.persistence.rdb.last_save.time | Epoch-based timestamp of last successful RDB save | long | +| redis.info.replication.backlog.active | Flag indicating replication backlog is active | long | +| redis.info.replication.backlog.first_byte_offset | The master offset of the replication backlog buffer | long | +| redis.info.replication.backlog.histlen | Size in bytes of the data in the replication backlog buffer | long | +| redis.info.replication.backlog.size | Total size in bytes of the replication backlog buffer | long | +| redis.info.replication.connected_slaves | Number of connected slaves | long | +| redis.info.replication.master.last_io_seconds_ago | Number of seconds since the last interaction with master | long | +| redis.info.replication.master.link_status | Status of the link (up/down) | keyword | +| redis.info.replication.master.offset | The server's current replication offset | long | +| redis.info.replication.master.second_offset | The offset up to which replication IDs are accepted | long | +| redis.info.replication.master.sync.in_progress | Indicate the master is syncing to the slave | boolean | +| redis.info.replication.master.sync.last_io_seconds_ago | Number of seconds since last transfer I/O during a SYNC operation | long | +| redis.info.replication.master.sync.left_bytes | Number of bytes left before syncing is complete | long | +| redis.info.replication.master_offset | The server's current replication offset | long | +| redis.info.replication.role | Role of the instance (can be "master", or "slave"). | keyword | +| redis.info.replication.slave.is_readonly | Flag indicating if the slave is read-only | boolean | +| redis.info.replication.slave.offset | The replication offset of the slave instance | long | +| redis.info.replication.slave.priority | The priority of the instance as a candidate for failover | long | +| redis.info.server.arch_bits | | keyword | +| redis.info.server.build_id | | keyword | +| redis.info.server.config_file | | keyword | +| redis.info.server.gcc_version | | keyword | +| redis.info.server.git_dirty | | keyword | +| redis.info.server.git_sha1 | | keyword | +| redis.info.server.hz | | long | +| redis.info.server.lru_clock | | long | +| redis.info.server.mode | | keyword | +| redis.info.server.multiplexing_api | | keyword | +| redis.info.server.run_id | | keyword | +| redis.info.server.tcp_port | | long | +| redis.info.server.uptime | | long | +| redis.info.slowlog.count | Count of slow operations | long | +| redis.info.stats.active_defrag.hits | Number of value reallocations performed by active the defragmentation process | long | +| redis.info.stats.active_defrag.key_hits | Number of keys that were actively defragmented | long | +| redis.info.stats.active_defrag.key_misses | Number of keys that were skipped by the active defragmentation process | long | +| redis.info.stats.active_defrag.misses | Number of aborted value reallocations started by the active defragmentation process | long | +| redis.info.stats.commands_processed | Total number of commands processed. | long | +| redis.info.stats.connections.received | Total number of connections received. | long | +| redis.info.stats.connections.rejected | Total number of connections rejected. | long | +| redis.info.stats.instantaneous.input_kbps | The network's read rate per second in KB/sec | scaled_float | +| redis.info.stats.instantaneous.ops_per_sec | Number of commands processed per second | long | +| redis.info.stats.instantaneous.output_kbps | The network's write rate per second in KB/sec | scaled_float | +| redis.info.stats.keys.evicted | Number of evicted keys due to maxmemory limit | long | +| redis.info.stats.keys.expired | Total number of key expiration events | long | +| redis.info.stats.keyspace.hits | Number of successful lookup of keys in the main dictionary | long | +| redis.info.stats.keyspace.misses | Number of failed lookup of keys in the main dictionary | long | +| redis.info.stats.latest_fork_usec | Duration of the latest fork operation in microseconds | long | +| redis.info.stats.migrate_cached_sockets | The number of sockets open for MIGRATE purposes | long | +| redis.info.stats.net.input.bytes | Total network input in bytes. | long | +| redis.info.stats.net.output.bytes | Total network output in bytes. | long | +| redis.info.stats.pubsub.channels | Global number of pub/sub channels with client subscriptions | long | +| redis.info.stats.pubsub.patterns | Global number of pub/sub pattern with client subscriptions | long | +| redis.info.stats.slave_expires_tracked_keys | The number of keys tracked for expiry purposes (applicable only to writable slaves) | long | +| redis.info.stats.sync.full | The number of full resyncs with slaves | long | +| redis.info.stats.sync.partial.err | The number of denied partial resync requests | long | +| redis.info.stats.sync.partial.ok | The number of accepted partial resync requests | long | +| service.version | Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service. | keyword | + + +### key + +The `key` dataset collects information about Redis keys. + +For each key matching one of the configured patterns, an event is sent to Elasticsearch with information about this key, +what includes the type, its length when available, and its TTL. + +Patterns are configured as a list containing these fields: + +* `pattern` (required): pattern for key names, as accepted by the Redis KEYS or SCAN commands. +* `limit` (optional): safeguard when using patterns with wildcards to avoid collecting too many keys (Default: 0, no limit) +* `keyspace` (optional): Identifier of the database to use to look for the keys (Default: 0) + +An example event for `key` looks as following: + +```$json +TODO +``` + +The fields reported are: + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| redis.key.expire.ttl | Seconds to expire. | long | +| redis.key.id | Unique id for this key (With the form :). | keyword | +| redis.key.length | Length of the key (Number of elements for lists, length for strings, cardinality for sets). | long | +| redis.key.name | Key name. | keyword | +| redis.key.type | Key type as shown by `TYPE` command. | keyword | + + +### keyspace + +The `keyspace` dataset collects information about the Redis keyspaces. For each keyspace, an event is sent to +Elasticsearch. The keyspace information is fetched from the `INFO` command. + +An example event for `keyspace` looks as following: + +```$json +TODO +``` + +The fields reported are: + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| redis.keyspace.avg_ttl | Average ttl. | long | +| redis.keyspace.expires | | long | +| redis.keyspace.id | Keyspace identifier. | keyword | +| redis.keyspace.keys | Number of keys in the keyspace. | long | + diff --git a/dev/packages/beats/redis/0.0.1/img/kibana-redis.png b/dev/packages/beats/redis/0.0.1/img/kibana-redis.png new file mode 100644 index 00000000000..8fa104c91bd Binary files /dev/null and b/dev/packages/beats/redis/0.0.1/img/kibana-redis.png differ diff --git a/dev/packages/beats/redis/0.0.1/img/logo_redis.svg b/dev/packages/beats/redis/0.0.1/img/logo_redis.svg new file mode 100644 index 00000000000..1163d1ea52f --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/img/logo_redis.svg @@ -0,0 +1 @@ + diff --git a/dev/packages/beats/redis/0.0.1/img/metricbeat_redis_key_dashboard.png b/dev/packages/beats/redis/0.0.1/img/metricbeat_redis_key_dashboard.png new file mode 100644 index 00000000000..76d414b86c4 Binary files /dev/null and b/dev/packages/beats/redis/0.0.1/img/metricbeat_redis_key_dashboard.png differ diff --git a/dev/packages/beats/redis/0.0.1/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..b478e79ff46 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,170 @@ +{ + "attributes": { + "description": "Redis keys metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1545388837304", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "redis.keyspace.id", + "negate": false, + "params": [ + "db0", + "db1" + ], + "type": "phrases", + "value": "db0, db1" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "redis.keyspace.id": "db0" + } + }, + { + "match_phrase": { + "redis.keyspace.id": "db1" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "1", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Keyspace selector", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Lists length", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 10, + "i": "3", + "w": 12, + "x": 0, + "y": 5 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Keys by type", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Average size of string keys", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Average keys TTL", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Redis] Keys ECS", + "version": 1 + }, + "id": "28969190-0511-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "00d39210-050d-11e9-9c60-d582a238e2c5-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "4435ac40-050e-11e9-9c60-d582a238e2c5-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json new file mode 100644 index 00000000000..5ffe476ac88 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json @@ -0,0 +1,145 @@ +{ + "attributes": { + "description": "Overview dashboard for the FIlebeat Redis integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 12, + "x": 0, + "y": 16 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 36, + "x": 12, + "y": 16 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "host.name", + "log.level", + "redis.log.role", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 16, + "i": "4", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "host.name", + "message", + "redis.slowlog.duration.us", + "redis.slowlog.key" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 16, + "i": "6", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Redis] Overview ECS", + "version": 1 + }, + "id": "7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs", + "references": [ + { + "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "d2864600-478f-11e7-be88-2ddb32f3df97-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "73613570-4791-11e7-be88-2ddb32f3df97-ecs", + "name": "panel_2", + "type": "search" + }, + { + "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs", + "name": "panel_4", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json new file mode 100644 index 00000000000..81e65be2036 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json @@ -0,0 +1,174 @@ +{ + "attributes": { + "description": "Overview of Redis server metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "6", + "w": 12, + "x": 32, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Redis] Overview ECS", + "version": 1 + }, + "id": "AV4YjZ5pux-M-tCAunxK-ecs", + "references": [ + { + "id": "Redis-Clients-Metrics-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Redis-Connected-clients-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Redis-hosts-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Redis-Server-Versions-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "Redis-server-mode-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "Redis-multiplexing-API-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "Redis-Keyspaces-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json new file mode 100644 index 00000000000..6c05b8b3b88 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json @@ -0,0 +1,41 @@ +{ + "attributes": { + "columns": [ + "host.name", + "message", + "redis.slowlog.duration.us", + "redis.slowlog.key" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:redis.slowlog" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Slow logs [Logs Redis] ECS", + "version": 1 + }, + "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json new file mode 100644 index 00000000000..f1f1e576538 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "columns": [ + "host.name", + "log.level", + "redis.log.role", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"redis.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "redis." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Logs [Logs Redis] ECS", + "version": 1 + }, + "id": "73613570-4791-11e7-be88-2ddb32f3df97-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/search/Metricbeat-Redis-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/search/Metricbeat-Redis-ecs.json new file mode 100644 index 00000000000..70a4cdc5b30 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/search/Metricbeat-Redis-ecs.json @@ -0,0 +1,49 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:redis.info OR stream.dataset:redis.key OR stream.dataset:redis.keyspace)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Metrics Redis ECS", + "version": 1 + }, + "id": "Metrics-Redis-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..1c1b230e0e8 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Keyspace selector [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "redis.keyspace.id", + "id": "1545388837304", + "indexPatternRefName": "control_0_index_pattern", + "label": "Keyspace", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Keyspace selector [Metrics Redis] ECS", + "type": "input_control_vis" + } + }, + "id": "00d39210-050d-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..8a4fa0c05c0 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,152 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Keys by type [Metrics Redis] ECS", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of keys", + "field": "redis.key.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Key type", + "field": "redis.key.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Number of keys" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Number of keys" + }, + "type": "value" + } + ] + }, + "title": "Keys by type [Metrics Redis] ECS", + "type": "line" + } + }, + "id": "4435ac40-050e-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..2f2b74b7d31 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,194 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "redis.key.expire.ttl", + "negate": false, + "params": { + "gte": 0, + "lt": null + }, + "type": "range", + "value": "0 to +∞" + }, + "range": { + "redis.key.expire.ttl": { + "gte": 0, + "lt": null + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Average keys TTL [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Average TTL", + "field": "redis.key.expire.ttl" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Keyspace", + "field": "redis.keyspace.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Key type", + "field": "redis.key.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Average TTL" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Average TTL" + }, + "type": "value" + } + ] + }, + "title": "Average keys TTL [Metrics Redis] ECS", + "type": "line" + } + }, + "id": "517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json new file mode 100644 index 00000000000..3b519ea3322 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:redis.log" + }, + "version": true + } + }, + "title": "Log levels and roles breakdown [Logs Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "redis.log.role", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log level", + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Log levels and roles breakdown [Logs Redis] ECS", + "type": "pie" + } + }, + "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..4949fa78b28 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,197 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "redis.key.type", + "negate": false, + "params": { + "query": "list", + "type": "phrase" + }, + "type": "phrase", + "value": "list" + }, + "query": { + "match": { + "redis.key.type": { + "query": "list", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Lists length [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of elements", + "field": "redis.key.length" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Keyspace", + "field": "redis.keyspace.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Key name", + "field": "redis.key.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Number of elements" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Number of elements" + }, + "type": "value" + } + ] + }, + "title": "Lists length [Metrics Redis] ECS", + "type": "line" + } + }, + "id": "7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json new file mode 100644 index 00000000000..9afa87ad91f --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json @@ -0,0 +1,179 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "redis.key.type", + "negate": false, + "params": { + "query": "string", + "type": "phrase" + }, + "type": "phrase", + "value": "string" + }, + "query": { + "match": { + "redis.key.type": { + "query": "string", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Average string key size [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Average key size", + "field": "redis.key.length" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Keyspace", + "field": "redis.keyspace.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Average key size" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Average key size" + }, + "type": "value" + } + ] + }, + "title": "Average string key size [Metrics Redis] ECS", + "type": "line" + } + }, + "id": "8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Clients-Metrics-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Clients-Metrics-ecs.json new file mode 100644 index 00000000000..23037b51302 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Clients-Metrics-ecs.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Clients [Metrics Redis] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Connected clients", + "field": "redis.info.clients.connected" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": 60, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "title": "Clients [Metrics Redis] ECS", + "type": "metric" + } + }, + "id": "Redis-Clients-Metrics-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Connected-clients-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Connected-clients-ecs.json new file mode 100644 index 00000000000..c827119b6c5 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Connected-clients-ecs.json @@ -0,0 +1,141 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Connected clients [Metrics Redis] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Blocked": "#C15C17" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Connected", + "field": "redis.info.clients.connected" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Blocked", + "field": "redis.info.clients.blocked" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "grouped", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Connected clients [Metrics Redis] ECS", + "type": "histogram" + } + }, + "id": "Redis-Connected-clients-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Keyspaces-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Keyspaces-ecs.json new file mode 100644 index 00000000000..dfba8f51c6c --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Keyspaces-ecs.json @@ -0,0 +1,141 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Keyspaces [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of keys", + "field": "redis.keyspace.keys" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Keyspaces", + "field": "redis.keyspace.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Keyspaces [Metrics Redis] ECS", + "type": "area" + } + }, + "id": "Redis-Keyspaces-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Server-Versions-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Server-Versions-ecs.json new file mode 100644 index 00000000000..354259f407e --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-Server-Versions-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Server Versions [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "service.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Multiplexing API", + "field": "service.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Server Versions [Metrics Redis] ECS", + "type": "pie" + } + }, + "id": "Redis-Server-Versions-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-hosts-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-hosts-ecs.json new file mode 100644 index 00000000000..0f8eb4607ea --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-hosts-ecs.json @@ -0,0 +1,112 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Hosts [Metrics Redis] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "field": "service.address", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Uptime (s)", + "field": "redis.info.server.uptime" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "PID", + "field": "process.pid" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Memory", + "field": "redis.info.memory.used.peak" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "CPU used (user)", + "field": "redis.info.cpu.used.user" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "CPU used (system)", + "field": "redis.info.cpu.used.sys" + }, + "schema": "metric", + "type": "max" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Hosts [Metrics Redis] ECS", + "type": "table" + } + }, + "id": "Redis-hosts-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-multiplexing-API-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-multiplexing-API-ecs.json new file mode 100644 index 00000000000..f8f4389470f --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-multiplexing-API-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Multiplexing API [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "service.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Multiplexing API", + "field": "redis.info.server.multiplexing_api", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Multiplexing API [Metrics Redis] ECS", + "type": "pie" + } + }, + "id": "Redis-multiplexing-API-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-server-mode-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-server-mode-ecs.json new file mode 100644 index 00000000000..13e088ca965 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/Redis-server-mode-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Server mode [Metrics Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "service.address" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Server mode", + "field": "redis.info.server.mode", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Server mode [Metrics Redis] ECS", + "type": "pie" + } + }, + "id": "Redis-server-mode-ecs", + "references": [ + { + "id": "Metrics-Redis-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json new file mode 100644 index 00000000000..c43e3c4b917 --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:redis.log" + }, + "version": true + } + }, + "title": "Logs over time [Logs Redis] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "notice": "#629E51", + "warning": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per month" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Logs over time [Logs Redis] ECS", + "type": "histogram" + } + }, + "id": "d2864600-478f-11e7-be88-2ddb32f3df97-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/beats/redis/0.0.1/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json new file mode 100644 index 00000000000..ee8103d229c --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top slowest commands [Logs Redis] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Command", + "field": "redis.slowlog.duration.us" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Duration (microseconds)", + "field": "redis.slowlog.cmd", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Duration (microseconds)" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Command" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Command" + }, + "type": "value" + } + ] + }, + "title": "Top slowest commands [Logs Redis] ECS", + "type": "histogram" + } + }, + "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs", + "references": [ + { + "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redis/0.0.1/manifest.yml b/dev/packages/beats/redis/0.0.1/manifest.yml new file mode 100644 index 00000000000..33f0171a65e --- /dev/null +++ b/dev/packages/beats/redis/0.0.1/manifest.yml @@ -0,0 +1,79 @@ +format_version: 1.0.0 +name: redis +title: Redis +version: 0.0.1 +license: basic +description: Redis Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-redis.png + title: kibana redis + size: 1124x1079 + type: image/png +- src: /img/metricbeat_redis_key_dashboard.png + title: metricbeat redis key dashboard + size: 1855x949 + type: image/png +icons: +- src: /img/logo_redis.svg + title: logo redis + size: 32x32 + type: image/svg+xml +datasources: +- name: redis + title: Redis logs and metrics + description: Collect logs and metrics from Redis instances + inputs: + - type: logs + title: Collect logs from Redis instances + description: Collecting Redis log and slowlog logs + - type: redis/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - 127.0.0.1:6379 + - name: idle_timeout + type: text + title: Idle Timeout + multi: false + required: true + show_user: true + default: 20s + - name: maxconn + type: integer + title: Maxconn + multi: false + required: true + show_user: true + default: 10 + - name: network + type: text + title: Network + multi: false + required: true + show_user: true + default: tcp + - name: password + type: password + title: Password + multi: false + required: false + show_user: true + default: "" + title: Collect metrics from Redis instances + description: Collecting Redis info, key and keyspace metrics diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/node/agent/stream/stream.yml.hbs b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a512905c56c --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["node"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 00000000000..b1d6e276854 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,3 @@ +- name: redisenterprise.node + type: group + release: beta diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/package-fields.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/package-fields.yml new file mode 100644 index 00000000000..dee4929ee51 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redisenterprise + type: group diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/node/manifest.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/manifest.yml new file mode 100644 index 00000000000..45a1ec5c7ef --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/node/manifest.yml @@ -0,0 +1,15 @@ +title: Redis Enterprise node metrics +release: experimental +type: metrics +streams: +- input: redisenterprise/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Redis Enterprise node metrics + description: Collect Redis Enterprise node metrics diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..1723efeec0b --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["proxy"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/fields.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/fields.yml new file mode 100644 index 00000000000..e8d71e83879 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/fields.yml @@ -0,0 +1,3 @@ +- name: redisenterprise.proxy + type: group + release: beta diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/package-fields.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/package-fields.yml new file mode 100644 index 00000000000..dee4929ee51 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: redisenterprise + type: group diff --git a/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/manifest.yml b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/manifest.yml new file mode 100644 index 00000000000..145e8db02f0 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/dataset/proxy/manifest.yml @@ -0,0 +1,15 @@ +title: Redis Enterprise proxy metrics +release: experimental +type: metrics +streams: +- input: redisenterprise/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + title: Redis Enterprise proxy metrics + description: Collect Redis Enterprise proxy metrics diff --git a/dev/packages/beats/redisenterprise/0.0.1/docs/README.md b/dev/packages/beats/redisenterprise/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/img/logo_redis.svg b/dev/packages/beats/redisenterprise/0.0.1/img/logo_redis.svg new file mode 100644 index 00000000000..1163d1ea52f --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/img/logo_redis.svg @@ -0,0 +1 @@ + diff --git a/dev/packages/beats/redisenterprise/0.0.1/img/metricbeat-redisenterprise-overview.png b/dev/packages/beats/redisenterprise/0.0.1/img/metricbeat-redisenterprise-overview.png new file mode 100644 index 00000000000..9f2361594b2 Binary files /dev/null and b/dev/packages/beats/redisenterprise/0.0.1/img/metricbeat-redisenterprise-overview.png differ diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/dashboard/8da53a40-5a2f-11ea-bc69-cdcc68092a57.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/dashboard/8da53a40-5a2f-11ea-bc69-cdcc68092a57.json new file mode 100644 index 00000000000..7f1a5466d22 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/dashboard/8da53a40-5a2f-11ea-bc69-cdcc68092a57.json @@ -0,0 +1,279 @@ +{ + "attributes": { + "description": "Overview of Redis Enterprise dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 8, + "i": "bdd26554-0293-4928-9751-f7304d9fbc74", + "w": 9, + "x": 0, + "y": 0 + }, + "panelIndex": "bdd26554-0293-4928-9751-f7304d9fbc74", + "panelRefName": "panel_0", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "System CPU time" + }, + "gridData": { + "h": 8, + "i": "4aa7a92c-1705-40ee-9f53-478610ea34f0", + "w": 8, + "x": 9, + "y": 0 + }, + "panelIndex": "4aa7a92c-1705-40ee-9f53-478610ea34f0", + "panelRefName": "panel_1", + "title": "System CPU time", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "User CPU time" + }, + "gridData": { + "h": 8, + "i": "431e4d28-f8be-46a3-8079-d562e644bae1", + "w": 8, + "x": 17, + "y": 0 + }, + "panelIndex": "431e4d28-f8be-46a3-8079-d562e644bae1", + "panelRefName": "panel_2", + "title": "User CPU time", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Node free memory" + }, + "gridData": { + "h": 8, + "i": "192540d9-3c81-495d-ba22-2b1d96841ba7", + "w": 7, + "x": 25, + "y": 0 + }, + "panelIndex": "192540d9-3c81-495d-ba22-2b1d96841ba7", + "panelRefName": "panel_3", + "title": "Node free memory", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Free persistent disk space" + }, + "gridData": { + "h": 8, + "i": "666f6222-3542-42b0-9085-7e93224c3998", + "w": 8, + "x": 32, + "y": 0 + }, + "panelIndex": "666f6222-3542-42b0-9085-7e93224c3998", + "panelRefName": "panel_4", + "title": "Free persistent disk space", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Free ephemeral disk space" + }, + "gridData": { + "h": 8, + "i": "9d84abb9-cc6d-4d78-b2a4-ca77b942cf5c", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "9d84abb9-cc6d-4d78-b2a4-ca77b942cf5c", + "panelRefName": "panel_5", + "title": "Free ephemeral disk space", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Rate of incoming/outgoing network traffic" + }, + "gridData": { + "h": 17, + "i": "86afca72-c2a2-4d20-af63-7e74220df79c", + "w": 16, + "x": 0, + "y": 8 + }, + "panelIndex": "86afca72-c2a2-4d20-af63-7e74220df79c", + "panelRefName": "panel_6", + "title": "Rate of incoming/outgoing network traffic", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Total requests" + }, + "gridData": { + "h": 17, + "i": "aab5878f-0105-4be9-aaea-1951de591ec8", + "w": 16, + "x": 16, + "y": 8 + }, + "panelIndex": "aab5878f-0105-4be9-aaea-1951de591ec8", + "panelRefName": "panel_7", + "title": "Total requests", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Connections" + }, + "gridData": { + "h": 17, + "i": "c520c103-f16f-4490-ab07-3fbd38681c94", + "w": 16, + "x": 32, + "y": 8 + }, + "panelIndex": "c520c103-f16f-4490-ab07-3fbd38681c94", + "panelRefName": "panel_8", + "title": "Connections", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "GET/SET commands" + }, + "gridData": { + "h": 17, + "i": "52d5e0f2-8c7d-42a0-b0d7-3bff758034bd", + "w": 16, + "x": 0, + "y": 25 + }, + "panelIndex": "52d5e0f2-8c7d-42a0-b0d7-3bff758034bd", + "panelRefName": "panel_9", + "title": "GET/SET commands", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Other commands" + }, + "gridData": { + "h": 17, + "i": "8d97e4fa-7929-42b6-bcd1-c73a0ec6ceea", + "w": 16, + "x": 16, + "y": 25 + }, + "panelIndex": "8d97e4fa-7929-42b6-bcd1-c73a0ec6ceea", + "panelRefName": "panel_10", + "title": "Other commands", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "title": "Listener latency" + }, + "gridData": { + "h": 17, + "i": "0f739671-dfbe-4ec9-8468-d5b2b9aad001", + "w": 16, + "x": 32, + "y": 25 + }, + "panelIndex": "0f739671-dfbe-4ec9-8468-d5b2b9aad001", + "panelRefName": "panel_11", + "title": "Listener latency", + "version": "7.1.0" + } + ], + "timeRestore": false, + "title": "[Metrics Redis Enterprise] Overview", + "version": 1 + }, + "id": "8da53a40-5a2f-11ea-bc69-cdcc68092a57", + "references": [ + { + "id": "b96c3b00-5c92-11ea-b0b5-8133f1152545", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "8cba84c0-5a32-11ea-bc69-cdcc68092a57", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "9ddea420-5a32-11ea-bc69-cdcc68092a57", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "49c7dbf0-5a36-11ea-bc69-cdcc68092a57", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "14f6de30-5c7a-11ea-b0b5-8133f1152545", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2d7ec670-5c7a-11ea-b0b5-8133f1152545", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "f6c6d0e0-5a36-11ea-bc69-cdcc68092a57", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "6c861200-5c7b-11ea-b0b5-8133f1152545", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "b5621150-5c7a-11ea-b0b5-8133f1152545", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "3c776b90-5c80-11ea-b0b5-8133f1152545", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "837f9fd0-5c80-11ea-b0b5-8133f1152545", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "a452c8c0-5c96-11ea-b0b5-8133f1152545", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/14f6de30-5c7a-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/14f6de30-5c7a-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..41c85106c73 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/14f6de30-5c7a-11ea-b0b5-8133f1152545.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "Free disk space on configured persistent disk", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Free persistent disk space [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Free persistent", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_persistent_storage_free", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Free persistent disk space [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "14f6de30-5c7a-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/2d7ec670-5c7a-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/2d7ec670-5c7a-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..2efd697f1a9 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/2d7ec670-5c7a-11ea-b0b5-8133f1152545.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "Free disk space on configured ephemeral disk", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Free ephemeral disk space [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Free ephemeral", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_ephemeral_storage_free", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Free ephemeral disk space [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "2d7ec670-5c7a-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/3c776b90-5c80-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/3c776b90-5c80-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..ec7405fa43c --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/3c776b90-5c80-11ea-b0b5-8133f1152545.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "Number of memcached GET/SET commands sent to the DB", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "GET/SET commands [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "0.5", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "GET", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_cmd_get", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.proxy", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "90e3af50-5c93-11ea-a0a2-61bf5e1bd67b", + "label": "SET", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_cmd_set", + "id": "90e3af51-5c93-11ea-a0a2-61bf5e1bd67b", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.proxy", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "GET/SET commands [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "3c776b90-5c80-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/49c7dbf0-5a36-11ea-bc69-cdcc68092a57.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/49c7dbf0-5a36-11ea-bc69-cdcc68092a57.json new file mode 100644 index 00000000000..d5556c15f68 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/49c7dbf0-5a36-11ea-bc69-cdcc68092a57.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "Node free memory", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Node free memory [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Free memory", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_free_memory", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Node free memory [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "49c7dbf0-5a36-11ea-bc69-cdcc68092a57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/6c861200-5c7b-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/6c861200-5c7b-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..4837f3c679d --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/6c861200-5c7b-11ea-b0b5-8133f1152545.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "Request rate handled by endpoints on node", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total requests (ops/sec) [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(12,121,125,1)", + "fill": "0.5", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total requests (ops/sec)", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_total_req", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Total requests (ops/sec) [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "6c861200-5c7b-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/837f9fd0-5c80-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/837f9fd0-5c80-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..c37825a0e63 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/837f9fd0-5c80-11ea-b0b5-8133f1152545.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "Number of memcached commands sent to the DB", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Other commands [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0.5", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "TOUCH", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_cmd_touch", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.proxy", + "type": "timeseries", + "value_template": "{{value}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(252,220,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "0576cfe0-5c90-11ea-83c6-4f084e5b49b0", + "label": "FLUSH", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_cmd_flush", + "id": "0576cfe1-5c90-11ea-83c6-4f084e5b49b0", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.proxy", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(164,221,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "22e43a90-5c90-11ea-83c6-4f084e5b49b0", + "label": "AUTH", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_auth_cmds", + "id": "22e43a91-5c90-11ea-83c6-4f084e5b49b0", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.proxy", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Other commands [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "837f9fd0-5c80-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/8cba84c0-5a32-11ea-bc69-cdcc68092a57.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/8cba84c0-5a32-11ea-bc69-cdcc68092a57.json new file mode 100644 index 00000000000..3ff56bf4f07 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/8cba84c0-5a32-11ea-bc69-cdcc68092a57.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "System CPU time", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "System CPU time [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "1", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "c743b7b0-5a32-11ea-89da-eba74ed7a082" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.5", + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "system", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_cpu_system", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "System CPU time [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "8cba84c0-5a32-11ea-bc69-cdcc68092a57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/9ddea420-5a32-11ea-bc69-cdcc68092a57.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/9ddea420-5a32-11ea-bc69-cdcc68092a57.json new file mode 100644 index 00000000000..38a443c46d6 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/9ddea420-5a32-11ea-bc69-cdcc68092a57.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "User CPU time", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User CPU time [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "1", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": "0.5", + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "user", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_cpu_user", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "User CPU time [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "9ddea420-5a32-11ea-bc69-cdcc68092a57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/a452c8c0-5c96-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/a452c8c0-5c96-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..a7e4324189a --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/a452c8c0-5c96-11ea-b0b5-8133f1152545.json @@ -0,0 +1,126 @@ +{ + "attributes": { + "description": "Average latency of all types of commands on DB", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Listener latency [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "bar_color_rules": [ + { + "id": "69b152e0-5c96-11ea-a0a2-61bf5e1bd67b" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(12,121,125,1)", + "fill": "0.5", + "formatter": "ms,ms,", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Latency", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.listener_acc_latency", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "prometheus.metrics.listener_total_res", + "id": "37d10ba0-5c99-11ea-a0a2-61bf5e1bd67b", + "type": "avg" + }, + { + "id": "12007b60-5c97-11ea-a0a2-61bf5e1bd67b", + "script": "params.listener_acc_latency != null \u0026\u0026 params.listener_total_res \u003e 0 ? params.listener_acc_latency/params.listener_total_res : null", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "144dedd0-5c97-11ea-a0a2-61bf5e1bd67b", + "name": "listener_acc_latency" + }, + { + "field": "37d10ba0-5c99-11ea-a0a2-61bf5e1bd67b", + "id": "bf706520-5c98-11ea-a0a2-61bf5e1bd67b", + "name": "listener_total_res" + } + ] + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Listener latency [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "a452c8c0-5c96-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b5621150-5c7a-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b5621150-5c7a-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..0f53b2306e7 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b5621150-5c7a-11ea-b0b5-8133f1152545.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "Number of clients connected to endpoints on node", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Connections [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "4493a7d0-5a37-11ea-83f4-dbbc99caa7c0" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(123,100,255,1)", + "fill": "0.5", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Connections", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_conns", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Connections [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "b5621150-5c7a-11ea-b0b5-8133f1152545", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b96c3b00-5c92-11ea-b0b5-8133f1152545.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b96c3b00-5c92-11ea-b0b5-8133f1152545.json new file mode 100644 index 00000000000..db5ec3b6499 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/b96c3b00-5c92-11ea-b0b5-8133f1152545.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "Select cluster/node based on its name", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cluster/node selector [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "prometheus.labels.cluster", + "id": "1583159394252", + "indexPatternRefName": "control_0_index_pattern", + "label": "cluster name", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "prometheus.labels.node", + "id": "1583250395046", + "indexPatternRefName": "control_1_index_pattern", + "label": "node name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Cluster/node selector [Metrics Redis Enterprise]", + "type": "input_control_vis" + } + }, + "id": "b96c3b00-5c92-11ea-b0b5-8133f1152545", + "references": [ + { + "id": "metrics-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/f6c6d0e0-5a36-11ea-bc69-cdcc68092a57.json b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/f6c6d0e0-5a36-11ea-bc69-cdcc68092a57.json new file mode 100644 index 00000000000..8bfd85794fc --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/kibana/visualization/f6c6d0e0-5a36-11ea-bc69-cdcc68092a57.json @@ -0,0 +1,119 @@ +{ + "attributes": { + "description": "Rate of incoming/outgoing network traffic", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Rate of incoming/outgoing network traffic [Metrics Redis Enterprise]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "fields": "", + "icon": "fa-tag", + "id": "5cc43a90-5a32-11ea-94fe-9d9d001ff143", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "*", + "query_string": { + "language": "kuery", + "query": "" + }, + "template": "" + } + ], + "axis_formatter": "number", + "axis_max": "", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "gauge_color_rules": [ + { + "id": "d5c40740-5a32-11ea-94fe-9d9d001ff143" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "1m", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Node ingress", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_ingress_bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0.5", + "formatter": "bytes", + "id": "cc4a9810-5c93-11ea-a0a2-61bf5e1bd67b", + "label": "Node egress", + "line_width": "1", + "metrics": [ + { + "field": "prometheus.metrics.node_egress_bytes", + "id": "cc4a9811-5c93-11ea-a0a2-61bf5e1bd67b", + "type": "avg" + } + ], + "point_size": "1", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "prometheus.labels.node", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Rate of incoming/outgoing network traffic [Metrics Redis Enterprise]", + "type": "metrics" + } + }, + "id": "f6c6d0e0-5a36-11ea-bc69-cdcc68092a57", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/redisenterprise/0.0.1/manifest.yml b/dev/packages/beats/redisenterprise/0.0.1/manifest.yml new file mode 100644 index 00000000000..24307eab6f1 --- /dev/null +++ b/dev/packages/beats/redisenterprise/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: redisenterprise +title: Redis Enterprise +version: 0.0.1 +license: basic +description: Redis Enterprise Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.1.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-redisenterprise-overview.png + title: metricbeat redisenterprise overview + size: 5120x2706 + type: image/png +icons: +- src: /img/logo_redis.svg + title: logo redis + size: 32x32 + type: image/svg+xml +datasources: +- name: redisenterprise + title: Redis Enterprise metrics + description: Collect metrics from Redis Enterprise instances + inputs: + - type: redisenterprise/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://127.0.0.1:8070/ + title: Collect metrics from Redis Enterprise instances + description: Collecting Redis Enterprise node and proxy metrics diff --git a/dev/packages/beats/santa/0.0.1/dataset/log/agent/stream/log.yml.hbs b/dev/packages/beats/santa/0.0.1/dataset/log/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/dataset/log/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/santa/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..4eaddc753a6 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/dataset/log/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,71 @@ +{ + "description": "Pipeline for parsing Google Santa logs.", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "\\[%{TIMESTAMP_ISO8601:process.start}\\] I santad: action=%{NOT_SEPARATOR:santa.action}\\|decision=%{NOT_SEPARATOR:santa.decision}\\|reason=%{NOT_SEPARATOR:santa.reason}\\|sha256=%{NOT_SEPARATOR:hash.sha256}\\|path=%{NOT_SEPARATOR:process.executable}(\\|args=%{NOT_SEPARATOR:process.args})?(\\|cert_sha256=%{NOT_SEPARATOR:certificate.sha256})?(\\|cert_cn=%{NOT_SEPARATOR:certificate.common_name})?\\|pid=%{NUMBER:process.pid:long}\\|ppid=%{NUMBER:process.ppid:long}\\|uid=%{NUMBER:user.id}\\|user=%{NOT_SEPARATOR:user.name}\\|gid=%{NUMBER:group.id}\\|group=%{NOT_SEPARATOR:group.name}\\|mode=%{WORD:santa.mode}", + "\\[%{TIMESTAMP_ISO8601:timestamp}\\] I santad: action=%{NOT_SEPARATOR:santa.action}\\|mount=%{NOT_SEPARATOR:santa.disk.mount}\\|volume=%{NOT_SEPARATOR:santa.disk.volume}\\|bsdname=%{NOT_SEPARATOR:santa.disk.bsdname}\\|fs=%{NOT_SEPARATOR:santa.disk.fs}\\|model=%{NOT_SEPARATOR:santa.disk.model}\\|serial=%{NOT_SEPARATOR:santa.disk.serial}\\|bus=%{NOT_SEPARATOR:santa.disk.bus}\\|dmgpath=%{NOT_SEPARATOR:santa.disk.dmgpath}?" + ], + "pattern_definitions": { + "NOT_SEPARATOR": "[^\\|]+" + } + } + }, + { + "rename": { + "field": "message", + "target_field": "log.original" + } + }, + { + "date": { + "field": "process.start", + "target_field": "process.start", + "formats": [ + "ISO8601" + ], + "ignore_failure": true + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{ process.start }}", + "ignore_failure": true + } + }, + { + "split": { + "field": "process.args", + "separator": " ", + "ignore_failure": true + } + }, + { + "date": { + "field": "timestamp", + "target_field": "@timestamp", + "formats": [ + "ISO8601" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "timestamp", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/santa/0.0.1/dataset/log/fields/package-fields.yml b/dev/packages/beats/santa/0.0.1/dataset/log/fields/package-fields.yml new file mode 100644 index 00000000000..ab79a8b9be5 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/dataset/log/fields/package-fields.yml @@ -0,0 +1,45 @@ +- name: santa + type: group + fields: + - name: action + type: keyword + description: Action + - name: decision + type: keyword + description: Decision that santad took. + - name: reason + type: keyword + description: Reason for the decsision. + - name: mode + type: keyword + description: Operating mode of Santa. + - name: disk + type: group + fields: + - name: volume + type: keyword + description: The volume name. + - name: bus + type: keyword + description: The disk bus protocol. + - name: serial + type: keyword + description: The disk serial number. + - name: bsdname + type: keyword + description: The disk BSD name. + - name: model + type: keyword + description: The disk model. + - name: fs + type: keyword + description: The disk volume kind (filesystem type). + - name: mount + type: keyword + description: The disk volume path. +- name: certificate.common_name + type: keyword + description: Common name from code signing certificate. +- name: certificate.sha256 + type: keyword + description: SHA256 hash of code signing certificate. diff --git a/dev/packages/beats/santa/0.0.1/dataset/log/manifest.yml b/dev/packages/beats/santa/0.0.1/dataset/log/manifest.yml new file mode 100644 index 00000000000..c39a64cd5c5 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/dataset/log/manifest.yml @@ -0,0 +1,17 @@ +title: Google Santa log logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/santa.log + template_path: log.yml.hbs + title: Google Santa log logs (log) + description: Collect Google Santa log logs using log input diff --git a/dev/packages/beats/santa/0.0.1/docs/README.md b/dev/packages/beats/santa/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/img/kibana-santa-log-overview.png b/dev/packages/beats/santa/0.0.1/img/kibana-santa-log-overview.png new file mode 100644 index 00000000000..31abdeb270a Binary files /dev/null and b/dev/packages/beats/santa/0.0.1/img/kibana-santa-log-overview.png differ diff --git a/dev/packages/beats/santa/0.0.1/kibana/dashboard/161855f0-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/dashboard/161855f0-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..363bc89ec2e --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/dashboard/161855f0-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,155 @@ +{ + "attributes": { + "description": "Process executions on macOS monitored by Google Santa.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "3", + "w": 10, + "x": 8, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "4", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "5", + "w": 8, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "6", + "w": 18, + "x": 18, + "y": 12 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.0.0-alpha1-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "7", + "w": 48, + "x": 0, + "y": 22 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.0.0-alpha1-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs Santa] Overview ECS", + "version": 1 + }, + "id": "161855f0-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "dad521d0-ff69-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1579d690-ff6b-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "51677b80-ff6b-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "30962fe0-ff6c-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b06c0460-ff6c-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "11858000-ff6d-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "name": "panel_6", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/search/6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/search/6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..344ea680bc0 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/search/6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "columns": [ + "agent.hostname", + "process.executable", + "user.name", + "certificate.common_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"santa.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "santa." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "stream.dataset", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "stream.dataset": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Santa Logs Search [Logs Santa] ECS", + "version": 1 + }, + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/11858000-ff6d-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/11858000-ff6d-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..f80bef171a6 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/11858000-ff6d-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Code Signers [Logs Santa] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "certificate.common_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 39, + "minFontSize": 12, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Code Signers [Logs Santa] ECS", + "type": "tagcloud" + } + }, + "id": "11858000-ff6d-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/1579d690-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/1579d690-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..cdb646f1afb --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/1579d690-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,65 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Decisions [Logs Santa] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "(stream.dataset:santa.log) AND stream.dataset:log" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Decision", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "santa.decision" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Decisions [Logs Santa] ECS", + "type": "metrics" + } + }, + "id": "1579d690-ff6b-11e8-93c5-d5ecd1b3e307-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/30962fe0-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/30962fe0-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..98e0182f4df --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/30962fe0-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Decision and Reason [Logs Santa] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "ALLOW": "#7EB26D" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Decision", + "field": "santa.decision", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Reason", + "field": "santa.reason", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Decision and Reason [Logs Santa] ECS", + "type": "pie" + } + }, + "id": "30962fe0-ff6c-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/51677b80-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/51677b80-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..32b1a5a022f --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/51677b80-ff6b-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Total Events [Logs Santa] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total Events [Logs Santa] ECS", + "type": "metric" + } + }, + "id": "51677b80-ff6b-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/b06c0460-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/b06c0460-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..501447cc57e --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/b06c0460-ff6c-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Num of Hosts Reporting [Logs Santa] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts Reporting", + "field": "agent.hostname" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Num of Hosts Reporting [Logs Santa] ECS", + "type": "metric" + } + }, + "id": "b06c0460-ff6c-11e8-93c5-d5ecd1b3e307-ecs", + "references": [ + { + "id": "6d56a010-ff6a-11e8-93c5-d5ecd1b3e307-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/kibana/visualization/dad521d0-ff69-11e8-93c5-d5ecd1b3e307-ecs.json b/dev/packages/beats/santa/0.0.1/kibana/visualization/dad521d0-ff69-11e8-93c5-d5ecd1b3e307-ecs.json new file mode 100644 index 00000000000..f539b871e77 --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/kibana/visualization/dad521d0-ff69-11e8-93c5-d5ecd1b3e307-ecs.json @@ -0,0 +1,30 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Description [Logs Santa] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "![Santa Icon](https://raw.githubusercontent.com/google/santa/master/Source/SantaGUI/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.", + "openLinksInNewTab": false + }, + "title": "Description [Logs Santa] ECS", + "type": "markdown" + } + }, + "id": "dad521d0-ff69-11e8-93c5-d5ecd1b3e307-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/santa/0.0.1/manifest.yml b/dev/packages/beats/santa/0.0.1/manifest.yml new file mode 100644 index 00000000000..e15ae1291dc --- /dev/null +++ b/dev/packages/beats/santa/0.0.1/manifest.yml @@ -0,0 +1,29 @@ +format_version: 1.0.0 +name: santa +title: Google Santa +version: 0.0.1 +license: basic +description: Google Santa Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-alpha1-SNAPSHOT <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-santa-log-overview.png + title: kibana santa log overview + size: 2912x2024 + type: image/png +datasources: +- name: santa + title: Google Santa logs + description: Collect logs from Google Santa instances + inputs: + - type: logs + title: Collect logs from Google Santa instances + description: Collecting Google Santa log logs diff --git a/dev/packages/beats/sql/0.0.1/dataset/query/agent/stream/stream.yml.hbs b/dev/packages/beats/sql/0.0.1/dataset/query/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..4a3f537a6dd --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/dataset/query/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["query"] +{{#if driver}} +driver: {{driver}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} +{{#if sql_query}} +sql_query: {{sql_query}} +{{/if}} +{{#if sql_response_format}} +sql_response_format: {{sql_response_format}} +{{/if}} diff --git a/dev/packages/beats/sql/0.0.1/dataset/query/fields/fields.yml b/dev/packages/beats/sql/0.0.1/dataset/query/fields/fields.yml new file mode 100644 index 00000000000..d51db3e3556 --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/dataset/query/fields/fields.yml @@ -0,0 +1,3 @@ +- name: sql. + type: keyword + release: beta diff --git a/dev/packages/beats/sql/0.0.1/dataset/query/fields/package-fields.yml b/dev/packages/beats/sql/0.0.1/dataset/query/fields/package-fields.yml new file mode 100644 index 00000000000..260a07081e1 --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/dataset/query/fields/package-fields.yml @@ -0,0 +1,19 @@ +- name: sql + type: group + fields: + - name: driver + type: keyword + description: | + Driver used to execute the query. + - name: query + type: keyword + description: | + Query executed to collect metrics. + - name: metrics.numeric.* + type: object + description: | + Numeric metrics collected. + - name: metrics.string.* + type: object + description: | + Non-numeric values collected. diff --git a/dev/packages/beats/sql/0.0.1/dataset/query/manifest.yml b/dev/packages/beats/sql/0.0.1/dataset/query/manifest.yml new file mode 100644 index 00000000000..2e04abd918d --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/dataset/query/manifest.yml @@ -0,0 +1,15 @@ +title: sql query metrics +release: experimental +type: metrics +streams: +- input: sql/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: sql query metrics + description: Collect sql query metrics diff --git a/dev/packages/beats/sql/0.0.1/docs/README.md b/dev/packages/beats/sql/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/sql/0.0.1/manifest.yml b/dev/packages/beats/sql/0.0.1/manifest.yml new file mode 100644 index 00000000000..3671f868541 --- /dev/null +++ b/dev/packages/beats/sql/0.0.1/manifest.yml @@ -0,0 +1,52 @@ +format_version: 1.0.0 +name: sql +title: sql +version: 0.0.1 +license: basic +description: sql Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +datasources: +- name: sql + title: sql metrics + description: Collect metrics from sql instances + inputs: + - type: sql/metrics + vars: + - name: driver + type: text + title: Driver + multi: false + required: true + show_user: true + default: postgres + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - user=myuser password=mypassword dbname=mydb sslmode=disable + - name: sql_query + type: text + title: Sql Query + multi: false + required: true + show_user: true + default: select now() + - name: sql_response_format + type: text + title: Sql Response Format + multi: false + required: true + show_user: true + default: table + title: Collect metrics from sql instances + description: Collecting sql query metrics diff --git a/dev/packages/beats/stan/0.0.1/dataset/channels/agent/stream/stream.yml.hbs b/dev/packages/beats/stan/0.0.1/dataset/channels/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a2408250836 --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/channels/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["channels"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/stan/0.0.1/dataset/channels/fields/fields.yml b/dev/packages/beats/stan/0.0.1/dataset/channels/fields/fields.yml new file mode 100644 index 00000000000..bd6aa8e92cd --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/channels/fields/fields.yml @@ -0,0 +1,28 @@ +- name: stan.channels + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The name of the STAN streaming channel + - name: messages + type: long + description: | + The number of STAN streaming messages + - name: bytes + type: long + description: | + The number of STAN bytes in the channel + - name: first_seq + type: long + description: | + First sequence number stored in the channel. If first_seq > min([seq in subscriptions]) data loss has possibly occurred + - name: last_seq + type: long + description: | + Last sequence number stored in the channel + - name: depth + type: long + description: | + Queue depth based upon current sequence number and highest reported subscriber sequence number diff --git a/dev/packages/beats/stan/0.0.1/dataset/channels/fields/package-fields.yml b/dev/packages/beats/stan/0.0.1/dataset/channels/fields/package-fields.yml new file mode 100644 index 00000000000..3100be0e0bc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/channels/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: stan + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: cluster.id + type: keyword + description: | + The cluster ID diff --git a/dev/packages/beats/stan/0.0.1/dataset/channels/manifest.yml b/dev/packages/beats/stan/0.0.1/dataset/channels/manifest.yml new file mode 100644 index 00000000000..f1242989cbc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/channels/manifest.yml @@ -0,0 +1,15 @@ +title: Stan channels metrics +release: experimental +type: metrics +streams: +- input: stan/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + title: Stan channels metrics + description: Collect Stan channels metrics diff --git a/dev/packages/beats/stan/0.0.1/dataset/stats/agent/stream/stream.yml.hbs b/dev/packages/beats/stan/0.0.1/dataset/stats/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..3b06dd6d47b --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/stats/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["stats"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/stan/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/stan/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..a8ad490292a --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,32 @@ +- name: stan.stats + type: group + release: ga + fields: + - name: state + type: keyword + description: | + The cluster / streaming configuration state (STANDALONE, CLUSTERED) + - name: role + type: keyword + description: | + If clustered, role of this node in the cluster (Leader, Follower, Candidate) + - name: clients + type: integer + description: | + The number of STAN clients + - name: subscriptions + type: integer + description: | + The number of STAN streaming subscriptions + - name: channels + type: integer + description: | + The number of STAN channels + - name: messages + type: long + description: | + Number of messages across all STAN queues + - name: bytes + type: long + description: | + Number of bytes consumed across all STAN queues diff --git a/dev/packages/beats/stan/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/stan/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..3100be0e0bc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: stan + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: cluster.id + type: keyword + description: | + The cluster ID diff --git a/dev/packages/beats/stan/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/stan/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..e74af86f18c --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,15 @@ +title: Stan stats metrics +release: experimental +type: metrics +streams: +- input: stan/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + title: Stan stats metrics + description: Collect Stan stats metrics diff --git a/dev/packages/beats/stan/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..521aa4357fc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["subscriptions"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/fields.yml b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/fields.yml new file mode 100644 index 00000000000..b225c893d4a --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/fields.yml @@ -0,0 +1,32 @@ +- name: stan.subscriptions + type: group + release: ga + fields: + - name: id + type: keyword + description: | + The name of the STAN channel subscription (client_id) + - name: channel + type: keyword + description: | + The name of the STAN channel the subscription is associated with + - name: queue + type: keyword + description: | + The name of the NATS queue that the STAN channel subscription is associated with, if any + - name: last_sent + type: long + description: | + Last known sequence number of the subscription that was acked + - name: pending + type: long + description: | + Number of pending messages from / to the subscriber + - name: offline + type: boolean + description: | + Is the subscriber marked as offline? + - name: stalled + type: boolean + description: | + Is the subscriber known to be stalled? diff --git a/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/package-fields.yml b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/package-fields.yml new file mode 100644 index 00000000000..3100be0e0bc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: stan + type: group + fields: + - name: server.id + type: keyword + description: | + The server ID + - name: cluster.id + type: keyword + description: | + The cluster ID diff --git a/dev/packages/beats/stan/0.0.1/dataset/subscriptions/manifest.yml b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/manifest.yml new file mode 100644 index 00000000000..562840b8d87 --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/dataset/subscriptions/manifest.yml @@ -0,0 +1,15 @@ +title: Stan subscriptions metrics +release: experimental +type: metrics +streams: +- input: stan/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + title: Stan subscriptions metrics + description: Collect Stan subscriptions metrics diff --git a/dev/packages/beats/stan/0.0.1/docs/README.md b/dev/packages/beats/stan/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/stan/0.0.1/img/metricbeat-stan-overview.png b/dev/packages/beats/stan/0.0.1/img/metricbeat-stan-overview.png new file mode 100644 index 00000000000..a6ed419fe88 Binary files /dev/null and b/dev/packages/beats/stan/0.0.1/img/metricbeat-stan-overview.png differ diff --git a/dev/packages/beats/stan/0.0.1/img/stan.svg b/dev/packages/beats/stan/0.0.1/img/stan.svg new file mode 100644 index 00000000000..5a1d6e9a52f --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/img/stan.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/stan/0.0.1/kibana/dashboard/b6a60340-4371-11ea-b0c6-cb14c0977bd1.json b/dev/packages/beats/stan/0.0.1/kibana/dashboard/b6a60340-4371-11ea-b0c6-cb14c0977bd1.json new file mode 100644 index 00000000000..489b2d1efff --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/kibana/dashboard/b6a60340-4371-11ea-b0c6-cb14c0977bd1.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "Metrics for STAN channels / subjects", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "98c9a793-903a-47af-900b-8becd2493d0a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "98c9a793-903a-47af-900b-8becd2493d0a", + "panelRefName": "panel_0", + "version": "7.5.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "d11727cf-8d05-45ae-9ae0-2f3b79ab7eda", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "d11727cf-8d05-45ae-9ae0-2f3b79ab7eda", + "panelRefName": "panel_1", + "version": "7.5.2" + } + ], + "timeRestore": false, + "title": "[Metrics Stan] Channel Overview Metrics", + "version": 1 + }, + "id": "b6a60340-4371-11ea-b0c6-cb14c0977bd1", + "references": [ + { + "id": "46a07ac0-436d-11ea-b0c6-cb14c0977bd1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0e412fe0-4371-11ea-b0c6-cb14c0977bd1", + "name": "panel_1", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/stan/0.0.1/kibana/visualization/0e412fe0-4371-11ea-b0c6-cb14c0977bd1.json b/dev/packages/beats/stan/0.0.1/kibana/visualization/0e412fe0-4371-11ea-b0c6-cb14c0977bd1.json new file mode 100644 index 00000000000..36451006379 --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/kibana/visualization/0e412fe0-4371-11ea-b0c6-cb14c0977bd1.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "description": "Queue depth of STAN channels, summed per channel", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Channel Queue Depth [Metrics Stan]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Queue Depth", + "line_width": 1, + "metrics": [ + { + "field": "stan.channels.depth", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "stan.channels.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Channel Queue Depth [Metrics Stan]", + "type": "metrics" + } + }, + "id": "0e412fe0-4371-11ea-b0c6-cb14c0977bd1", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/stan/0.0.1/kibana/visualization/46a07ac0-436d-11ea-b0c6-cb14c0977bd1.json b/dev/packages/beats/stan/0.0.1/kibana/visualization/46a07ac0-436d-11ea-b0c6-cb14c0977bd1.json new file mode 100644 index 00000000000..7d61e5614fa --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/kibana/visualization/46a07ac0-436d-11ea-b0c6-cb14c0977bd1.json @@ -0,0 +1,66 @@ +{ + "attributes": { + "description": "Number of messages in each channel / subject", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Channel Messages [Metrics Stan]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "STAN Queue Messages", + "line_width": 1, + "metrics": [ + { + "field": "stan.channels.messages", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "stan.channels.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Channel Messages [Metrics Stan]", + "type": "metrics" + } + }, + "id": "46a07ac0-436d-11ea-b0c6-cb14c0977bd1", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/stan/0.0.1/manifest.yml b/dev/packages/beats/stan/0.0.1/manifest.yml new file mode 100644 index 00000000000..b2007fe4bdc --- /dev/null +++ b/dev/packages/beats/stan/0.0.1/manifest.yml @@ -0,0 +1,42 @@ +format_version: 1.0.0 +name: stan +title: Stan +version: 0.0.1 +license: basic +description: Stan Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.5.2 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-stan-overview.png + title: metricbeat stan overview + size: 1829x447 + type: image/png +icons: +- src: /img/stan.svg + title: stan + size: 32x32 + type: image/svg+xml +datasources: +- name: stan + title: Stan metrics + description: Collect metrics from Stan instances + inputs: + - type: stan/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8222 + title: Collect metrics from Stan instances + description: Collecting Stan channels, stats and subscriptions metrics diff --git a/dev/packages/beats/statsd/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/statsd/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..927804223ae --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["server"] diff --git a/dev/packages/beats/statsd/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/statsd/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..322bf637ffa --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,3 @@ +- name: statsd. + type: keyword + release: ga diff --git a/dev/packages/beats/statsd/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/statsd/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..980843c9a11 --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,11 @@ +- name: statsd + type: group + fields: + - name: '*.count' + type: object + description: | + Statsd counters + - name: '*.*' + type: object + description: | + Statsd metrics diff --git a/dev/packages/beats/statsd/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/statsd/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..35b1fc66805 --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,7 @@ +title: Statsd server metrics +release: experimental +type: metrics +streams: +- input: statsd/metrics + title: Statsd server metrics + description: Collect Statsd server metrics diff --git a/dev/packages/beats/statsd/0.0.1/docs/README.md b/dev/packages/beats/statsd/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/statsd/0.0.1/img/statsd.svg b/dev/packages/beats/statsd/0.0.1/img/statsd.svg new file mode 100644 index 00000000000..a745cd71efa --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/img/statsd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/statsd/0.0.1/manifest.yml b/dev/packages/beats/statsd/0.0.1/manifest.yml new file mode 100644 index 00000000000..b63436bf470 --- /dev/null +++ b/dev/packages/beats/statsd/0.0.1/manifest.yml @@ -0,0 +1,27 @@ +format_version: 1.0.0 +name: statsd +title: Statsd +version: 0.0.1 +license: basic +description: Statsd Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: {} + elasticsearch: {} +icons: +- src: /img/statsd.svg + title: statsd + size: 266x266 + type: image/svg+xml +datasources: +- name: statsd + title: Statsd metrics + description: Collect metrics from Statsd instances + inputs: + - type: statsd/metrics + title: Collect metrics from Statsd instances + description: Collecting Statsd server metrics diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/agent/stream/log.yml.hbs b/dev/packages/beats/suricata/0.0.1/dataset/eve/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e7ad545e8b7 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/agent/stream/log.yml.hbs @@ -0,0 +1,396 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: suricata.eve + - convert: + ignore_missing: true + ignore_failure: true + mode: rename + fields: + - {from: suricata.eve.src_ip, to: source.address} + - {from: suricata.eve.src_port, to: source.port, type: long} + - {from: suricata.eve.dest_ip, to: destination.address} + - {from: suricata.eve.dest_port, to: destination.port, type: long} + - {from: suricata.eve.proto, to: network.transport} + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: source.address, to: source.ip, type: ip} + - {from: destination.address, to: destination.ip, type: ip} + - {from: '@timestamp', to: event.created} + - timestamp: + field: suricata.eve.timestamp + layouts: + - '2006-01-02T15:04:05.999999999Z0700' # ISO8601 + - drop_fields: + fields: + - suricata.eve.timestamp +{{#if community_id}} + - community_id: +{{/if}} + - if: + equals: + suricata.eve.event_type: dns + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.id, to: dns.id, type: string} + - {from: suricata.eve.dns.rcode, to: dns.response_code} + - {from: suricata.eve.dns.type, to: dns.type} + - convert: + when.equals.dns.type: query + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.rrname, to: dns.question.name} + - {from: suricata.eve.dns.rrtype, to: dns.question.type} + - if: + and: + - equals.dns.type: answer + - equals.suricata.eve.dns.version: 2 + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.dns.rrname, to: dns.question.name} + - {from: suricata.eve.dns.rrtype, to: dns.question.type} + - registered_domain: + ignore_missing: true + ignore_failure: true + field: dns.question.name + target_field: dns.question.registered_domain + - script: + id: eve_process + lang: javascript + source: >- + function addEcsCategorization(evt) { + var event_type = evt.Get("suricata.eve.event_type"); + if (event_type == null) { + return; + } + var catArray = []; + var typeArray = []; + evt.Put("suricata.eve.event_type", event_type.toLowerCase()); + switch (event_type.toLowerCase()) { + case "alert": + evt.Put("event.kind", "alert"); + catArray.push("network"); + catArray.push("intrusion_detection"); + break; + case "anomaly": + evt.Put("event.kind", "event"); + catArray.push("network"); + break; + case "http": + evt.Put("event.kind", "event"); + catArray.push("network"); + catArray.push("web"); + typeArray.push("access"); + typeArray.push("protocol"); + evt.Put("network.protocol", "http"); + var status = evt.Get("suricata.eve.http.status"); + if (status == null) { + break; + } + if (status < 400) { + evt.Put("event.outcome", "success"); + } + if (status >= 400 ) { + evt.Put("event.outcome", "failure"); + } + break; + case "dns": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "dns"); + break; + case "ftp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ftp"); + break; + case "ftp_data": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ftp"); + break; + case "tls": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "tls"); + break; + case "tftp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "tftp"); + break; + case "smb": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "smb"); + break; + case "ssh": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "ssh"); + break; + case "flow": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("connection"); + var state = evt.Get("suricata.eve.flow.state"); + if (state == null) { + break; + } + switch (state) { + case "new": + typeArray.push("start"); + break; + case "closed": + typeArray.push("end"); + break; + } + break; + case "rdp": + evt.Put("event.kind", "event"); + catArray.push("network"); + typeArray.push("protocol"); + evt.Put("network.protocol", "rdp"); + break; + case "stats": + evt.Put("event.kind", "metric"); + break; + default: + evt.Put("event.kind", "event"); + catArray.push("network"); + } + if (catArray.length > 0) { + evt.Put("event.category", catArray); + } + if (typeArray.length > 0) { + evt.Put("event.type", typeArray); + } + } + function setDnsV1Answers(evt) { + var dns_type = evt.Get("dns.type") + if (dns_type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version == "2") { + return; + } + var name = evt.Get("suricata.eve.dns.rrname"); + var data = evt.Get("suricata.eve.dns.rdata"); + var type = evt.Get("suricata.eve.dns.rrtype"); + var ttl = evt.Get("suricata.eve.dns.ttl"); + var answer = {}; + if (name) { + answer.name = name; + } + if (data) { + answer.data = data; + } + if (type) { + answer.type = type; + } + if (ttl) { + answer.ttl = ttl; + } + if (Object.keys(answer).length === 0) { + return; + } + evt.Put("dns.answers", [answer]); + } + function addDnsV2Answers(evt) { + var type = evt.Get("dns.type") + if (type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version != 2) { + return; + } + var answers = evt.Get("suricata.eve.dns.answers"); + if (!answers) { + return; + } + evt.Delete("suricata.eve.dns.answers"); + var resolvedIps = []; + for (var i = 0; i < answers.length; i++) { + var answer = answers[i]; + // Rename properties. + var name = answer["rrname"]; + delete answer["rrname"]; + var type = answer["rrtype"]; + delete answer["rrtype"]; + var data = answer["rdata"]; + delete answer["rdata"]; + answer["name"] = name; + answer["type"] = type; + answer["data"] = data; + // Append IP addresses to dns.resolved_ip. + if (type === "A" || type === "AAAA") { + resolvedIps.push(data); + } + } + evt.Put("dns.answers", answers); + if (resolvedIps.length > 0) { + evt.Put("dns.resolved_ip", resolvedIps); + } + } + function addDnsV2HeaderFlags(evt) { + var type = evt.Get("dns.type") + if (type != "answer") { + return; + } + var version = evt.Get("suricata.eve.dns.version") + if (version != 2) { + return; + } + var flag = evt.Get("suricata.eve.dns.aa"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "AA"); + } + flag = evt.Get("suricata.eve.dns.tc"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "TC"); + } + flag = evt.Get("suricata.eve.dns.rd"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RD"); + } + flag = evt.Get("suricata.eve.dns.ra"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RA"); + } + } + function addTopLevelDomain(evt) { + var rd = evt.Get("dns.question.registered_domain"); + if (rd == null) { + return; + } + var firstPeriod = rd.indexOf("."); + if (firstPeriod == -1) { + return; + } + evt.Put("dns.question.top_level_domain", rd.substr(firstPeriod + 1)); + } + function cleanupAppProto(evt) { + var proto = evt.Get("suricata.eve.app_proto"); + if (proto == null){ + return; + } + switch (proto.toLowerCase()) { + case "failed": + case "template": + case "template-rust": + break; + case "ftp-data": + evt.Put("network.protocol", "ftp"); + break; + default: + evt.Put("network.protocol", proto.toLowerCase()); + } + evt.Delete("suricata.eve.app_proto"); + } + function addRelatedIps(evt) { + var src_ip = evt.Get("source.ip"); + if (src_ip != null) { + evt.AppendTo("related.ip", src_ip); + } + var dst_ip = evt.Get("destination.ip"); + if (dst_ip != null) { + evt.AppendTo("related.ip", dst_ip); + } + } + function addTlsVersion(evt) { + var tls_version = evt.Get("suricata.eve.tls.version"); + if (tls_version == null) { + return; + } + var parts = tls_version.split(" "); + if (parts.length < 2) { + return; + } + evt.Put("tls.version_protocol", parts[0].toLowerCase()); + evt.Put("tls.version", parts[1]); + } + function cleanupTlsSni(evt) { + var sni = evt.Get("suricata.eve.tls.sni"); + if (sni == null) { + return; + } + if ("." == sni.charAt(sni.length - 1)) { + evt.Put("suricata.eve.tls.sni", sni.substring(0, sni.length - 1)); + } + } + function process(evt) { + var event_type = evt.Get("suricata.eve.event_type"); + addEcsCategorization(evt); + if (event_type == "dns") { + setDnsV1Answers(evt); + addDnsV2Answers(evt); + addDnsV2HeaderFlags(evt); + addTopLevelDomain(evt); + } + cleanupAppProto(evt); + addRelatedIps(evt); + addTlsVersion(evt); + cleanupTlsSni(evt); + } + - if: + equals: + suricata.eve.event_type: tls + then: + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: suricata.eve.tls.subject, to: tls.server.subject} + - {from: suricata.eve.tls.issuerdn, to: tls.server.issuer} + - {from: suricata.eve.tls.session_resumed, to: tls.resumed, type: boolean} + - {from: suricata.eve.tls.fingerprint, to: tls.server.hash.sha1} + - {from: suricata.eve.tls.sni, to: tls.client.server_name} + - {from: suricata.eve.tls.sni, to: destination.domain} + - {from: suricata.eve.tls.notbefore, to: tls.server.not_before} + - {from: suricata.eve.tls.notafter, to: tls.server.not_after} + - {from: suricata.eve.tls.ja3s, to: tls.server.ja3s} + - {from: suricata.eve.tls.certificate, to: tls.server.certificate} + - {from: suricata.eve.tls.chain, to: tls.server.certificate_chain} + - drop_fields: + ignore_missing: true + fields: + - suricata.eve.dns.aa + - suricata.eve.dns.tc + - suricata.eve.dns.rd + - suricata.eve.dns.ra + - suricata.eve.dns.qr + - suricata.eve.dns.version + - suricata.eve.dns.flags + - suricata.eve.dns.grouped \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/suricata/0.0.1/dataset/eve/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..4da1873e26a --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,244 @@ +--- +description: Pipeline for parsing Suricata EVE logs + +processors: + - lowercase: + field: suricata.eve.http.http_method + target_field: http.request.method + ignore_missing: true + - rename: + field: suricata.eve.http.status + target_field: http.response.status_code + ignore_missing: true + - append: + if: ctx.suricata?.eve?.http?.hostname != null + value: '{{suricata.eve.http.hostname}}' + field: destination.domain + - remove: + field: suricata.eve.http.hostname + ignore_failure: true + - script: + lang: painless + source: > + def domain = ctx.destination?.domain; + if (domain instanceof Collection) { + domain = domain.stream().distinct().collect(Collectors.toList()); + if (domain.length == 1) { + domain = domain[0]; + } + ctx.destination.domain = domain; + } + ignore_failure: true + - set: + if: "ctx?.destination?.domain != null && ctx?.network?.protocol == 'http'" + field: url.domain + value: '{{destination.domain}}' + - grok: + field: suricata.eve.http.url + patterns: + - '%{PATH:url.path}(?:\?%{QUERY:url.query})?(?:#%{ANY:url.fragment})?' + ignore_missing: true + pattern_definitions: + PATH: '[^?#]*' + QUERY: '[^#]*' + ANY: '.*' + - rename: + field: suricata.eve.http.url + target_field: url.original + ignore_missing: true + - rename: + field: suricata.eve.http.http_refer + target_field: http.request.referrer + ignore_missing: true + - rename: + field: suricata.eve.http.length + target_field: http.response.body.bytes + ignore_missing: true + - rename: + field: suricata.eve.fileinfo.filename + target_field: file.path + ignore_missing: true + - rename: + field: suricata.eve.fileinfo.size + target_field: file.size + ignore_missing: true + - lowercase: + field: network.transport + ignore_missing: true + - convert: + field: suricata.eve.alert.category + target_field: message + type: string + ignore_missing: true + - set: + field: rule.category + value: "{{suricata.eve.alert.category}}" + if: "ctx?.suricata?.eve?.alert?.category != null" + - set: + field: rule.id + value: "{{suricata.eve.alert.signature_id}}" + if: "ctx?.suricata?.eve?.alert?.signature_id != null" + - set: + field: rule.name + value: "{{suricata.eve.alert.signature}}" + if: "ctx?.suricata?.eve?.alert?.signature != null" + - set: + field: suricata.eve.alert.action + value: denied + if: "ctx?.suricata?.eve?.alert?.action == 'blocked'" + - append: + field: event.type + value: "{{suricata.eve.alert.action}}" + if: "ctx?.suricata?.eve?.alert?.action != null" + - remove: + field: suricata.eve.alert.action + ignore_failure: true + - rename: + field: suricata.eve.alert.severity + target_field: event.severity + ignore_missing: true + - rename: + field: suricata.eve.flow.pkts_toclient + target_field: destination.packets + ignore_missing: true + - rename: + field: suricata.eve.flow.pkts_toserver + target_field: source.packets + ignore_missing: true + - rename: + field: suricata.eve.flow.bytes_toclient + target_field: destination.bytes + ignore_missing: true + - rename: + field: suricata.eve.flow.bytes_toserver + target_field: source.bytes + ignore_missing: true + - script: + lang: painless + source: > + long getOrZero(def map, def key) { + if (map!=null && map[key]!=null) { + return map[key]; + } + return 0; + } + def network=ctx['network'], source=ctx['source'], dest=ctx['destination']; + def sp=getOrZero(source,'packets'), sb=getOrZero(source,'bytes'), dp=getOrZero(dest,'packets'), db=getOrZero(dest,'bytes'); + if (sb+db+sp+dp > 0) { + if (network == null) { + network=new HashMap(); + ctx['network']=network; + } + if (sb+db > 0) { + network['bytes'] = sb+db; + } + if(sp+dp>0) { + network['packets'] = sp+dp; + } + } + - date: + field: suricata.eve.flow.start + target_field: event.start + formats: + - ISO8601 + ignore_failure: true + - date: + field: suricata.eve.flow.end + target_field: event.end + formats: + - ISO8601 + ignore_failure: true + - script: + lang: painless + source: > + Instant ins(def d) { + try { + return Instant.parse(d); + } catch(Exception e) { + return null; + } + } + def ev = ctx['event']; + if (ev != null) { + def start = ins(ev['start']); + def end = ins(ev['end']); + if (start != null && end != null && !start.isAfter(end)) { + ev['duration'] = Duration.between(start,end).toNanos(); + } + } + - lowercase: + field: suricata.eve.proto + target_field: network.transport + ignore_missing: true + - user_agent: + field: suricata.eve.http.http_user_agent + ignore_missing: true + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - uppercase: + field: tls.server.hash.sha1 + ignore_missing: true + - split: + field: tls.server.hash.sha1 + separator: ":" + ignore_missing: true + - join: + field: tls.server.hash.sha1 + separator: "" + ignore_failure: true + - append: + field: related.hash + value: "{{tls.server.hash.sha1}}" + if: "ctx?.tls?.server?.hash?.sha1 != null" + - remove: + field: + - suricata.eve.app_proto + - suricata.eve.flow.end + - suricata.eve.flow.start + - suricata.eve.http.http_method + - suricata.eve.http.http_user_agent + ignore_missing: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/ecs.yml b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/ecs.yml new file mode 100644 index 00000000000..7b856bbf188 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/ecs.yml @@ -0,0 +1,190 @@ +- name: '@timestamp' + level: core + required: true + type: date + description: |- + Date/time when the event originated. + This is the date/time extracted from the event, typically representing when the event was generated by the source. + If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. + Required field for all events. +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: bytes + level: core + type: long + format: bytes + description: Bytes sent from the destination to the source. + - name: ip + level: core + type: ip + description: IP address of the destination (IPv4 or IPv6). + - name: packets + level: core + type: long + description: Packets sent from the destination to the source. + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: event + title: Event + group: 2 + type: group + fields: + - name: outcome + level: core + type: keyword + description: |- + This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. + Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. + Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + ignore_above: 1024 + - name: severity + level: core + type: long + format: string + description: |- + The numeric severity of the event according to your event source. + What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. + The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. + - name: start + level: extended + type: date + description: event.start contains the date when the event started or when the + activity was first observed. +- name: file + title: File + group: 2 + type: group + fields: + - name: path + level: extended + type: keyword + description: Full path to the file, including the file name. It should include + the drive letter, when appropriate. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: size + level: extended + type: long + description: |- + File size in bytes. + Only relevant when `file.type` is "file". +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. +- name: network + title: Network + group: 2 + type: group + fields: + - name: protocol + level: core + type: keyword + description: |- + L7 Network protocol name. ex. http, lumberjack, transport protocol. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: transport + level: core + type: keyword + description: |- + Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: bytes + level: core + type: long + format: bytes + description: Bytes sent from the source to the destination. + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). + - name: packets + level: core + type: long + description: Packets sent from the source to the destination. + - name: port + level: core + type: long + format: string + description: Port of the source. +- name: url + title: URL + group: 2 + type: group + fields: + - name: domain + level: extended + type: keyword + description: |- + Domain of the url, such as "www.elastic.co". + In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/fields.yml b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/fields.yml new file mode 100644 index 00000000000..4764bec36a3 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/fields.yml @@ -0,0 +1,460 @@ +- name: suricata.eve + type: group + fields: + - name: event_type + type: keyword + - name: app_proto_orig + type: keyword + - name: tcp + type: group + fields: + - name: tcp_flags + type: keyword + - name: psh + type: boolean + - name: tcp_flags_tc + type: keyword + - name: ack + type: boolean + - name: syn + type: boolean + - name: state + type: keyword + - name: tcp_flags_ts + type: keyword + - name: rst + type: boolean + - name: fin + type: boolean + - name: fileinfo + type: group + fields: + - name: sha1 + type: keyword + - name: tx_id + type: long + - name: state + type: keyword + - name: stored + type: boolean + - name: gaps + type: boolean + - name: sha256 + type: keyword + - name: md5 + type: keyword + - name: icmp_type + type: long + - name: pcap_cnt + type: long + - name: dns + type: group + fields: + - name: type + type: keyword + - name: rrtype + type: keyword + - name: rrname + type: keyword + - name: rdata + type: keyword + - name: tx_id + type: long + - name: ttl + type: long + - name: rcode + type: keyword + - name: id + type: long + - name: flow_id + type: keyword + - name: email + type: group + fields: + - name: status + type: keyword + - name: icmp_code + type: long + - name: http + type: group + fields: + - name: redirect + type: keyword + - name: protocol + type: keyword + - name: http_content_type + type: keyword + - name: in_iface + type: keyword + - name: alert + type: group + fields: + - name: category + type: keyword + - name: rev + type: long + - name: gid + type: long + - name: signature + type: keyword + - name: signature_id + type: long + - name: ssh + type: group + fields: + - name: client + type: group + fields: + - name: proto_version + type: keyword + - name: software_version + type: keyword + - name: server + type: group + fields: + - name: proto_version + type: keyword + - name: software_version + type: keyword + - name: stats + type: group + fields: + - name: capture + type: group + fields: + - name: kernel_packets + type: long + - name: kernel_drops + type: long + - name: kernel_ifdrops + type: long + - name: uptime + type: long + - name: detect + type: group + fields: + - name: alert + type: long + - name: http + type: group + fields: + - name: memcap + type: long + - name: memuse + type: long + - name: file_store + type: group + fields: + - name: open_files + type: long + - name: defrag + type: group + fields: + - name: max_frag_hits + type: long + - name: ipv4 + type: group + fields: + - name: timeouts + type: long + - name: fragments + type: long + - name: reassembled + type: long + - name: ipv6 + type: group + fields: + - name: timeouts + type: long + - name: fragments + type: long + - name: reassembled + type: long + - name: flow + type: group + fields: + - name: tcp_reuse + type: long + - name: udp + type: long + - name: memcap + type: long + - name: emerg_mode_entered + type: long + - name: emerg_mode_over + type: long + - name: tcp + type: long + - name: icmpv6 + type: long + - name: icmpv4 + type: long + - name: spare + type: long + - name: memuse + type: long + - name: tcp + type: group + fields: + - name: pseudo_failed + type: long + - name: ssn_memcap_drop + type: long + - name: insert_data_overlap_fail + type: long + - name: sessions + type: long + - name: pseudo + type: long + - name: synack + type: long + - name: insert_data_normal_fail + type: long + - name: syn + type: long + - name: memuse + type: long + - name: invalid_checksum + type: long + - name: segment_memcap_drop + type: long + - name: overlap + type: long + - name: insert_list_fail + type: long + - name: rst + type: long + - name: stream_depth_reached + type: long + - name: reassembly_memuse + type: long + - name: reassembly_gap + type: long + - name: overlap_diff_data + type: long + - name: no_flow + type: long + - name: decoder + type: group + fields: + - name: avg_pkt_size + type: long + - name: bytes + type: long + - name: tcp + type: long + - name: raw + type: long + - name: ppp + type: long + - name: vlan_qinq + type: long + - name: "null" + type: long + - name: ltnull + type: group + fields: + - name: unsupported_type + type: long + - name: pkt_too_small + type: long + - name: invalid + type: long + - name: gre + type: long + - name: ipv4 + type: long + - name: ipv6 + type: long + - name: pkts + type: long + - name: ipv6_in_ipv6 + type: long + - name: ipraw + type: group + fields: + - name: invalid_ip_version + type: long + - name: pppoe + type: long + - name: udp + type: long + - name: dce + type: group + fields: + - name: pkt_too_small + type: long + - name: vlan + type: long + - name: sctp + type: long + - name: max_pkt_size + type: long + - name: teredo + type: long + - name: mpls + type: long + - name: sll + type: long + - name: icmpv6 + type: long + - name: icmpv4 + type: long + - name: erspan + type: long + - name: ethernet + type: long + - name: ipv4_in_ipv6 + type: long + - name: ieee8021ah + type: long + - name: dns + type: group + fields: + - name: memcap_global + type: long + - name: memcap_state + type: long + - name: memuse + type: long + - name: flow_mgr + type: group + fields: + - name: rows_busy + type: long + - name: flows_timeout + type: long + - name: flows_notimeout + type: long + - name: rows_skipped + type: long + - name: closed_pruned + type: long + - name: new_pruned + type: long + - name: flows_removed + type: long + - name: bypassed_pruned + type: long + - name: est_pruned + type: long + - name: flows_timeout_inuse + type: long + - name: flows_checked + type: long + - name: rows_maxlen + type: long + - name: rows_checked + type: long + - name: rows_empty + type: long + - name: app_layer + type: group + fields: + - name: flow + type: group + fields: + - name: tls + type: long + - name: ftp + type: long + - name: http + type: long + - name: failed_udp + type: long + - name: dns_udp + type: long + - name: dns_tcp + type: long + - name: smtp + type: long + - name: failed_tcp + type: long + - name: msn + type: long + - name: ssh + type: long + - name: imap + type: long + - name: dcerpc_udp + type: long + - name: dcerpc_tcp + type: long + - name: smb + type: long + - name: tx + type: group + fields: + - name: tls + type: long + - name: ftp + type: long + - name: http + type: long + - name: dns_udp + type: long + - name: dns_tcp + type: long + - name: smtp + type: long + - name: ssh + type: long + - name: dcerpc_udp + type: long + - name: dcerpc_tcp + type: long + - name: smb + type: long + - name: tls + type: group + fields: + - name: notbefore + type: date + - name: issuerdn + type: keyword + - name: sni + type: keyword + - name: version + type: keyword + - name: session_resumed + type: boolean + - name: fingerprint + type: keyword + - name: serial + type: keyword + - name: notafter + type: date + - name: subject + type: keyword + - name: app_proto_ts + type: keyword + - name: flow + type: group + fields: + - name: age + type: long + - name: state + type: keyword + - name: reason + type: keyword + - name: end + type: date + - name: alerted + type: boolean + - name: tx_id + type: long + - name: app_proto_tc + type: keyword + - name: smtp + type: group + fields: + - name: rcpt_to + type: keyword + - name: mail_from + type: keyword + - name: helo + type: keyword + - name: app_proto_expected + type: keyword + - name: flags + type: group diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/package-fields.yml b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/package-fields.yml new file mode 100644 index 00000000000..640c479225e --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: suricata + type: group diff --git a/dev/packages/beats/suricata/0.0.1/dataset/eve/manifest.yml b/dev/packages/beats/suricata/0.0.1/dataset/eve/manifest.yml new file mode 100644 index 00000000000..e7945be9adb --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/dataset/eve/manifest.yml @@ -0,0 +1,24 @@ +title: Suricata eve logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/suricata/eve.json + os: + darwin: + default: + - /usr/local/var/log/suricata/eve.json + windows: + default: + - c:/program files/suricata/log/eve.json + template_path: log.yml.hbs + title: Suricata eve logs (log) + description: Collect Suricata eve logs using log input diff --git a/dev/packages/beats/suricata/0.0.1/docs/README.md b/dev/packages/beats/suricata/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-alerts.png b/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-alerts.png new file mode 100644 index 00000000000..a9eb5794ce9 Binary files /dev/null and b/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-alerts.png differ diff --git a/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-events.png b/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-events.png new file mode 100644 index 00000000000..9395c641ebf Binary files /dev/null and b/dev/packages/beats/suricata/0.0.1/img/filebeat-suricata-events.png differ diff --git a/dev/packages/beats/suricata/0.0.1/img/suricata.svg b/dev/packages/beats/suricata/0.0.1/img/suricata.svg new file mode 100644 index 00000000000..06e627a7e4b --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/img/suricata.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/dashboard/05268ee0-86d1-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/dashboard/05268ee0-86d1-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..b6404b08bad --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/dashboard/05268ee0-86d1-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,169 @@ +{ + "attributes": { + "description": "Overview of the Suricata Alerts dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "2", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 48, + "x": 0, + "y": 37 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 38.548165423046584, + -6.328125000000001 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "4", + "w": 23, + "x": 0, + "y": 22 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 41.77131167976407, + 1.9335937500000002 + ], + "mapZoom": 2 + }, + "gridData": { + "h": 15, + "i": "5", + "w": 25, + "x": 23, + "y": 22 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 11, + "y": 10 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 11, + "x": 0, + "y": 10 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Suricata] Alert Overview ECS", + "version": 1 + }, + "id": "05268ee0-86d1-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "494fa290-86d2-11e8-b59d-21efb914e65c-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "16033310-86d3-11e8-b59d-21efb914e65c-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "panel_2", + "type": "search" + }, + { + "id": "85fed080-86d7-11e8-b59d-21efb914e65c-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a09ca070-86d7-11e8-b59d-21efb914e65c-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/dashboard/78289c40-86da-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/dashboard/78289c40-86da-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..4a748c23804 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/dashboard/78289c40-86da-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,193 @@ +{ + "attributes": { + "description": "Overview of the Surcata events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "2", + "w": 9, + "x": 0, + "y": 20 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "3", + "w": 11, + "x": 19, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "4", + "w": 48, + "x": 0, + "y": 10 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "5", + "w": 48, + "x": 0, + "y": 34 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "6", + "w": 9, + "x": 30, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "7", + "w": 9, + "x": 39, + "y": 20 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "8", + "w": 10, + "x": 9, + "y": 20 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "9", + "w": 48, + "x": 0, + "y": 53 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Suricata] Events Overview ECS", + "version": 1 + }, + "id": "78289c40-86da-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "c7d46c60-86da-11e8-b59d-21efb914e65c-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0a0aa630-86db-11e8-b59d-21efb914e65c-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "728f64c0-86db-11e8-b59d-21efb914e65c-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "panel_4", + "type": "search" + }, + { + "id": "5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "0a363820-86dd-11e8-b59d-21efb914e65c-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", + "name": "panel_8", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/search/13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/search/13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..27c36cdef72 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/search/13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "columns": [ + "host.name", + "suricata.eve.event_type", + "suricata.eve.flow_id", + "network.transport", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "destination.geo.region_name", + "destination.geo.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "suricata.eve.event_type", + "negate": true, + "params": { + "query": "stats", + "type": "phrase" + }, + "type": "phrase", + "value": "stats" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "stats", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"suricata.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "suricata." + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Events [Logs Suricata] ECS", + "version": 1 + }, + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/search/1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/search/1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..d8bd3c470e0 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/search/1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,103 @@ +{ + "attributes": { + "columns": [ + "host.name", + "suricata.eve.flow_id", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "source.geo.country_iso_code", + "destination.geo.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "suricata.eve.event_type", + "negate": false, + "params": { + "query": "alert", + "type": "phrase" + }, + "type": "phrase", + "value": "alert" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "alert", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"suricata.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "suricata." + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Alerts [Logs Suricata] ECS", + "version": 1 + }, + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/search/d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/search/d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..8391bab83cf --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/search/d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "columns": [ + "host.name", + "suricata.eve.stats.detect.alert", + "suricata.eve.stats.app_layer.flow.dns_udp", + "suricata.eve.stats.app_layer.flow.tls", + "suricata.eve.stats.app_layer.flow.http", + "suricata.eve.stats.app_layer.flow.ssh", + "suricata.eve.stats.tcp.sessions" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "suricata.eve.event_type", + "negate": false, + "params": { + "query": "stats", + "type": "phrase" + }, + "type": "phrase", + "value": "stats" + }, + "query": { + "match": { + "suricata.eve.event_type": { + "query": "stats", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"suricata.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "suricata." + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Host Stats [Logs Suricata] ECS", + "version": 1 + }, + "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a0aa630-86db-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a0aa630-86db-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..1c26890416d --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a0aa630-86db-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Event Types [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Event Types [Logs Suricata] ECS", + "type": "pie" + } + }, + "id": "0a0aa630-86db-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a363820-86dd-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a363820-86dd-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..8283b4c02ac --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/0a363820-86dd-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Network Protocols [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Top Network Protocols [Logs Suricata] ECS", + "type": "pie" + } + }, + "id": "0a363820-86dd-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/16033310-86d3-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/16033310-86d3-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..59c486ea5c2 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/16033310-86d3-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Alert Signatures [Logs Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Signature", + "field": "suricata.eve.alert.signature", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Alert Category", + "field": "suricata.eve.alert.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Alert Signatures [Logs Suricata] ECS", + "type": "table" + } + }, + "id": "16033310-86d3-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..3626f606d75 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Alerts - Top Destination Countries [Logs Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Alerts - Top Destination Countries [Logs Suricata] ECS", + "type": "table" + } + }, + "id": "2ccdc1a0-86d8-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/494fa290-86d2-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/494fa290-86d2-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..f3ef6db2937 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/494fa290-86d2-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Alerting Hosts [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Alerting Hosts [Logs Suricata] ECS", + "type": "histogram" + } + }, + "id": "494fa290-86d2-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..d05e47262b6 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Connection Source Countries [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Source Countries", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Connection Source Countries [Logs Suricata] ECS", + "type": "tagcloud" + } + }, + "id": "5f99eb50-86dc-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/728f64c0-86db-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/728f64c0-86db-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..06483e7bb21 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/728f64c0-86db-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Application Protocols [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Top Application Protocols [Logs Suricata] ECS", + "type": "pie" + } + }, + "id": "728f64c0-86db-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/85fed080-86d7-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/85fed080-86d7-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..b5eb02b380f --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/85fed080-86d7-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Alert - Source Location [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "baseLayersAreLoaded": {}, + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + }, + "tmsLayers": [ + { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + } + ] + } + }, + "title": "Alert - Source Location [Logs Suricata] ECS", + "type": "tile_map" + } + }, + "id": "85fed080-86d7-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..13234db3b3b --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,64 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Connection Destination Countries [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Destination Countries", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Top Connection Destination Countries [Logs Suricata] ECS", + "type": "tagcloud" + } + }, + "id": "8e7f88d0-86dc-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..df215080979 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Hosts Generating Events [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Top Hosts Generating Events [Logs Suricata] ECS", + "type": "histogram" + } + }, + "id": "9d5b5b50-86db-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/a09ca070-86d7-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/a09ca070-86d7-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..46416a09179 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/a09ca070-86d7-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Alert - Destination Location [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "baseLayersAreLoaded": {}, + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + }, + "selectedTmsLayer": { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + }, + "tmsLayers": [ + { + "attribution": "\u003cp\u003e\u0026#169; \u003ca href=\"http://www.openstreetmap.org/copyright\"\u003eOpenStreetMap\u003c/a\u003e contributors | \u003ca href=\"https://www.elastic.co/elastic-maps-service\"\u003eElastic Maps Service\u003c/a\u003e\u003c/p\u003e\u0026#10;", + "id": "road_map", + "maxZoom": 18, + "minZoom": 0, + "subdomains": [], + "url": "https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree\u0026my_app_name=kibana\u0026my_app_version=6.3.0\u0026license=fc9de2c1-5f06-4080-8dd0-8a334171d89a" + } + ] + } + }, + "title": "Alert - Destination Location [Logs Suricata] ECS", + "type": "tile_map" + } + }, + "id": "a09ca070-86d7-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..cb0ec413f6e --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Alerts - Top Source Countries [Logs Suricata] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Alerts - Top Source Countries [Logs Suricata] ECS", + "type": "table" + } + }, + "id": "c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7d46c60-86da-11e8-b59d-21efb914e65c-ecs.json b/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7d46c60-86da-11e8-b59d-21efb914e65c-ecs.json new file mode 100644 index 00000000000..660f29944c7 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/kibana/visualization/c7d46c60-86da-11e8-b59d-21efb914e65c-ecs.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Activity Types over Time [Logs Suricata] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Activity Types over Time [Logs Suricata] ECS", + "type": "histogram" + } + }, + "id": "c7d46c60-86da-11e8-b59d-21efb914e65c-ecs", + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/suricata/0.0.1/manifest.yml b/dev/packages/beats/suricata/0.0.1/manifest.yml new file mode 100644 index 00000000000..0cd06a1d510 --- /dev/null +++ b/dev/packages/beats/suricata/0.0.1/manifest.yml @@ -0,0 +1,54 @@ +format_version: 1.0.0 +name: suricata +title: Suricata +version: 0.0.1 +license: basic +description: Suricata Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/filebeat-suricata-events.png + title: filebeat suricata events + size: 1386x1115 + type: image/png +- src: /img/filebeat-suricata-alerts.png + title: filebeat suricata alerts + size: 1386x1115 + type: image/png +icons: +- src: /img/suricata.svg + title: suricata + size: 309x309 + type: image/svg+xml +datasources: +- name: suricata + title: Suricata logs + description: Collect logs from Suricata instances + inputs: + - type: logs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - suricata + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + title: Collect logs from Suricata instances + description: Collecting Suricata eve logs diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/agent/stream/log.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/auth/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..59cd1f92bc7 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/agent/stream/log.yml.hbs @@ -0,0 +1,10 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: "^\\s" + match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/system/0.0.1/dataset/auth/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..8df0a77e582 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,121 @@ +{ + "description": "Pipeline for parsing system authorisation/secure logs", + "processors": [ + { + "grok": { + "field": "message", + "ignore_missing": true, + "pattern_definitions" : { + "GREEDYMULTILINE" : "(.|\n)*", + "TIMESTAMP": "(?:%{TIMESTAMP_ISO8601}|%{SYSLOGTIMESTAMP})" + }, + "patterns": [ + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: %{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user )?%{DATA:user.name} from %{IPORHOST:source.ip} port %{NUMBER:source.port:long} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: %{DATA:system.auth.ssh.event} user %{DATA:user.name} from %{IPORHOST:source.ip}", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: \\s*%{DATA:user.name} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: new group: name=%{DATA:group.name}, GID=%{NUMBER:group.id}", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: new user: name=%{DATA:user.name}, UID=%{NUMBER:user.id}, GID=%{NUMBER:group.id}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$", + "%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname}? %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: %{GREEDYMULTILINE:system.auth.message}" + ] + } + }, + { + "remove": { + "field": "message" + } + }, + { + "rename": { + "field": "system.auth.message", + "target_field": "message", + "ignore_missing": true + } + }, + { + "set": { + "field": "source.ip", + "value": "{{system.auth.ssh.dropped_ip}}", + "if": "ctx.containsKey('system') && ctx.system.containsKey('auth') && ctx.system.auth.containsKey('ssh') && ctx.system.auth.ssh.containsKey('dropped_ip')" + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "system.auth.timestamp", + "target_field": "@timestamp", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss", + "ISO8601" + ], + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "system.auth.timestamp", + "target_field": "@timestamp", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss", + "ISO8601" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + } + }, + { + "remove": { + "field": "system.auth.timestamp" + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_failure": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "ignore_failure": true, + "source": "if (ctx.system.auth.ssh.event == \"Accepted\") { if (!ctx.containsKey(\"event\")) { ctx.event = [:]; } ctx.event.type = \"authentication_success\"; ctx.event.category = \"authentication\"; ctx.event.action = \"ssh_login\"; ctx.event.outcome = \"success\"; } else if (ctx.system.auth.ssh.event == \"Invalid\" || ctx.system.auth.ssh.event == \"Failed\") { if (!ctx.containsKey(\"event\")) { ctx.event = [:]; } ctx.event.type = \"authentication_failure\"; ctx.event.category = \"authentication\"; ctx.event.action = \"ssh_login\"; ctx.event.outcome = \"failure\"; }" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/fields/ecs.yml b/dev/packages/beats/system/0.0.1/dataset/auth/fields/ecs.yml new file mode 100644 index 00000000000..ef5fa4fca60 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/fields/ecs.yml @@ -0,0 +1,128 @@ +- name: '@timestamp' + level: core + required: true + type: date + description: |- + Date/time when the event originated. + This is the date/time extracted from the event, typically representing when the event was generated by the source. + If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. + Required field for all events. +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: group + title: Group + group: 2 + type: group + fields: + - name: id + level: extended + type: keyword + description: Unique identifier for the group on the system/platform. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the group. + ignore_above: 1024 +- name: host + title: Host + group: 2 + type: group + fields: + - name: hostname + level: core + type: keyword + description: |- + Hostname of the host. + It normally contains what the `hostname` command returns on the host machine. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pid + level: core + type: long + format: string + description: Process id. +- name: source + title: Source + group: 2 + type: group + fields: + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). + - name: port + level: core + type: long + format: string + description: Port of the source. +- name: user + title: User + group: 2 + type: group + fields: + - name: id + level: core + type: keyword + description: Unique identifier of the user. + ignore_above: 1024 + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/auth/fields/fields.yml new file mode 100644 index 00000000000..759d50887f4 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/fields/fields.yml @@ -0,0 +1,58 @@ +- name: system.auth + type: group + fields: + - name: ssh + type: group + fields: + - name: method + type: keyword + description: | + The SSH authentication method. Can be one of "password" or "publickey". + - name: signature + type: keyword + description: | + The signature of the client public key. + - name: dropped_ip + type: ip + description: | + The client IP from SSH connections that are open and immediately dropped. + - name: event + type: keyword + description: | + The SSH event as found in the logs (Accepted, Invalid, Failed, etc.) + - name: geoip + type: group + - name: sudo + type: group + fields: + - name: error + type: keyword + description: | + The error message in case the sudo command failed. + - name: tty + type: keyword + description: | + The TTY where the sudo command is executed. + - name: pwd + type: keyword + description: | + The current directory where the sudo command is executed. + - name: user + type: keyword + description: | + The target user to which the sudo command is switching. + - name: command + type: keyword + description: | + The command executed via sudo. + - name: useradd + type: group + fields: + - name: home + type: keyword + description: The home folder for the new user. + - name: shell + type: keyword + description: The default shell for the new user. + - name: groupadd + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/auth/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/auth/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/auth/manifest.yml new file mode 100644 index 00000000000..4f0e0a62696 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/auth/manifest.yml @@ -0,0 +1,24 @@ +title: System auth logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/auth.log* + - /var/log/secure* + os: + darwin: + default: + - /var/log/secure.log* + windows: + default: [] + template_path: log.yml.hbs + title: System auth logs (log) + description: Collect System auth logs using log input diff --git a/dev/packages/beats/system/0.0.1/dataset/core/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/core/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..54fb6d64258 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/core/agent/stream/stream.yml.hbs @@ -0,0 +1,4 @@ +metricsets: ["core"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/core/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/core/fields/fields.yml new file mode 100644 index 00000000000..55a8f3191a1 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/core/fields/fields.yml @@ -0,0 +1,80 @@ +- name: system.core + type: group + release: ga + fields: + - name: id + type: long + description: | + CPU Core number. + - name: user.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in user space. + - name: user.ticks + type: long + description: | + The amount of CPU time spent in user space. + - name: system.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in kernel space. + - name: system.ticks + type: long + description: | + The amount of CPU time spent in kernel space. + - name: nice.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent on low-priority processes. + - name: nice.ticks + type: long + description: | + The amount of CPU time spent on low-priority processes. + - name: idle.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent idle. + - name: idle.ticks + type: long + description: | + The amount of CPU time spent idle. + - name: iowait.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in wait (on disk). + - name: iowait.ticks + type: long + description: | + The amount of CPU time spent in wait (on disk). + - name: irq.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling hardware interrupts. + - name: irq.ticks + type: long + description: | + The amount of CPU time spent servicing and handling hardware interrupts. + - name: softirq.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling software interrupts. + - name: softirq.ticks + type: long + description: | + The amount of CPU time spent servicing and handling software interrupts. + - name: steal.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. + - name: steal.ticks + type: long + description: | + The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. diff --git a/dev/packages/beats/system/0.0.1/dataset/core/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/core/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/core/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/core/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/core/manifest.yml new file mode 100644 index 00000000000..18500832d15 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/core/manifest.yml @@ -0,0 +1,16 @@ +title: System core metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + title: System core metrics + description: Collect System core metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..675d42079e8 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/cpu/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["cpu"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/cpu/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/cpu/fields/fields.yml new file mode 100644 index 00000000000..001db35375a --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/cpu/fields/fields.yml @@ -0,0 +1,130 @@ +- name: system.cpu + type: group + release: ga + fields: + - name: cores + type: long + description: | + The number of CPU cores present on the host. The non-normalized percentages will have a maximum value of `100% * cores`. The normalized percentages already take this value into account and have a maximum value of 100%. + - name: user.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the `system.cpu.user.pct` will be 180%. + - name: system.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in kernel space. + - name: nice.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent on low-priority processes. + - name: idle.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent idle. + - name: iowait.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in wait (on disk). + - name: irq.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling hardware interrupts. + - name: softirq.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling software interrupts. + - name: steal.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. + - name: total.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in states other than Idle and IOWait. + - name: user.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in user space. + - name: system.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in kernel space. + - name: nice.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent on low-priority processes. + - name: idle.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent idle. + - name: iowait.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in wait (on disk). + - name: irq.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling hardware interrupts. + - name: softirq.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent servicing and handling software interrupts. + - name: steal.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. + - name: total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time in states other than Idle and IOWait, normalised by the number of cores. + - name: user.ticks + type: long + description: | + The amount of CPU time spent in user space. + - name: system.ticks + type: long + description: | + The amount of CPU time spent in kernel space. + - name: nice.ticks + type: long + description: | + The amount of CPU time spent on low-priority processes. + - name: idle.ticks + type: long + description: | + The amount of CPU time spent idle. + - name: iowait.ticks + type: long + description: | + The amount of CPU time spent in wait (on disk). + - name: irq.ticks + type: long + description: | + The amount of CPU time spent servicing and handling hardware interrupts. + - name: softirq.ticks + type: long + description: | + The amount of CPU time spent servicing and handling software interrupts. + - name: steal.ticks + type: long + description: | + The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. diff --git a/dev/packages/beats/system/0.0.1/dataset/cpu/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/cpu/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/cpu/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/cpu/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/cpu/manifest.yml new file mode 100644 index 00000000000..7532c89a051 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/cpu/manifest.yml @@ -0,0 +1,54 @@ +title: System cpu metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System cpu metrics + description: Collect System cpu metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5af9cd48742 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/diskio/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["diskio"] diff --git a/dev/packages/beats/system/0.0.1/dataset/diskio/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/diskio/fields/fields.yml new file mode 100644 index 00000000000..b241da592a5 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/diskio/fields/fields.yml @@ -0,0 +1,96 @@ +- name: system.diskio + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The disk name. + - name: serial_number + type: keyword + description: | + The disk's serial number. This may not be provided by all operating systems. + - name: read.count + type: long + description: | + The total number of reads completed successfully. + - name: write.count + type: long + description: | + The total number of writes completed successfully. + - name: read.bytes + type: long + format: bytes + description: | + The total number of bytes read successfully. On Linux this is the number of sectors read multiplied by an assumed sector size of 512. + - name: write.bytes + type: long + format: bytes + description: | + The total number of bytes written successfully. On Linux this is the number of sectors written multiplied by an assumed sector size of 512. + - name: read.time + type: long + description: | + The total number of milliseconds spent by all reads. + - name: write.time + type: long + description: | + The total number of milliseconds spent by all writes. + - name: io.time + type: long + description: | + The total number of of milliseconds spent doing I/Os. + - name: iostat.read.request.merges_per_sec + type: float + description: | + The number of read requests merged per second that were queued to the device. + - name: iostat.write.request.merges_per_sec + type: float + description: | + The number of write requests merged per second that were queued to the device. + - name: iostat.read.request.per_sec + type: float + description: | + The number of read requests that were issued to the device per second + - name: iostat.write.request.per_sec + type: float + description: | + The number of write requests that were issued to the device per second + - name: iostat.read.per_sec.bytes + type: float + format: bytes + description: | + The number of Bytes read from the device per second. + - name: iostat.read.await + type: float + description: | + The average time spent for read requests issued to the device to be served. + - name: iostat.write.per_sec.bytes + type: float + format: bytes + description: | + The number of Bytes write from the device per second. + - name: iostat.write.await + type: float + description: | + The average time spent for write requests issued to the device to be served. + - name: iostat.request.avg_size + type: float + description: | + The average size (in bytes) of the requests that were issued to the device. + - name: iostat.queue.avg_size + type: float + description: | + The average queue length of the requests that were issued to the device. + - name: iostat.await + type: float + description: | + The average time spent for requests issued to the device to be served. + - name: iostat.service_time + type: float + description: | + The average service time (in milliseconds) for I/O requests that were issued to the device. + - name: iostat.busy + type: float + description: | + Percentage of CPU time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%. diff --git a/dev/packages/beats/system/0.0.1/dataset/diskio/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/diskio/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/diskio/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/diskio/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/diskio/manifest.yml new file mode 100644 index 00000000000..3d7a9fc704d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/diskio/manifest.yml @@ -0,0 +1,7 @@ +title: System diskio metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System diskio metrics + description: Collect System diskio metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/entropy/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/entropy/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..2b170b5dafd --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/entropy/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["entropy"] diff --git a/dev/packages/beats/system/0.0.1/dataset/entropy/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/entropy/fields/fields.yml new file mode 100644 index 00000000000..289ab2b996b --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/entropy/fields/fields.yml @@ -0,0 +1,13 @@ +- name: system.entropy + type: group + release: ga + fields: + - name: available_bits + type: long + description: | + The available bits of entropy + - name: pct + type: scaled_float + format: percent + description: | + The percentage of available entropy, relative to the pool size of 4096 diff --git a/dev/packages/beats/system/0.0.1/dataset/entropy/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/entropy/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/entropy/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/entropy/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/entropy/manifest.yml new file mode 100644 index 00000000000..a0a7cf75a9e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/entropy/manifest.yml @@ -0,0 +1,7 @@ +title: System entropy metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System entropy metrics + description: Collect System entropy metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/filesystem/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/filesystem/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..527eb4100f7 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/filesystem/agent/stream/stream.yml.hbs @@ -0,0 +1,5 @@ +metricsets: ["filesystem"] +period: {{period}} +{{#if processors}} +processors: {{processors}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/fields.yml new file mode 100644 index 00000000000..c4f16b8c22e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/fields.yml @@ -0,0 +1,49 @@ +- name: system.filesystem + type: group + release: ga + fields: + - name: available + type: long + format: bytes + description: | + The disk space available to an unprivileged user in bytes. + - name: device_name + type: keyword + description: | + The disk name. For example: `/dev/disk1` + - name: type + type: keyword + description: | + The disk type. For example: `ext4` + - name: mount_point + type: keyword + description: | + The mounting point. For example: `/` + - name: files + type: long + description: | + The total number of file nodes in the file system. + - name: free + type: long + format: bytes + description: | + The disk space available in bytes. + - name: free_files + type: long + description: | + The number of free file nodes in the file system. + - name: total + type: long + format: bytes + description: | + The total disk space in bytes. + - name: used.bytes + type: long + format: bytes + description: | + The used disk space in bytes. + - name: used.pct + type: scaled_float + format: percent + description: | + The percentage of used disk space. diff --git a/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/filesystem/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/filesystem/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/filesystem/manifest.yml new file mode 100644 index 00000000000..076a6905bfe --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/filesystem/manifest.yml @@ -0,0 +1,24 @@ +title: System filesystem metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + - name: processors + type: yaml + title: Processors + multi: false + required: true + show_user: true + default: | + - drop_event.when.regexp: + system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + title: System filesystem metrics + description: Collect System filesystem metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/fsstat/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/fsstat/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c40ddb1f6aa --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/fsstat/agent/stream/stream.yml.hbs @@ -0,0 +1,5 @@ +metricsets: ["fsstat"] +period: {{period}} +{{#if processors}} +processors: {{processors}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/fields.yml new file mode 100644 index 00000000000..7926f431deb --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/fields.yml @@ -0,0 +1,29 @@ +- name: system.fsstat + type: group + release: ga + fields: + - name: count + type: long + description: Number of file systems found. + - name: total_files + type: long + description: Total number of files. + - name: total_size + type: group + format: bytes + fields: + - name: free + type: long + format: bytes + description: | + Total free space. + - name: used + type: long + format: bytes + description: | + Total used space. + - name: total + type: long + format: bytes + description: | + Total space (used plus free). diff --git a/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/fsstat/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/fsstat/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/fsstat/manifest.yml new file mode 100644 index 00000000000..8a28756bb81 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/fsstat/manifest.yml @@ -0,0 +1,24 @@ +title: System fsstat metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 1m + - name: processors + type: yaml + title: Processors + multi: false + required: true + show_user: true + default: | + - drop_event.when.regexp: + system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + title: System fsstat metrics + description: Collect System fsstat metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/load/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/load/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..c53995fbb97 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/load/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["load"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/load/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/load/fields/fields.yml new file mode 100644 index 00000000000..bd54d65c5c3 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/load/fields/fields.yml @@ -0,0 +1,32 @@ +- name: system.load + type: group + release: ga + fields: + - name: "1" + type: scaled_float + description: | + Load average for the last minute. + - name: "5" + type: scaled_float + description: | + Load average for the last 5 minutes. + - name: "15" + type: scaled_float + description: | + Load average for the last 15 minutes. + - name: norm.1 + type: scaled_float + description: | + Load for the last minute divided by the number of cores. + - name: norm.5 + type: scaled_float + description: | + Load for the last 5 minutes divided by the number of cores. + - name: norm.15 + type: scaled_float + description: | + Load for the last 15 minutes divided by the number of cores. + - name: cores + type: long + description: | + The number of CPU cores present on the host. diff --git a/dev/packages/beats/system/0.0.1/dataset/load/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/load/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/load/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/load/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/load/manifest.yml new file mode 100644 index 00000000000..fd1c930db1e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/load/manifest.yml @@ -0,0 +1,54 @@ +title: System load metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System load metrics + description: Collect System load metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/memory/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/memory/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..38a00a0f03f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/memory/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["memory"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 00000000000..0598b4df3b1 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,157 @@ +- name: system.memory + type: group + release: ga + fields: + - name: total + type: long + format: bytes + description: | + Total memory. + - name: used.bytes + type: long + format: bytes + description: | + Used memory. + - name: free + type: long + format: bytes + description: | + The total amount of free memory in bytes. This value does not include memory consumed by system caches and buffers (see system.memory.actual.free). + - name: used.pct + type: scaled_float + format: percent + description: | + The percentage of used memory. + - name: actual + type: group + fields: + - name: used.bytes + type: long + format: bytes + description: | + Actual used memory in bytes. It represents the difference between the total and the available memory. The available memory depends on the OS. For more details, please check `system.actual.free`. + - name: free + type: long + format: bytes + description: | + Actual free memory in bytes. It is calculated based on the OS. On Linux this value will be MemAvailable from /proc/meminfo, or calculated from free memory plus caches and buffers if /proc/meminfo is not available. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to `system.memory.free`. + - name: used.pct + type: scaled_float + format: percent + description: | + The percentage of actual used memory. + - name: swap + type: group + fields: + - name: total + type: long + format: bytes + description: | + Total swap memory. + - name: used.bytes + type: long + format: bytes + description: | + Used swap memory. + - name: free + type: long + format: bytes + description: | + Available swap memory. + - name: out.pages + type: long + description: count of pages swapped out + - name: in.pages + type: long + description: count of pages swapped in + - name: readahead.pages + type: long + description: swap readahead pages + - name: readahead.cached + type: long + description: swap readahead cache hits + - name: used.pct + type: scaled_float + format: percent + description: | + The percentage of used swap memory. + - name: page_stats + type: group + fields: + - name: pgscan_kswapd.pages + type: long + format: number + description: pages scanned by kswapd + - name: pgscan_direct.pages + type: long + format: number + description: pages scanned directly + - name: pgfree.pages + type: long + format: number + description: pages freed by the system + - name: pgsteal_kswapd.pages + type: long + format: number + description: number of pages reclaimed by kswapd + - name: pgsteal_direct.pages + type: long + format: number + description: number of pages reclaimed directly + - name: direct_efficiency.pct + type: scaled_float + format: percent + description: direct reclaim efficiency percentage. A lower percentage indicates + the system is struggling to reclaim memory. + - name: kswapd_efficiency.pct + type: scaled_float + format: percent + description: kswapd reclaim efficiency percentage. A lower percentage indicates + the system is struggling to reclaim memory. + - name: hugepages + type: group + fields: + - name: total + type: long + format: number + description: | + Number of huge pages in the pool. + - name: used.bytes + type: long + format: bytes + description: | + Memory used in allocated huge pages. + - name: used.pct + type: long + format: percent + description: | + Percentage of huge pages used. + - name: free + type: long + format: number + description: | + Number of available huge pages in the pool. + - name: reserved + type: long + format: number + description: | + Number of reserved but not allocated huge pages in the pool. + - name: surplus + type: long + format: number + description: | + Number of overcommited huge pages. + - name: default_size + type: long + format: bytes + description: | + Default size for huge pages. + - name: swap.out + type: group + fields: + - name: pages + type: long + description: pages swapped out + - name: fallback + type: long + description: Count of huge pages that must be split before swapout diff --git a/dev/packages/beats/system/0.0.1/dataset/memory/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/memory/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/memory/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/memory/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/memory/manifest.yml new file mode 100644 index 00000000000..04996a8256e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/memory/manifest.yml @@ -0,0 +1,54 @@ +title: System memory metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System memory metrics + description: Collect System memory metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/network/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/network/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..25d93853bae --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["network"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/network/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/network/fields/fields.yml new file mode 100644 index 00000000000..5792bbc3e92 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network/fields/fields.yml @@ -0,0 +1,42 @@ +- name: system.network + type: group + release: ga + fields: + - name: name + type: keyword + description: | + The network interface name. + - name: out.bytes + type: long + format: bytes + description: | + The number of bytes sent. + - name: in.bytes + type: long + format: bytes + description: | + The number of bytes received. + - name: out.packets + type: long + description: | + The number of packets sent. + - name: in.packets + type: long + description: | + The number or packets received. + - name: in.errors + type: long + description: | + The number of errors while receiving. + - name: out.errors + type: long + description: | + The number of errors while sending. + - name: in.dropped + type: long + description: | + The number of incoming packets that were dropped. + - name: out.dropped + type: long + description: | + The number of outgoing packets that were dropped. This value is always 0 on Darwin and BSD because it is not reported by the operating system. diff --git a/dev/packages/beats/system/0.0.1/dataset/network/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/network/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/network/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/network/manifest.yml new file mode 100644 index 00000000000..7732451312d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network/manifest.yml @@ -0,0 +1,54 @@ +title: System network metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System network metrics + description: Collect System network metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/network_summary/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/network_summary/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6a9d6534986 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network_summary/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["network_summary"] diff --git a/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/fields.yml new file mode 100644 index 00000000000..c4714dfede5 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/fields.yml @@ -0,0 +1,24 @@ +- name: system.network_summary + type: group + release: beta + fields: + - name: ip.* + type: object + description: | + IP counters + - name: tcp.* + type: object + description: | + TCP counters + - name: udp.* + type: object + description: | + UDP counters + - name: udp_lite.* + type: object + description: | + UDP Lite counters + - name: icmp.* + type: object + description: | + ICMP counters diff --git a/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network_summary/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/network_summary/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/network_summary/manifest.yml new file mode 100644 index 00000000000..7aa17bded79 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/network_summary/manifest.yml @@ -0,0 +1,7 @@ +title: System network_summary metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System network_summary metrics + description: Collect System network_summary metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/process/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/process/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..b6e6fb6ece8 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["process"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/process/fields/ecs.yml b/dev/packages/beats/system/0.0.1/dataset/process/fields/ecs.yml new file mode 100644 index 00000000000..228df6f086d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process/fields/ecs.yml @@ -0,0 +1,57 @@ +- name: process + title: Process + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pgid + level: extended + type: long + format: string + description: Identifier of the group of processes the process belongs to. + - name: pid + level: core + type: long + format: string + description: Process id. + - name: ppid + level: extended + type: long + format: string + description: Parent process' pid. + - name: working_directory + level: extended + type: keyword + description: The working directory of the process. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/system/0.0.1/dataset/process/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/process/fields/fields.yml new file mode 100644 index 00000000000..bdefa274252 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process/fields/fields.yml @@ -0,0 +1,343 @@ +- name: system.process + type: group + release: ga + fields: + - name: state + type: keyword + description: | + The process state. For example: "running". + - name: cmdline + type: keyword + description: | + The full command-line used to start the process, including the arguments separated by space. + ignore_above: 2048 + - name: env + type: object + description: | + The environment variables used to start the process. The data is available on FreeBSD, Linux, and OS X. + - name: cpu + type: group + fields: + - name: user.ticks + type: long + description: | + The amount of CPU time the process spent in user space. + - name: total.value + type: long + description: | + The value of CPU usage since starting the process. + - name: total.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last update. Its value is similar to the %CPU value of the process displayed by the top command on Unix systems. + - name: total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. + - name: system.ticks + type: long + description: | + The amount of CPU time the process spent in kernel space. + - name: total.ticks + type: long + description: | + The total CPU time spent by the process. + - name: start_time + type: date + description: | + The time when the process was started. + - name: memory + type: group + fields: + - name: size + type: long + format: bytes + description: | + The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. + - name: rss.bytes + type: long + format: bytes + description: | + The Resident Set Size. The amount of memory the process occupied in main memory (RAM). On Windows this represents the current working set size, in bytes. + - name: rss.pct + type: scaled_float + format: percent + description: | + The percentage of memory the process occupied in main memory (RAM). + - name: share + type: long + format: bytes + description: | + The shared memory the process uses. + - name: fd + type: group + fields: + - name: open + type: long + description: The number of file descriptors open by the process. + - name: limit.soft + type: long + description: | + The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. + - name: limit.hard + type: long + description: | + The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. + - name: cgroup + type: group + fields: + - name: id + type: keyword + description: | + The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. + - name: path + type: keyword + description: | + The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. + - name: cpu + type: group + fields: + - name: id + type: keyword + description: ID of the cgroup. + - name: path + type: keyword + description: | + Path to the cgroup relative to the cgroup subsystem's mountpoint. + - name: cfs.period.us + type: long + description: | + Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. + - name: cfs.quota.us + type: long + description: | + Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). + - name: cfs.shares + type: long + description: | + An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. + - name: rt.period.us + type: long + description: | + Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. + - name: rt.runtime.us + type: long + description: | + Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. + - name: stats.periods + type: long + description: | + Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. + - name: stats.throttled.periods + type: long + description: | + Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). + - name: stats.throttled.ns + type: long + description: | + The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. + - name: cpuacct + type: group + fields: + - name: id + type: keyword + description: ID of the cgroup. + - name: path + type: keyword + description: | + Path to the cgroup relative to the cgroup subsystem's mountpoint. + - name: total.ns + type: long + description: | + Total CPU time in nanoseconds consumed by all tasks in the cgroup. + - name: stats.user.ns + type: long + description: CPU time consumed by tasks in user mode. + - name: stats.system.ns + type: long + description: CPU time consumed by tasks in user (kernel) mode. + - name: percpu + type: object + description: | + CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. + - name: memory + type: group + fields: + - name: id + type: keyword + description: ID of the cgroup. + - name: path + type: keyword + description: | + Path to the cgroup relative to the cgroup subsystem's mountpoint. + - name: mem.usage.bytes + type: long + format: bytes + description: | + Total memory usage by processes in the cgroup (in bytes). + - name: mem.usage.max.bytes + type: long + format: bytes + description: | + The maximum memory used by processes in the cgroup (in bytes). + - name: mem.limit.bytes + type: long + format: bytes + description: | + The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. + - name: mem.failures + type: long + description: | + The number of times that the memory limit (mem.limit.bytes) was reached. + - name: memsw.usage.bytes + type: long + format: bytes + description: | + The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). + - name: memsw.usage.max.bytes + type: long + format: bytes + description: | + The maximum amount of memory and swap space used by processes in the cgroup (in bytes). + - name: memsw.limit.bytes + type: long + format: bytes + description: | + The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. + - name: memsw.failures + type: long + description: | + The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. + - name: kmem.usage.bytes + type: long + format: bytes + description: | + Total kernel memory usage by processes in the cgroup (in bytes). + - name: kmem.usage.max.bytes + type: long + format: bytes + description: | + The maximum kernel memory used by processes in the cgroup (in bytes). + - name: kmem.limit.bytes + type: long + format: bytes + description: | + The maximum amount of kernel memory that tasks in the cgroup are allowed to use. + - name: kmem.failures + type: long + description: | + The number of times that the memory limit (kmem.limit.bytes) was reached. + - name: kmem_tcp.usage.bytes + type: long + format: bytes + description: | + Total memory usage for TCP buffers in bytes. + - name: kmem_tcp.usage.max.bytes + type: long + format: bytes + description: | + The maximum memory used for TCP buffers by processes in the cgroup (in bytes). + - name: kmem_tcp.limit.bytes + type: long + format: bytes + description: | + The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. + - name: kmem_tcp.failures + type: long + description: | + The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. + - name: stats.active_anon.bytes + type: long + format: bytes + description: | + Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. + - name: stats.active_file.bytes + type: long + format: bytes + description: File-backed memory on active LRU list, in bytes. + - name: stats.cache.bytes + type: long + format: bytes + description: Page cache, including tmpfs (shmem), in bytes. + - name: stats.hierarchical_memory_limit.bytes + type: long + format: bytes + description: | + Memory limit for the hierarchy that contains the memory cgroup, in bytes. + - name: stats.hierarchical_memsw_limit.bytes + type: long + format: bytes + description: | + Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. + - name: stats.inactive_anon.bytes + type: long + format: bytes + description: | + Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes + - name: stats.inactive_file.bytes + type: long + format: bytes + description: | + File-backed memory on inactive LRU list, in bytes. + - name: stats.mapped_file.bytes + type: long + format: bytes + description: | + Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. + - name: stats.page_faults + type: long + description: | + Number of times that a process in the cgroup triggered a page fault. + - name: stats.major_page_faults + type: long + description: | + Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. + - name: stats.pages_in + type: long + description: | + Number of pages paged into memory. This is a counter. + - name: stats.pages_out + type: long + description: | + Number of pages paged out of memory. This is a counter. + - name: stats.rss.bytes + type: long + format: bytes + description: | + Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. + - name: stats.rss_huge.bytes + type: long + format: bytes + description: | + Number of bytes of anonymous transparent hugepages. + - name: stats.swap.bytes + type: long + format: bytes + description: | + Swap usage, in bytes. + - name: stats.unevictable.bytes + type: long + format: bytes + description: | + Memory that cannot be reclaimed, in bytes. + - name: blkio + type: group + fields: + - name: id + type: keyword + description: ID of the cgroup. + - name: path + type: keyword + description: | + Path to the cgroup relative to the cgroup subsystems mountpoint. + - name: total.bytes + type: long + format: bytes + description: | + Total number of bytes transferred to and from all block devices by processes in the cgroup. + - name: total.ios + type: long + description: | + Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/dev/packages/beats/system/0.0.1/dataset/process/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/process/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/process/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/process/manifest.yml new file mode 100644 index 00000000000..726fcc1bc02 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process/manifest.yml @@ -0,0 +1,54 @@ +title: System process metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System process metrics + description: Collect System process metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/process_summary/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/process_summary/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..807de6cb438 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process_summary/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["process_summary"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/fields.yml new file mode 100644 index 00000000000..3ba34f85162 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/fields.yml @@ -0,0 +1,37 @@ +- name: system.process.summary + title: Process Summary + type: group + release: ga + fields: + - name: total + type: long + description: | + Total number of processes on this host. + - name: running + type: long + description: | + Number of running processes on this host. + - name: idle + type: long + description: | + Number of idle processes on this host. + - name: sleeping + type: long + description: | + Number of sleeping processes on this host. + - name: stopped + type: long + description: | + Number of stopped processes on this host. + - name: zombie + type: long + description: | + Number of zombie processes on this host. + - name: dead + type: long + description: | + Number of dead processes on this host. It's very unlikely that it will appear but in some special situations it may happen. + - name: unknown + type: long + description: | + Number of processes for which the state couldn't be retrieved or is unknown. diff --git a/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process_summary/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/process_summary/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/process_summary/manifest.yml new file mode 100644 index 00000000000..bf2765f2488 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/process_summary/manifest.yml @@ -0,0 +1,54 @@ +title: System process_summary metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System process_summary metrics + description: Collect System process_summary metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/raid/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/raid/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f5b19aaa245 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/raid/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["raid"] diff --git a/dev/packages/beats/system/0.0.1/dataset/raid/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/raid/fields/fields.yml new file mode 100644 index 00000000000..3cb4957034c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/raid/fields/fields.yml @@ -0,0 +1,47 @@ +- name: system.raid + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Name of the device. + - name: status + type: keyword + description: | + activity-state of the device. + - name: level + type: keyword + description: | + The raid level of the device + - name: sync_action + type: keyword + description: "Current sync action, if the RAID array is redundant \n" + - name: disks.active + type: long + description: | + Number of active disks. + - name: disks.total + type: long + description: | + Total number of disks the device consists of. + - name: disks.spare + type: long + description: | + Number of spared disks. + - name: disks.failed + type: long + description: | + Number of failed disks. + - name: disks.states.* + type: object + description: | + map of raw disk states + - name: blocks.total + type: long + description: | + Number of blocks the device holds, in 1024-byte blocks. + - name: blocks.synced + type: long + description: | + Number of blocks on the device that are in sync, in 1024-byte blocks. diff --git a/dev/packages/beats/system/0.0.1/dataset/raid/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/raid/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/raid/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/raid/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/raid/manifest.yml new file mode 100644 index 00000000000..352db097036 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/raid/manifest.yml @@ -0,0 +1,7 @@ +title: System raid metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System raid metrics + description: Collect System raid metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/service/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/service/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..57b853f1518 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/service/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["service"] diff --git a/dev/packages/beats/system/0.0.1/dataset/service/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/service/fields/fields.yml new file mode 100644 index 00000000000..0908fcf8117 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/service/fields/fields.yml @@ -0,0 +1,52 @@ +- name: system.service + type: group + release: beta + fields: + - name: name + type: keyword + description: The name of the service + - name: load_state + type: keyword + description: The load state of the service + - name: state + type: keyword + description: The activity state of the service + - name: sub_state + type: keyword + description: The sub-state of the service + - name: state_since + type: date + description: The timestamp of the last state change. If the service is active + and running, this is its uptime. + - name: exec_code + type: keyword + description: The SIGCHLD code from the service's main process + - name: resources + type: group + fields: + - name: cpu.usage.ns + type: long + description: CPU usage in nanoseconds + - name: memory.usage.bytes + type: long + description: memory usage in bytes + - name: tasks.count + type: long + description: number of tasks associated with the service + - name: network + type: group + fields: + - name: in.bytes + type: long + format: bytes + description: bytes in + - name: in.packets + type: long + format: bytes + description: packets in + - name: out.packets + type: long + description: packets out + - name: out.bytes + type: long + description: bytes out diff --git a/dev/packages/beats/system/0.0.1/dataset/service/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/service/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/service/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/service/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/service/manifest.yml new file mode 100644 index 00000000000..8d680ce4c7e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/service/manifest.yml @@ -0,0 +1,7 @@ +title: System service metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System service metrics + description: Collect System service metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/socket/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/socket/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d93dfa0c4a0 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["socket"] diff --git a/dev/packages/beats/system/0.0.1/dataset/socket/fields/ecs.yml b/dev/packages/beats/system/0.0.1/dataset/socket/fields/ecs.yml new file mode 100644 index 00000000000..668d407ee48 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket/fields/ecs.yml @@ -0,0 +1,79 @@ +- name: network + title: Network + group: 2 + type: group + fields: + - name: direction + level: core + type: keyword + description: |- + Direction of the network traffic. + Recommended values are: + * inbound + * outbound + * internal + * external + * unknown + + When mapping events from a host-based monitoring context, populate this field from the host's point of view. + When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. + ignore_above: 1024 + - name: type + level: core + type: keyword + description: |- + In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: executable + level: extended + type: keyword + description: Absolute path to the process executable. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pid + level: core + type: long + format: string + description: Process id. +- name: user + title: User + group: 2 + type: group + fields: + - name: full_name + level: extended + type: keyword + description: User's full name, if available. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: id + level: core + type: keyword + description: Unique identifier of the user. + ignore_above: 1024 diff --git a/dev/packages/beats/system/0.0.1/dataset/socket/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/socket/fields/fields.yml new file mode 100644 index 00000000000..9ee7f89bd25 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket/fields/fields.yml @@ -0,0 +1,36 @@ +- name: system.socket + type: group + release: ga + fields: + - name: local.ip + type: ip + description: | + Local IP address. This can be an IPv4 or IPv6 address. + - name: local.port + type: long + description: | + Local port. + - name: remote.ip + type: ip + description: | + Remote IP address. This can be an IPv4 or IPv6 address. + - name: remote.port + type: long + description: | + Remote port. + - name: remote.host + type: keyword + description: | + PTR record associated with the remote IP. It is obtained via reverse IP lookup. + - name: remote.etld_plus_one + type: keyword + description: | + The effective top-level domain (eTLD) of the remote host plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org. + - name: remote.host_error + type: keyword + description: | + Error describing the cause of the reverse lookup failure. + - name: process.cmdline + type: keyword + description: | + Full command line diff --git a/dev/packages/beats/system/0.0.1/dataset/socket/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/socket/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/socket/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/socket/manifest.yml new file mode 100644 index 00000000000..3ad6d2eced2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket/manifest.yml @@ -0,0 +1,7 @@ +title: System socket metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System socket metrics + description: Collect System socket metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/socket_summary/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/socket_summary/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5e84600fc9c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket_summary/agent/stream/stream.yml.hbs @@ -0,0 +1,17 @@ +metricsets: ["socket_summary"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if process.include_top_n.by_cpu}} +process.include_top_n.by_cpu: {{process.include_top_n.by_cpu}} +{{/if}} +{{#if process.include_top_n.by_memory}} +process.include_top_n.by_memory: {{process.include_top_n.by_memory}} +{{/if}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/fields.yml new file mode 100644 index 00000000000..8be788dc6e8 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/fields.yml @@ -0,0 +1,92 @@ +- name: system.socket.summary + title: Socket summary + type: group + release: ga + fields: + - name: all + type: group + fields: + - name: count + type: integer + description: | + All open connections + - name: listening + type: integer + description: | + All listening ports + - name: tcp + type: group + fields: + - name: memory + type: integer + format: bytes + description: "Memory used by TCP sockets in bytes, based on number of allocated + pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/tcp_mem. + Only available on Linux. \n" + - name: all + type: group + fields: + - name: orphan + type: integer + description: | + A count of all orphaned tcp sockets. Only available on Linux. + - name: count + type: integer + description: | + All open TCP connections + - name: listening + type: integer + description: | + All TCP listening ports + - name: established + type: integer + description: | + Number of established TCP connections + - name: close_wait + type: integer + description: | + Number of TCP connections in _close_wait_ state + - name: time_wait + type: integer + description: | + Number of TCP connections in _time_wait_ state + - name: syn_sent + type: integer + description: | + Number of TCP connections in _syn_sent_ state + - name: syn_recv + type: integer + description: | + Number of TCP connections in _syn_recv_ state + - name: fin_wait1 + type: integer + description: | + Number of TCP connections in _fin_wait1_ state + - name: fin_wait2 + type: integer + description: | + Number of TCP connections in _fin_wait2_ state + - name: last_ack + type: integer + description: | + Number of TCP connections in _last_ack_ state + - name: closing + type: integer + description: | + Number of TCP connections in _closing_ state + - name: udp + type: group + fields: + - name: memory + type: integer + format: bytes + description: "Memory used by UDP sockets in bytes, based on number of allocated + pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/udp_mem. + Only available on Linux. \n" + - name: all + type: group + fields: + - name: count + type: integer + description: | + All open UDP connections diff --git a/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket_summary/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/socket_summary/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/socket_summary/manifest.yml new file mode 100644 index 00000000000..027a9ed979f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/socket_summary/manifest.yml @@ -0,0 +1,54 @@ +title: System socket_summary metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: process.include_top_n.by_cpu + type: integer + title: Process Include Top N By Cpu + multi: false + required: true + show_user: true + default: 5 + - name: process.include_top_n.by_memory + type: integer + title: Process Include Top N By Memory + multi: false + required: true + show_user: true + default: 5 + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System socket_summary metrics + description: Collect System socket_summary metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/agent/stream/log.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/syslog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..59cd1f92bc7 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/agent/stream/log.yml.hbs @@ -0,0 +1,10 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +multiline: + pattern: "^\\s" + match: after +processors: +- add_locale: ~ \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/system/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..0c614b8a957 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,71 @@ +{ + "description": "Pipeline for parsing Syslog messages.", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "%{SYSLOGTIMESTAMP:system.syslog.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: %{GREEDYMULTILINE:system.syslog.message}", + "%{SYSLOGTIMESTAMP:system.syslog.timestamp} %{GREEDYMULTILINE:system.syslog.message}", + "%{TIMESTAMP_ISO8601:system.syslog.timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(?:\\[%{POSINT:process.pid:long}\\])?: %{GREEDYMULTILINE:system.syslog.message}" + ], + "pattern_definitions" : { + "GREEDYMULTILINE" : "(.|\n)*" + }, + "ignore_missing": true + } + }, + { + "remove": { + "field": "message" + } + }, + { + "rename": { + "field": "system.syslog.message", + "target_field": "message", + "ignore_missing": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "system.syslog.timestamp", + "target_field": "@timestamp", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss", + "MMM d HH:mm:ss", + "ISO8601" + ], + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "system.syslog.timestamp", + "target_field": "@timestamp", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss", + "MMM d HH:mm:ss", + "ISO8601" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + } + }, + { + "remove": { + "field": "system.syslog.timestamp" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/fields/ecs.yml b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/ecs.yml new file mode 100644 index 00000000000..4f012973023 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/ecs.yml @@ -0,0 +1,50 @@ +- name: '@timestamp' + level: core + required: true + type: date + description: |- + Date/time when the event originated. + This is the date/time extracted from the event, typically representing when the event was generated by the source. + If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. + Required field for all events. +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: host + title: Host + group: 2 + type: group + fields: + - name: hostname + level: core + type: keyword + description: |- + Hostname of the host. + It normally contains what the `hostname` command returns on the host machine. + ignore_above: 1024 +- name: process + title: Process + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: |- + Process name. + Sometimes called program name or similar. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: pid + level: core + type: long + format: string + description: Process id. diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/fields.yml new file mode 100644 index 00000000000..f9336869308 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/fields.yml @@ -0,0 +1,2 @@ +- name: system.syslog + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/syslog/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/syslog/manifest.yml new file mode 100644 index 00000000000..8cde242dde8 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/syslog/manifest.yml @@ -0,0 +1,24 @@ +title: System syslog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/messages* + - /var/log/syslog* + os: + darwin: + default: + - /var/log/system.log* + windows: + default: [] + template_path: log.yml.hbs + title: System syslog logs (log) + description: Collect System syslog logs using log input diff --git a/dev/packages/beats/system/0.0.1/dataset/uptime/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/uptime/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..cd579caf842 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/uptime/agent/stream/stream.yml.hbs @@ -0,0 +1,11 @@ +metricsets: ["uptime"] +{{#if core.metrics}} +core.metrics: {{core.metrics}} +{{/if}} +{{#if cpu.metrics}} +cpu.metrics: {{cpu.metrics}} +{{/if}} +period: {{period}} +{{#if processes}} +processes: {{processes}} +{{/if}} diff --git a/dev/packages/beats/system/0.0.1/dataset/uptime/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/uptime/fields/fields.yml new file mode 100644 index 00000000000..27e07516628 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/uptime/fields/fields.yml @@ -0,0 +1,9 @@ +- name: system.uptime + type: group + release: ga + fields: + - name: duration.ms + type: long + format: duration + description: | + The OS uptime in milliseconds. diff --git a/dev/packages/beats/system/0.0.1/dataset/uptime/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/uptime/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/uptime/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/uptime/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/uptime/manifest.yml new file mode 100644 index 00000000000..5a0e0b7d598 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/uptime/manifest.yml @@ -0,0 +1,40 @@ +title: System uptime metrics +release: experimental +type: metrics +streams: +- input: system/metrics + vars: + - name: core.metrics + type: text + title: Core Metrics + multi: true + required: true + show_user: true + default: + - percentages + - name: cpu.metrics + type: text + title: Cpu Metrics + multi: true + required: true + show_user: true + default: + - percentages + - normalized_percentages + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + - name: processes + type: text + title: Processes + multi: true + required: true + show_user: true + default: + - .* + title: System uptime metrics + description: Collect System uptime metrics diff --git a/dev/packages/beats/system/0.0.1/dataset/users/agent/stream/stream.yml.hbs b/dev/packages/beats/system/0.0.1/dataset/users/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..0a772dc2d47 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/users/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["users"] diff --git a/dev/packages/beats/system/0.0.1/dataset/users/fields/fields.yml b/dev/packages/beats/system/0.0.1/dataset/users/fields/fields.yml new file mode 100644 index 00000000000..a156b1fe552 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/users/fields/fields.yml @@ -0,0 +1,44 @@ +- name: system.users + type: group + release: beta + fields: + - name: id + type: keyword + description: | + The ID of the session + - name: seat + type: keyword + description: | + An associated logind seat + - name: path + type: keyword + description: | + The DBus object path of the session + - name: type + type: keyword + description: | + The type of the user session + - name: service + type: keyword + description: | + A session associated with the service + - name: remote + type: boolean + description: | + A bool indicating a remote session + - name: state + type: keyword + description: | + The current state of the session + - name: scope + type: keyword + description: | + The associated systemd scope + - name: leader + type: long + description: | + The root PID of the session + - name: remote_host + type: keyword + description: | + A remote host address for the session diff --git a/dev/packages/beats/system/0.0.1/dataset/users/fields/package-fields.yml b/dev/packages/beats/system/0.0.1/dataset/users/fields/package-fields.yml new file mode 100644 index 00000000000..1ebd34f71e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/users/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: system + type: group diff --git a/dev/packages/beats/system/0.0.1/dataset/users/manifest.yml b/dev/packages/beats/system/0.0.1/dataset/users/manifest.yml new file mode 100644 index 00000000000..9ba7b5c2c12 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/dataset/users/manifest.yml @@ -0,0 +1,7 @@ +title: System users metrics +release: experimental +type: metrics +streams: +- input: system/metrics + title: System users metrics + description: Collect System users metrics diff --git a/dev/packages/beats/system/0.0.1/docs/README.md b/dev/packages/beats/system/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/img/kibana-system.png b/dev/packages/beats/system/0.0.1/img/kibana-system.png new file mode 100644 index 00000000000..8741a566241 Binary files /dev/null and b/dev/packages/beats/system/0.0.1/img/kibana-system.png differ diff --git a/dev/packages/beats/system/0.0.1/img/metricbeat-services-host.png b/dev/packages/beats/system/0.0.1/img/metricbeat-services-host.png new file mode 100644 index 00000000000..bc8d1814f8b Binary files /dev/null and b/dev/packages/beats/system/0.0.1/img/metricbeat-services-host.png differ diff --git a/dev/packages/beats/system/0.0.1/img/metricbeat_system_dashboard.png b/dev/packages/beats/system/0.0.1/img/metricbeat_system_dashboard.png new file mode 100644 index 00000000000..2ff6ad8bd02 Binary files /dev/null and b/dev/packages/beats/system/0.0.1/img/metricbeat_system_dashboard.png differ diff --git a/dev/packages/beats/system/0.0.1/img/system.svg b/dev/packages/beats/system/0.0.1/img/system.svg new file mode 100644 index 00000000000..0aba96275e2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/img/system.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json new file mode 100644 index 00000000000..d5a577e8efb --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json @@ -0,0 +1,173 @@ +{ + "attributes": { + "description": "New users and groups dashboard for the System integration in Logs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "7", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs System] New users and groups ECS", + "version": 1 + }, + "id": "0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs", + "references": [ + { + "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e121b140-fa78-11e6-a1df-a78bd7504d38-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "12667040-fa80-11e6-a1df-a78bd7504d38-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "346bb290-fa80-11e6-a1df-a78bd7504d38-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json new file mode 100644 index 00000000000..5e6ef90c15b --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "description": "Sudo commands dashboard from the Logs System integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "1", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 48, + "x": 0, + "y": 36 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "3", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs System] Sudo commands ECS", + "version": 1 + }, + "id": "277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs", + "references": [ + { + "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json new file mode 100644 index 00000000000..bbab8d0e09d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json @@ -0,0 +1,176 @@ +{ + "attributes": { + "description": "SSH dashboard for the System integration in Logs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapBounds": { + "bottom_right": { + "lat": 10.31491928581316, + "lon": 74.53125 + }, + "top_left": { + "lat": 60.50052541051131, + "lon": -27.94921875 + } + }, + "mapCenter": [ + 39.774769485295465, + 23.203125 + ], + "mapCollar": { + "bottom_right": { + "lat": -14.777884999999998, + "lon": 125.771485 + }, + "top_left": { + "lat": 85.593335, + "lon": -79.189455 + }, + "zoom": 3 + }, + "mapZoom": 3 + }, + "gridData": { + "h": 16, + "i": "4", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "user.name", + "source.ip", + "source.geo.country_iso_code" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "5", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "6", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs System] SSH login attempts ECS", + "version": 1 + }, + "id": "5517a150-f9ce-11e6-8115-a7c18106d86a-ecs", + "references": [ + { + "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "62439dc0-f9c9-11e6-a747-6121780e0414-ecs", + "name": "panel_4", + "type": "search" + }, + { + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json new file mode 100644 index 00000000000..f2ed7d82dee --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json @@ -0,0 +1,449 @@ +{ + "attributes": { + "description": "Overview of host metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "host.name:\"CHANGEME_HOSTNAME\"" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 55 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 55 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 70 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 70 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 0, + "y": 25 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "9", + "w": 8, + "x": 16, + "y": 5 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "10", + "w": 8, + "x": 0, + "y": 5 + }, + "panelIndex": "10", + "panelRefName": "panel_9", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "11", + "w": 8, + "x": 8, + "y": 5 + }, + "panelIndex": "11", + "panelRefName": "panel_10", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "12", + "w": 8, + "x": 24, + "y": 5 + }, + "panelIndex": "12", + "panelRefName": "panel_11", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "13", + "w": 8, + "x": 32, + "y": 5 + }, + "panelIndex": "13", + "panelRefName": "panel_12", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "14", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "14", + "panelRefName": "panel_13", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "16", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "16", + "panelRefName": "panel_14", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "21", + "w": 8, + "x": 0, + "y": 15 + }, + "panelIndex": "21", + "panelRefName": "panel_15", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "22", + "w": 8, + "x": 8, + "y": 15 + }, + "panelIndex": "22", + "panelRefName": "panel_16", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "23", + "w": 8, + "x": 24, + "y": 15 + }, + "panelIndex": "23", + "panelRefName": "panel_17", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 10, + "i": "25", + "w": 8, + "x": 40, + "y": 5 + }, + "panelIndex": "25", + "panelRefName": "panel_18", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "27", + "w": 24, + "x": 0, + "y": 85 + }, + "panelIndex": "27", + "panelRefName": "panel_19", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "28", + "w": 24, + "x": 24, + "y": 85 + }, + "panelIndex": "28", + "panelRefName": "panel_20", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 10, + "i": "29", + "w": 8, + "x": 16, + "y": 15 + }, + "panelIndex": "29", + "panelRefName": "panel_21", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "30", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "30", + "panelRefName": "panel_22", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics System] Host overview ECS", + "version": 1 + }, + "id": "79ffd6e0-faa0-11e6-947f-177f697178b8-ecs", + "references": [ + { + "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "4d546850-1b15-11e7-b09e-037021c4f8df-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "2e224660-1b19-11e7-b09e-037021c4f8df-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "System-Navigation-ecs", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "96976150-4d5d-11e7-aa29-87a97a796de6-ecs", + "name": "panel_18", + "type": "visualization" + }, + { + "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs", + "name": "panel_19", + "type": "visualization" + }, + { + "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs", + "name": "panel_20", + "type": "visualization" + }, + { + "id": "590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs", + "name": "panel_21", + "type": "visualization" + }, + { + "id": "3d65d450-a9c3-11e7-af20-67db8aecb295-ecs", + "name": "panel_22", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json new file mode 100644 index 00000000000..24bf797e868 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json @@ -0,0 +1,128 @@ +{ + "attributes": { + "description": "Overview of container metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "3", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics System] Containers overview ECS", + "version": 1 + }, + "id": "CPU-slash-Memory-per-container-ecs", + "references": [ + { + "id": "Container-CPU-usage-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "System-Navigation-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Container-Memory-stats-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Container-Block-IO-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json new file mode 100644 index 00000000000..a157ff23265 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "description": "Syslog dashboard from the Logs System integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "1", + "w": 32, + "x": 0, + "y": 4 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "2", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "host.hostname", + "process.name", + "message" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 28, + "i": "3", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs System] Syslog dashboard ECS", + "version": 1 + }, + "id": "Logs-syslog-dashboard-ecs", + "references": [ + { + "id": "Syslog-events-by-hostname-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Syslog-hostnames-and-processes-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "Syslog-system-logs-ecs", + "name": "panel_2", + "type": "search" + }, + { + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/Metricbeat-system-overview-ecs.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/Metricbeat-system-overview-ecs.json new file mode 100644 index 00000000000..c28f828c5b6 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/Metricbeat-system-overview-ecs.json @@ -0,0 +1,236 @@ +{ + "attributes": { + "description": "Overview of system metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "9", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "9", + "panelRefName": "panel_0", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 8, + "x": 0, + "y": 4 + }, + "panelIndex": "11", + "panelRefName": "panel_1", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "12", + "panelRefName": "panel_2", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "13", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "panelRefName": "panel_3", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0% - 15%": "rgb(247,252,245)", + "15% - 30%": "rgb(199,233,192)", + "30% - 45%": "rgb(116,196,118)", + "45% - 60%": "rgb(35,139,69)" + } + } + }, + "gridData": { + "h": 24, + "i": "14", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "14", + "panelRefName": "panel_4", + "version": "7.6.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 8, + "x": 32, + "y": 4 + }, + "panelIndex": "16", + "panelRefName": "panel_5", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "17", + "panelRefName": "panel_6", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "18", + "w": 8, + "x": 24, + "y": 4 + }, + "panelIndex": "18", + "panelRefName": "panel_7", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "19", + "w": 8, + "x": 16, + "y": 4 + }, + "panelIndex": "19", + "panelRefName": "panel_8", + "version": "7.6.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 8, + "y": 4 + }, + "panelIndex": "20", + "panelRefName": "panel_9", + "version": "7.6.0" + } + ], + "timeRestore": false, + "title": "[Metrics System] Overview ECS", + "version": 1 + }, + "id": "Metrics-system-overview-ecs", + "references": [ + { + "id": "System-Navigation-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "855899e0-1b1c-11e7-b09e-037021c4f8df-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "name": "panel_9", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..1082bb0aab0 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "Overview of services on an individual host.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Running Services" + }, + "gridData": { + "h": 11, + "i": "023b7623-9610-47ee-a10c-64ee8d2ccfa1", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "023b7623-9610-47ee-a10c-64ee8d2ccfa1", + "panelRefName": "panel_0", + "title": "Running Services", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Service States" + }, + "gridData": { + "h": 11, + "i": "40ebab84-f48f-4060-a7af-3ffdf833ad3a", + "w": 12, + "x": 14, + "y": 0 + }, + "panelIndex": "40ebab84-f48f-4060-a7af-3ffdf833ad3a", + "panelRefName": "panel_1", + "title": "Service States", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Service Sub-State" + }, + "gridData": { + "h": 11, + "i": "0ad1caa8-2a3f-4429-9631-42d1c57a9e64", + "w": 12, + "x": 26, + "y": 0 + }, + "panelIndex": "0ad1caa8-2a3f-4429-9631-42d1c57a9e64", + "panelRefName": "panel_2", + "title": "Service Sub-State", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Return Codes Of Exited Services" + }, + "gridData": { + "h": 11, + "i": "9e37921b-da6f-464d-9683-5c9bd550640b", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "9e37921b-da6f-464d-9683-5c9bd550640b", + "panelRefName": "panel_3", + "title": "Return Codes Of Exited Services", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Services By Memory Usage" + }, + "gridData": { + "h": 11, + "i": "e3ec1fe3-a03a-466e-8bc2-69136e3e6302", + "w": 24, + "x": 0, + "y": 11 + }, + "panelIndex": "e3ec1fe3-a03a-466e-8bc2-69136e3e6302", + "panelRefName": "panel_4", + "title": "Top Services By Memory Usage", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Top Services By Task Count" + }, + "gridData": { + "h": 11, + "i": "cc928f52-22c9-402d-a7a1-4f32720a4290", + "w": 24, + "x": 24, + "y": 11 + }, + "panelIndex": "cc928f52-22c9-402d-a7a1-4f32720a4290", + "panelRefName": "panel_5", + "title": "Top Services By Task Count", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "title": "Service Memory Use Over Time" + }, + "gridData": { + "h": 14, + "i": "c83f16cd-286f-411b-bae9-bade176a8db2", + "w": 48, + "x": 0, + "y": 22 + }, + "panelIndex": "c83f16cd-286f-411b-bae9-bade176a8db2", + "panelRefName": "panel_6", + "title": "Service Memory Use Over Time", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics System] Host Services Overview", + "version": 1 + }, + "id": "c431f410-f9ac-11e9-90e8-1fb18e796788", + "references": [ + { + "id": "a30871f0-f98f-11e9-90e8-1fb18e796788", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "bb3a8720-f991-11e9-90e8-1fb18e796788", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "e6e639e0-f992-11e9-90e8-1fb18e796788", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9c69cad0-f9b0-11e9-90e8-1fb18e796788", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "8c071e20-f999-11e9-90e8-1fb18e796788", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "4b254630-f998-11e9-90e8-1fb18e796788", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d3f51850-f9b6-11e9-90e8-1fb18e796788", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json b/dev/packages/beats/system/0.0.1/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json new file mode 100644 index 00000000000..a37c0083ea7 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json @@ -0,0 +1,41 @@ +{ + "attributes": { + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "user.name", + "source.ip", + "source.geo.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:system.auth AND system.auth.ssh.event:*" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "SSH login attempts [Logs System] ECS", + "version": 1 + }, + "id": "62439dc0-f9c9-11e6-a747-6121780e0414-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/beats/system/0.0.1/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json new file mode 100644 index 00000000000..4789b9be44e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json @@ -0,0 +1,41 @@ +{ + "attributes": { + "columns": [ + "user.name", + "user.id", + "group.id", + "system.auth.useradd.home", + "system.auth.useradd.shell" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.useradd:*" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "useradd logs [Logs System] ECS", + "version": 1 + }, + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/search/Syslog-system-logs-ecs.json b/dev/packages/beats/system/0.0.1/kibana/search/Syslog-system-logs-ecs.json new file mode 100644 index 00000000000..f3b7e475a45 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/search/Syslog-system-logs-ecs.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "columns": [ + "host.hostname", + "process.name", + "message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:system.syslog" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Syslog logs [Logs System] ECS", + "version": 1 + }, + "id": "Syslog-system-logs-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json new file mode 100644 index 00000000000..f2850d2608c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "columns": [ + "user.name", + "system.auth.sudo.user", + "system.auth.sudo.pwd", + "system.auth.sudo.command" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.sudo:*" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Sudo commands [Logs System] ECS", + "version": 1 + }, + "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/beats/system/0.0.1/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json new file mode 100644 index 00000000000..898404e041e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "group.name", + "group.id" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.groupadd:*" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "groupadd logs [Logs System] ECS", + "version": 1 + }, + "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..2c5b6e37163 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Traffic (Bytes) [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "-system.network.name:l*" + }, + "id": "da1046f0-faa0-11e6-86b1-cd7735ff7e23", + "index_pattern": "*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "1", + "formatter": "bytes", + "id": "da1046f1-faa0-11e6-86b1-cd7735ff7e23", + "label": "Inbound ", + "line_width": "0", + "metrics": [ + { + "field": "system.network.in.bytes", + "id": "da1046f2-faa0-11e6-86b1-cd7735ff7e23", + "type": "max" + }, + { + "field": "da1046f2-faa0-11e6-86b1-cd7735ff7e23", + "id": "f41f9280-faa0-11e6-86b1-cd7735ff7e23", + "type": "derivative", + "unit": "1s" + }, + { + "field": "f41f9280-faa0-11e6-86b1-cd7735ff7e23", + "id": "a87398e0-1b93-11e7-8ada-3df93aab833e", + "type": "positive_only", + "unit": "" + }, + { + "function": "sum", + "id": "2d533df0-2c2d-11e7-be71-3162da85303f", + "type": "series_agg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(250,40,255,1)", + "fill": "1", + "formatter": "bytes", + "id": "fbbd5720-faa0-11e6-86b1-cd7735ff7e23", + "label": "Outbound ", + "line_width": "0", + "metrics": [ + { + "field": "system.network.out.bytes", + "id": "fbbd7e30-faa0-11e6-86b1-cd7735ff7e23", + "type": "max" + }, + { + "field": "fbbd7e30-faa0-11e6-86b1-cd7735ff7e23", + "id": "fbbd7e31-faa0-11e6-86b1-cd7735ff7e23", + "type": "derivative", + "unit": "1s" + }, + { + "id": "17e597a0-faa1-11e6-86b1-cd7735ff7e23", + "script": "params.rate != null \u0026\u0026 params.rate \u003e 0 ? params.rate * -1 : null", + "type": "calculation", + "variables": [ + { + "field": "fbbd7e31-faa0-11e6-86b1-cd7735ff7e23", + "id": "1940bad0-faa1-11e6-86b1-cd7735ff7e23", + "name": "rate" + } + ] + }, + { + "function": "sum", + "id": "533da9b0-2c2d-11e7-be71-3162da85303f", + "type": "series_agg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Mericbeat: Network Traffic (Bytes) ECS", + "type": "metrics" + } + }, + "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json new file mode 100644 index 00000000000..90427a80a8e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New groups [Logs System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "group.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "group.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "New groups ECS", + "type": "table" + } + }, + "id": "12667040-fa80-11e6-a1df-a78bd7504d38-ecs", + "references": [ + { + "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json new file mode 100644 index 00000000000..0d70bcd50cc --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Swap usage [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "", + "gauge_color_rules": [ + { + "gauge": "rgba(104,188,0,1)", + "id": "d17c1e90-4d59-11e7-aee5-fdc812cc3bec", + "operator": "gte", + "value": 0 + }, + { + "gauge": "rgba(251,158,0,1)", + "id": "fc1d3490-4d59-11e7-aee5-fdc812cc3bec", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(211,49,21,1)", + "id": "0e204240-4d5a-11e7-aee5-fdc812cc3bec", + "operator": "gte", + "value": 0.85 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "id": "cee2fd20-4d59-11e7-aee5-fdc812cc3bec", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "cee2fd21-4d59-11e7-aee5-fdc812cc3bec", + "label": "Swap usage", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.swap.used.pct", + "id": "cee2fd22-4d59-11e7-aee5-fdc812cc3bec", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Swap usage [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json new file mode 100644 index 00000000000..c7d89bf130b --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Outbound Traffic [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "0e346760-1b92-11e7-bec4-a5e9ec5cab8b" + } + ], + "filter": { + "language": "lucene", + "query": "-system.network.name:l*" + }, + "id": "0c761590-1b92-11e7-bec4-a5e9ec5cab8b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "0c761591-1b92-11e7-bec4-a5e9ec5cab8b", + "label": "Outbound Traffic", + "line_width": 1, + "metrics": [ + { + "field": "system.network.out.bytes", + "id": "0c761592-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "max" + }, + { + "field": "0c761592-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "1d659060-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "derivative", + "unit": "1s" + }, + { + "field": "1d659060-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "f2074f70-1b92-11e7-a416-41f5ccdba2e6", + "type": "positive_only", + "unit": "" + }, + { + "function": "sum", + "id": "a1737470-2c55-11e7-a0ad-277ce466684d", + "type": "series_agg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "37f70440-1b92-11e7-bec4-a5e9ec5cab8b", + "label": "Total Transferred", + "line_width": 1, + "metrics": [ + { + "field": "system.network.out.bytes", + "id": "37f72b50-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "max" + }, + { + "field": "37f72b50-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "37f72b51-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "derivative", + "unit": "" + }, + { + "field": "37f72b51-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "f9da2dd0-1b92-11e7-a416-41f5ccdba2e6", + "type": "positive_only", + "unit": "" + }, + { + "field": "f9da2dd0-1b92-11e7-a416-41f5ccdba2e6", + "function": "overall_sum", + "id": "3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b", + "sigma": "", + "type": "series_agg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Outbound Traffic [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json new file mode 100644 index 00000000000..452afd00955 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Load Gauge [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "feefabd0-1b90-11e7-bec4-a5e9ec5cab8b" + } + ], + "gauge_color_rules": [ + { + "id": "ffd94880-1b90-11e7-bec4-a5e9ec5cab8b" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "fdcc6180-1b90-11e7-bec4-a5e9ec5cab8b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "fdcc6181-1b90-11e7-bec4-a5e9ec5cab8b", + "label": "5m Load", + "line_width": 1, + "metrics": [ + { + "field": "system.load.5", + "id": "fdcc6182-1b90-11e7-bec4-a5e9ec5cab8b", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Load Gauge [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..4f0ed484f91 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Processes By Memory [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "bar_color": "rgba(104,188,0,1)", + "id": "efb9b660-1b18-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0 + }, + { + "bar_color": "rgba(254,146,0,1)", + "id": "17fcb820-1b19-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.7 + }, + { + "bar_color": "rgba(211,49,21,1)", + "id": "1dd61070-1b19-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.85 + } + ], + "drilldown_url": "", + "filter": "", + "id": "edfceb30-1b18-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "edfceb31-1b18-11e7-b09e-037021c4f8df", + "line_width": 1, + "metrics": [ + { + "field": "system.process.memory.rss.pct", + "id": "edfceb32-1b18-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "process.name", + "terms_order_by": "edfceb32-1b18-11e7-b09e-037021c4f8df" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Processes By Memory [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "2e224660-1b19-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json new file mode 100644 index 00000000000..b97a87c46da --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Syslog](#/dashboard/Logs-syslog-dashboard-ecs) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs)" + }, + "title": "Dashboards [Logs System] ECS", + "type": "markdown" + } + }, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json new file mode 100644 index 00000000000..e8405ce1086 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json @@ -0,0 +1,60 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid" + } + } + }, + "title": "SSH users of failed login attempts [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "SSH users of failed login attempts ECS", + "type": "tagcloud" + } + }, + "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json new file mode 100644 index 00000000000..52a7441064f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New groups over time [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "group.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "New groups over time ECS", + "type": "histogram" + } + }, + "id": "346bb290-fa80-11e6-a1df-a78bd7504d38-ecs", + "references": [ + { + "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json new file mode 100644 index 00000000000..8ed81fbb0a2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk Usage [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "bar_color": "rgba(104,188,0,1)", + "id": "bf525310-1b95-11e7-8ada-3df93aab833e", + "operator": "gte", + "value": 0 + }, + { + "bar_color": "rgba(254,146,0,1)", + "id": "125fc4c0-1b96-11e7-8ada-3df93aab833e", + "operator": "gte", + "value": 0.7 + }, + { + "bar_color": "rgba(211,49,21,1)", + "id": "1a5c7240-1b96-11e7-8ada-3df93aab833e", + "operator": "gte", + "value": 0.85 + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "drilldown_url": "", + "filter": { + "language": "lucene", + "query": "-system.filesystem.mount_point:\\/run* AND -system.filesystem.mount_point:\\/sys* AND -system.filesystem.mount_point:\\/dev* AND -system.filesystem.mount_point:\\/proc* AND -system.filesystem.mount_point:\\/var* AND -system.filesystem.mount_point:\\/boot" + }, + "id": "9f7e48a0-1b95-11e7-8ada-3df93aab833e", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "9f7e48a1-1b95-11e7-8ada-3df93aab833e", + "line_width": 1, + "metrics": [ + { + "agg_with": "avg", + "field": "system.filesystem.used.pct", + "id": "9f7e48a2-1b95-11e7-8ada-3df93aab833e", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "top_hit" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.filesystem.mount_point" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "type": "top_n" + }, + "title": "Disk Usage [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json new file mode 100644 index 00000000000..55e1106f94d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid" + } + } + }, + "title": "SSH failed login attempts source locations [Logs System] ECS", + "uiStateJSON": { + "mapCenter": [ + 17.602139123350838, + 69.697265625 + ], + "mapZoom": 2 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "SSH failed login attempts source locations ECS", + "type": "tile_map" + } + }, + "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json new file mode 100644 index 00000000000..6c5e86b6992 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json @@ -0,0 +1,23 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Tip [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "**TIP:** To select another host, go to the [System Overview](#/dashboard/Metrics-system-overview-ecs) dashboard and double-click a host name." + }, + "title": "Tip [Metrics System] ECS", + "type": "markdown" + } + }, + "id": "3d65d450-a9c3-11e7-af20-67db8aecb295-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..e6c50d4e92d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Services By Task Count [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "3aeae000-f997-11e9-ac67-272468589910" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "system.service.resources.tasks.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.service.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "Top Services By Task Count [Metrics System]", + "type": "metrics" + } + }, + "id": "4b254630-f998-11e9-90e8-1fb18e796788", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..cc1770ec33f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "System Load [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "f6264ad0-1b14-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0", + "formatter": "number", + "id": "f62671e0-1b14-11e7-b09e-037021c4f8df", + "label": "1m", + "line_width": "3", + "metrics": [ + { + "field": "system.load.1", + "id": "f62671e1-1b14-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "0", + "formatter": "number", + "id": "1c324850-1b15-11e7-b09e-037021c4f8df", + "label": "5m", + "line_width": "3", + "metrics": [ + { + "field": "system.load.5", + "id": "1c324851-1b15-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": "0", + "formatter": "number", + "id": "3287e740-1b15-11e7-b09e-037021c4f8df", + "label": "15m", + "line_width": "3", + "metrics": [ + { + "field": "system.load.15", + "id": "32880e50-1b15-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "System Load [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "4d546850-1b15-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..a0537c1f3a1 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,115 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk IO (Bytes) [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "", + "id": "d3c67db0-1b1a-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(22,165,165,1)", + "fill": "1", + "formatter": "bytes", + "id": "d3c67db1-1b1a-11e7-b09e-037021c4f8df", + "label": "reads", + "line_width": 1, + "metrics": [ + { + "field": "system.diskio.read.bytes", + "id": "d3c67db2-1b1a-11e7-b09e-037021c4f8df", + "type": "max" + }, + { + "field": "d3c67db2-1b1a-11e7-b09e-037021c4f8df", + "id": "f55b9910-1b1a-11e7-b09e-037021c4f8df", + "type": "derivative", + "unit": "1s" + }, + { + "field": "f55b9910-1b1a-11e7-b09e-037021c4f8df", + "id": "dcbbb100-1b93-11e7-8ada-3df93aab833e", + "type": "positive_only", + "unit": "" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(251,158,0,1)", + "fill": "1", + "formatter": "bytes", + "id": "144124d0-1b1b-11e7-b09e-037021c4f8df", + "label": "writes", + "line_width": 1, + "metrics": [ + { + "field": "system.diskio.write.bytes", + "id": "144124d1-1b1b-11e7-b09e-037021c4f8df", + "type": "max" + }, + { + "field": "144124d1-1b1b-11e7-b09e-037021c4f8df", + "id": "144124d2-1b1b-11e7-b09e-037021c4f8df", + "type": "derivative", + "unit": "1s" + }, + { + "id": "144124d4-1b1b-11e7-b09e-037021c4f8df", + "script": "params.rate \u003e 0 ? params.rate * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "144124d2-1b1b-11e7-b09e-037021c4f8df", + "id": "144124d3-1b1b-11e7-b09e-037021c4f8df", + "name": "rate" + } + ] + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Disk IO (Bytes) [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json new file mode 100644 index 00000000000..f18a93dba08 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.sudo.error:*" + } + } + }, + "title": "Sudo errors [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.sudo.error", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Sudo errors ECS", + "type": "histogram" + } + }, + "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json new file mode 100644 index 00000000000..c3b6e056324 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Inbound Traffic [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "0e346760-1b92-11e7-bec4-a5e9ec5cab8b" + } + ], + "filter": { + "language": "lucene", + "query": "-system.network.name:l*" + }, + "id": "0c761590-1b92-11e7-bec4-a5e9ec5cab8b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "0c761591-1b92-11e7-bec4-a5e9ec5cab8b", + "label": "Inbound Traffic", + "line_width": 1, + "metrics": [ + { + "field": "system.network.in.bytes", + "id": "0c761592-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "max" + }, + { + "field": "0c761592-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "1d659060-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "derivative", + "unit": "1s" + }, + { + "field": "1d659060-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "f2074f70-1b92-11e7-a416-41f5ccdba2e6", + "type": "positive_only", + "unit": "" + }, + { + "function": "sum", + "id": "c40e18f0-2c55-11e7-a0ad-277ce466684d", + "type": "series_agg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "37f70440-1b92-11e7-bec4-a5e9ec5cab8b", + "label": "Total Transferred", + "line_width": 1, + "metrics": [ + { + "field": "system.network.in.bytes", + "id": "37f72b50-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "max" + }, + { + "field": "37f72b50-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "37f72b51-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "derivative", + "unit": "" + }, + { + "field": "37f72b51-1b92-11e7-bec4-a5e9ec5cab8b", + "id": "f9da2dd0-1b92-11e7-a416-41f5ccdba2e6", + "type": "positive_only", + "unit": "" + }, + { + "field": "f9da2dd0-1b92-11e7-a416-41f5ccdba2e6", + "function": "overall_sum", + "id": "3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b", + "sigma": "", + "type": "series_agg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Inbound Traffic [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json new file mode 100644 index 00000000000..84a73af8d4f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of processes [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Processes", + "field": "process.pid" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "listeners": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "Number of processes ECS", + "type": "metric" + } + }, + "id": "590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json new file mode 100644 index 00000000000..a1a30baf6f0 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Sudo commands by user [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Sudo commands by user ECS", + "type": "histogram" + } + }, + "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs", + "references": [ + { + "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json new file mode 100644 index 00000000000..39b5e3f0e9d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New users over time [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "New users over time ECS", + "type": "histogram" + } + }, + "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs", + "references": [ + { + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json new file mode 100644 index 00000000000..3fb302ed153 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json @@ -0,0 +1,130 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Traffic (Packets) [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": { + "language": "lucene", + "query": "-system.network.name:l*" + }, + "id": "da1046f0-faa0-11e6-86b1-cd7735ff7e23", + "index_pattern": "*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "1", + "formatter": "0.[00]a", + "id": "da1046f1-faa0-11e6-86b1-cd7735ff7e23", + "label": "Inbound", + "line_width": "0", + "metrics": [ + { + "field": "system.network.in.packets", + "id": "da1046f2-faa0-11e6-86b1-cd7735ff7e23", + "type": "max" + }, + { + "field": "da1046f2-faa0-11e6-86b1-cd7735ff7e23", + "id": "f41f9280-faa0-11e6-86b1-cd7735ff7e23", + "type": "derivative", + "unit": "1s" + }, + { + "field": "f41f9280-faa0-11e6-86b1-cd7735ff7e23", + "id": "c0da3d80-1b93-11e7-8ada-3df93aab833e", + "type": "positive_only", + "unit": "" + }, + { + "function": "sum", + "id": "ecaad010-2c2c-11e7-be71-3162da85303f", + "type": "series_agg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(250,40,255,1)", + "fill": "1", + "formatter": "0.[00]a", + "id": "fbbd5720-faa0-11e6-86b1-cd7735ff7e23", + "label": "Outbound", + "line_width": "0", + "metrics": [ + { + "field": "system.network.out.packets", + "id": "fbbd7e30-faa0-11e6-86b1-cd7735ff7e23", + "type": "max" + }, + { + "field": "fbbd7e30-faa0-11e6-86b1-cd7735ff7e23", + "id": "fbbd7e31-faa0-11e6-86b1-cd7735ff7e23", + "type": "derivative", + "unit": "1s" + }, + { + "id": "17e597a0-faa1-11e6-86b1-cd7735ff7e23", + "script": "params.rate != null \u0026\u0026 params.rate \u003e 0 ? params.rate * -1 : null", + "type": "calculation", + "variables": [ + { + "field": "fbbd7e31-faa0-11e6-86b1-cd7735ff7e23", + "id": "1940bad0-faa1-11e6-86b1-cd7735ff7e23", + "name": "rate" + } + ] + }, + { + "function": "sum", + "id": "fe5fbdc0-2c2c-11e7-be71-3162da85303f", + "type": "series_agg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "value_template": "{{value}}/s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Mericbeat: Network Traffic (Packets) ECS", + "type": "metrics" + } + }, + "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json new file mode 100644 index 00000000000..644f994bd6d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + }, + "title": "SSH login attempts [Logs System] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Accepted": "#3F6833", + "Failed": "#F9934E", + "Invalid": "#447EBC" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.ssh.event", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "SSH login attempts ECS", + "type": "histogram" + } + }, + "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json new file mode 100644 index 00000000000..a7803784065 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json @@ -0,0 +1,107 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Hosts histogram by CPU usage [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0% - 5%": "rgb(247,252,245)", + "10% - 15%": "rgb(116,196,118)", + "15% - 20%": "rgb(35,139,69)", + "5% - 10%": "rgb(199,233,192)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "CPU usage", + "field": "system.cpu.user.pct" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Hosts", + "field": "host.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Greens", + "colorsNumber": 4, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Hosts histogram by CPU usage [Metrics System] ECS", + "type": "heatmap" + } + }, + "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json new file mode 100644 index 00000000000..a35396d54b0 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json @@ -0,0 +1,120 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Disk used [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": "", + "gauge_color_rules": [ + { + "gauge": "rgba(104,188,0,1)", + "id": "51921d10-4d1d-11e7-b5f2-2b7c1895bf32", + "operator": "gte", + "value": 0 + }, + { + "gauge": "rgba(251,158,0,1)", + "id": "f26de750-4d54-11e7-b5f2-2b7c1895bf32", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(211,49,21,1)", + "id": "fa31d190-4d54-11e7-b5f2-2b7c1895bf32", + "operator": "gte", + "value": 0.85 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32", + "index_pattern": "metrics-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32", + "label": "Disk used", + "line_width": 1, + "metrics": [ + { + "agg_with": "avg", + "field": "system.fsstat.total_size.used", + "id": "4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "top_hit" + }, + { + "agg_with": "avg", + "field": "system.fsstat.total_size.total", + "id": "57c96ee0-4d54-11e7-b5f2-2b7c1895bf32", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "top_hit" + }, + { + "id": "6304cca0-4d54-11e7-b5f2-2b7c1895bf32", + "script": "params.used/params.total ", + "type": "math", + "variables": [ + { + "field": "4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32", + "id": "6da10430-4d54-11e7-b5f2-2b7c1895bf32", + "name": "used" + }, + { + "field": "57c96ee0-4d54-11e7-b5f2-2b7c1895bf32", + "id": "73b8c510-4d54-11e7-b5f2-2b7c1895bf32", + "name": "total" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "type": "gauge" + }, + "title": "Disk used [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json new file mode 100644 index 00000000000..cb6650933c2 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "CPU Usage Gauge [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "", + "gauge_color_rules": [ + { + "gauge": "rgba(104,188,0,1)", + "id": "4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0 + }, + { + "gauge": "rgba(254,146,0,1)", + "id": "e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(211,49,21,1)", + "id": "ec655040-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0.85 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b", + "label": "CPU Usage", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.user.pct", + "id": "4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "avg" + }, + { + "field": "system.cpu.system.pct", + "id": "225c2140-5fd7-11e7-a63a-a937b7c1a7e1", + "type": "avg" + }, + { + "field": "system.cpu.cores", + "id": "837a30c0-5fd7-11e7-a63a-a937b7c1a7e1", + "type": "avg" + }, + { + "id": "587aa510-1b91-11e7-bec4-a5e9ec5cab8b", + "script": "params.n \u003e 0 ? (params.user+params.system)/params.n : null", + "type": "calculation", + "variables": [ + { + "field": "4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b", + "id": "5a19af10-1b91-11e7-bec4-a5e9ec5cab8b", + "name": "user" + }, + { + "field": "225c2140-5fd7-11e7-a63a-a937b7c1a7e1", + "id": "32b54f80-5fd7-11e7-a63a-a937b7c1a7e1", + "name": "system" + }, + { + "field": "837a30c0-5fd7-11e7-a63a-a937b7c1a7e1", + "id": "8ba6eef0-5fd7-11e7-a63a-a937b7c1a7e1", + "name": "n" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "CPU Usage Gauge [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..a2f584a4eeb --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Hosts By CPU (Realtime) [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "bar_color": "rgba(104,188,0,1)", + "id": "33349dd0-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0 + }, + { + "bar_color": "rgba(254,146,0,1)", + "id": "997dc440-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.6 + }, + { + "bar_color": "rgba(211,49,21,1)", + "id": "a10d7f20-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.85 + } + ], + "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\"{{key}}\"'))", + "filter": "", + "id": "31e5afa0-1b1c-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "31e5afa1-1b1c-11e7-b09e-037021c4f8df", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.user.pct", + "id": "31e5afa2-1b1c-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "host.name", + "terms_order_by": "31e5afa2-1b1c-11e7-b09e-037021c4f8df", + "terms_size": "10" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top Hosts By CPU (Realtime) [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "855899e0-1b1c-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..794e4e0b850 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Services By Memory Usage [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "5af08c50-f998-11e9-ac67-272468589910" + } + ], + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "field": "system.service.resources.memory.usage.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.service.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n" + }, + "title": "Top Services By Memory Usage [Metrics System]", + "type": "metrics" + } + }, + "id": "8c071e20-f999-11e9-90e8-1fb18e796788", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json new file mode 100644 index 00000000000..d3a742e2ff7 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Packetloss [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "6ba9b1f0-4d5d-11e7-aa29-87a97a796de6" + } + ], + "id": "6984af10-4d5d-11e7-aa29-87a97a796de6", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "6984af11-4d5d-11e7-aa29-87a97a796de6", + "label": "In Packetloss", + "line_width": 1, + "metrics": [ + { + "field": "system.network.in.dropped", + "id": "6984af12-4d5d-11e7-aa29-87a97a796de6", + "type": "max" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "ac2e6b30-4d5d-11e7-aa29-87a97a796de6", + "label": "Out Packetloss", + "line_width": 1, + "metrics": [ + { + "field": "system.network.out.dropped", + "id": "ac2e6b31-4d5d-11e7-aa29-87a97a796de6", + "type": "max" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Packetloss [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "96976150-4d5d-11e7-aa29-87a97a796de6-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json new file mode 100644 index 00000000000..623dba81609 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Interfaces by Incoming traffic [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "44596d40-4d60-11e7-9a4c-ed99bbcaa42b" + } + ], + "id": "42ceae90-4d60-11e7-9a4c-ed99bbcaa42b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b", + "label": "Interfaces by Incoming traffic", + "line_width": 1, + "metrics": [ + { + "field": "system.network.in.bytes", + "id": "42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "terms_order_by": "42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Interfaces by Incoming traffic [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..8437ae93ddd --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json @@ -0,0 +1,127 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "metricset.name", + "negate": false, + "params": { + "query": "service" + }, + "type": "phrase", + "value": "service" + }, + "query": { + "match": { + "metricset.name": { + "query": "service", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Return Codes Of Exited Services [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Return Codes Of Exited Services [Metrics Services]" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "process.exit_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Return Codes Of Exited Services [Metrics System]", + "type": "pie" + } + }, + "id": "9c69cad0-f9b0-11e9-90e8-1fb18e796788", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Block-IO-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Block-IO-ecs.json new file mode 100644 index 00000000000..0f7b38e2073 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Block-IO-ecs.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Container Block IO [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total", + "field": "system.process.cgroup.blkio.total.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "I/O", + "field": "system.process.cgroup.blkio.total.ios" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Container ID", + "field": "system.process.cgroup.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Process name", + "field": "process.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Container Block IO [Metrics System] ECS", + "type": "table" + } + }, + "id": "Container-Block-IO-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/Container-CPU-usage-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-CPU-usage-ecs.json new file mode 100644 index 00000000000..0294d0fb95a --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-CPU-usage-ecs.json @@ -0,0 +1,119 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Container CPU usage [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "CPU user", + "field": "system.process.cgroup.cpuacct.stats.user.ns" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "CPU quota", + "field": "system.process.cgroup.cpu.cfs.quota.us" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Container ID", + "field": "system.process.cgroup.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "CPU throttling", + "field": "system.process.cgroup.cpu.stats.throttled.ns" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "CPU kernel", + "field": "system.process.cgroup.cpuacct.stats.system.ns" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Process name", + "field": "process.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Container CPU usage [Metrics System] ECS", + "type": "table" + } + }, + "id": "Container-CPU-usage-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Memory-stats-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Memory-stats-ecs.json new file mode 100644 index 00000000000..4ea1781645f --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/Container-Memory-stats-ecs.json @@ -0,0 +1,209 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Container Memory stats [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "13", + "params": { + "customLabel": "Usage", + "field": "system.process.cgroup.memory.mem.usage.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "14", + "params": { + "customLabel": "Max usage", + "field": "system.process.cgroup.memory.mem.usage.max.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Page faults", + "field": "system.process.cgroup.memory.stats.page_faults" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Pages in memory", + "field": "system.process.cgroup.memory.stats.pages_in" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Pages out of memory", + "field": "system.process.cgroup.memory.stats.pages_out" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Container ID", + "field": "system.process.cgroup.id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Inactive files", + "field": "system.process.cgroup.memory.stats.inactive_file.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "# Major page faults", + "field": "system.process.cgroup.memory.stats.major_page_faults" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Process name", + "field": "process.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "12", + "params": { + "customLabel": "Failures", + "field": "system.process.cgroup.memory.mem.failures" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "TCP buffers", + "field": "system.process.cgroup.memory.kmem_tcp.usage.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "11", + "params": { + "customLabel": "Huge pages", + "field": "system.process.cgroup.memory.stats.rss_huge.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Swap caches", + "field": "system.process.cgroup.memory.stats.rss.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "15", + "params": { + "customLabel": "Swap usage", + "field": "system.process.cgroup.memory.stats.swap.bytes" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "16", + "params": { + "customLabel": "Block I/O", + "field": "system.process.cgroup.blkio.total.ios" + }, + "schema": "metric", + "type": "avg" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Container Memory stats [Metrics System] ECS", + "type": "table" + } + }, + "id": "Container-Memory-stats-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-events-by-hostname-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-events-by-hostname-ecs.json new file mode 100644 index 00000000000..1b0ac5d70bf --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-events-by-hostname-ecs.json @@ -0,0 +1,74 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Syslog events by hostname [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Syslog events by hostname ECS", + "type": "histogram" + } + }, + "id": "Syslog-events-by-hostname-ecs", + "references": [ + { + "id": "Syslog-system-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-hostnames-and-processes-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-hostnames-and-processes-ecs.json new file mode 100644 index 00000000000..7ceb9823a9c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/Syslog-hostnames-and-processes-ecs.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Syslog hostnames and processes [Logs System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "process.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Syslog hostnames and processes ECS", + "type": "pie" + } + }, + "id": "Syslog-hostnames-and-processes-ecs", + "references": [ + { + "id": "Syslog-system-logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/System-Navigation-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/System-Navigation-ecs.json new file mode 100644 index 00000000000..c57df9050ab --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/System-Navigation-ecs.json @@ -0,0 +1,29 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "System Navigation [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[System Overview](#/dashboard/Metrics-system-overview-ecs) | [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs) |\n[Containers overview](#/dashboard/CPU-slash-Memory-per-container-ecs)" + }, + "title": "System Navigation [Metrics System] ECS", + "type": "markdown" + } + }, + "id": "System-Navigation-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..342253f1180 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Running Services [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Running Services [Metrics Services]", + "field": "system.service.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Running Services [Metrics System]", + "type": "metric" + } + }, + "id": "a30871f0-f98f-11e9-90e8-1fb18e796788", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..0536c91ace3 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,170 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "CPU Usage [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "80a04950-1b19-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "1", + "formatter": "percent", + "id": "80a04951-1b19-11e7-b09e-037021c4f8df", + "label": "user", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.user.pct", + "id": "80a04952-1b19-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "1", + "formatter": "percent", + "id": "993acf30-1b19-11e7-b09e-037021c4f8df", + "label": "system", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.system.pct", + "id": "993acf31-1b19-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(123,100,255,1)", + "fill": "1", + "formatter": "percent", + "id": "65ca35e0-1b1a-11e7-b09e-037021c4f8df", + "label": "nice", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.nice.pct", + "id": "65ca5cf0-1b1a-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": "1", + "formatter": "percent", + "id": "741b5f20-1b1a-11e7-b09e-037021c4f8df", + "label": "irq", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.irq.pct", + "id": "741b5f21-1b1a-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(176,188,0,1)", + "fill": "1", + "formatter": "percent", + "id": "2efc5d40-1b1a-11e7-b09e-037021c4f8df", + "label": "softirq", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.softirq.pct", + "id": "2efc5d41-1b1a-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(15,20,25,1)", + "fill": "1", + "formatter": "percent", + "id": "ae644a30-1b19-11e7-b09e-037021c4f8df", + "label": "iowait", + "line_width": 1, + "metrics": [ + { + "field": "system.cpu.iowait.pct", + "id": "ae644a31-1b19-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "CPU Usage [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..4ba0f2264d3 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Service States [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Service States [Metrics Services]" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.service.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Service States [Metrics System]", + "type": "pie" + } + }, + "id": "bb3a8720-f991-11e9-90e8-1fb18e796788", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..8e5d96f289b --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,126 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Memory Usage [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "id": "32f46f40-1b16-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "1", + "formatter": "bytes", + "id": "4ff61fd0-1b16-11e7-b09e-037021c4f8df", + "label": "Used", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.actual.used.bytes", + "id": "4ff61fd1-1b16-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": "1", + "formatter": "bytes", + "id": "753a6080-1b16-11e7-b09e-037021c4f8df", + "label": "Cache", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.actual.used.bytes", + "id": "753a6081-1b16-11e7-b09e-037021c4f8df", + "type": "avg" + }, + { + "field": "system.memory.used.bytes", + "id": "7c9d3f00-1b16-11e7-b09e-037021c4f8df", + "type": "avg" + }, + { + "id": "869cc160-1b16-11e7-b09e-037021c4f8df", + "script": "params.actual != null \u0026\u0026 params.used != null ? params.used - params.actual : null", + "type": "calculation", + "variables": [ + { + "field": "753a6081-1b16-11e7-b09e-037021c4f8df", + "id": "890f9620-1b16-11e7-b09e-037021c4f8df", + "name": "actual" + }, + { + "field": "7c9d3f00-1b16-11e7-b09e-037021c4f8df", + "id": "8f3ab7f0-1b16-11e7-b09e-037021c4f8df", + "name": "used" + } + ] + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "1", + "formatter": "bytes", + "id": "32f46f41-1b16-11e7-b09e-037021c4f8df", + "label": "Free", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.free", + "id": "32f46f42-1b16-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "stacked" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Memory Usage [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json new file mode 100644 index 00000000000..65055e7d8cb --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json @@ -0,0 +1,67 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Interfaces by Outgoing traffic [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "9db20be0-4d60-11e7-9a4c-ed99bbcaa42b" + } + ], + "id": "9cdba910-4d60-11e7-9a4c-ed99bbcaa42b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "9cdba911-4d60-11e7-9a4c-ed99bbcaa42b", + "label": "Interfaces by Outgoing traffic", + "line_width": 1, + "metrics": [ + { + "field": "system.network.out.bytes", + "id": "9cdba912-4d60-11e7-9a4c-ed99bbcaa42b", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.network.name", + "terms_order_by": "9cdba912-4d60-11e7-9a4c-ed99bbcaa42b" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Interfaces by Outgoing traffic [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json new file mode 100644 index 00000000000..b20ed5e455e --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of hosts [Metrics System] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of hosts", + "field": "host.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": false + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "63", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "Number of hosts [Metrics System] ECS", + "type": "metric" + } + }, + "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json new file mode 100644 index 00000000000..e6f74e51b73 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "system.auth.ssh.event:Accepted" + } + } + }, + "title": "Successful SSH logins [Logs System] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Accepted": "#3F6833", + "Failed": "#F9934E", + "Invalid": "#447EBC", + "password": "#BF1B00", + "publickey": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.ssh.method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Successful SSH logins ECS", + "type": "histogram" + } + }, + "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json new file mode 100644 index 00000000000..db9f0298f9c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Memory usage vs total [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "listeners": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "6f7618b0-4d5c-11e7-aa29-87a97a796de6" + } + ], + "id": "6bc65720-4d5c-11e7-aa29-87a97a796de6", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "6bc65721-4d5c-11e7-aa29-87a97a796de6", + "label": "Memory usage", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.actual.used.bytes", + "id": "6bc65722-4d5c-11e7-aa29-87a97a796de6", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "b8fe6820-4d5c-11e7-aa29-87a97a796de6", + "label": "Total Memory", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.total", + "id": "b8fe6821-4d5c-11e7-aa29-87a97a796de6", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "metric" + }, + "title": "Memory usage vs total ECS", + "type": "metrics" + } + }, + "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json new file mode 100644 index 00000000000..ff6fdeca051 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Memory Usage Gauge [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "", + "gauge_color_rules": [ + { + "gauge": "rgba(104,188,0,1)", + "id": "a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0 + }, + { + "gauge": "rgba(254,146,0,1)", + "id": "b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(211,49,21,1)", + "id": "c06e9550-1b91-11e7-bec4-a5e9ec5cab8b", + "operator": "gte", + "value": 0.85 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "9f51b730-1b91-11e7-bec4-a5e9ec5cab8b", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "9f51b731-1b91-11e7-bec4-a5e9ec5cab8b", + "label": "Memory Usage", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.actual.used.pct", + "id": "9f51b732-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge" + }, + "title": "Memory Usage Gauge [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..680cf247746 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json @@ -0,0 +1,68 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Service Memory Use Over Time [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "system.service.resources.memory.usage.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "system.service.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "terms_size": "5", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Service Memory Use Over Time [Metrics System]", + "type": "metrics" + } + }, + "id": "d3f51850-f9b6-11e9-90e8-1fb18e796788", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json new file mode 100644 index 00000000000..7368e5ba2a8 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New users by home directory [Logs System] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "/bin/bash": "#E24D42", + "/bin/false": "#508642", + "/nonexistent": "#629E51", + "/sbin/nologin": "#7EB26D" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.useradd.home", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "New users by home directory ECS", + "type": "pie" + } + }, + "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs", + "references": [ + { + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json new file mode 100644 index 00000000000..82771189062 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Top sudo commands [Logs System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.sudo.command", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top sudo commands ECS", + "type": "table" + } + }, + "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs", + "references": [ + { + "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json new file mode 100644 index 00000000000..4f711c2d372 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Processes By CPU [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "bar_color": "rgba(104,188,0,1)", + "id": "60e11be0-1b18-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0 + } + ], + "drilldown_url": "", + "filter": "", + "id": "5f5b8d50-1b18-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "5f5b8d51-1b18-11e7-b09e-037021c4f8df", + "line_width": 1, + "metrics": [ + { + "field": "system.process.cpu.total.pct", + "id": "5f5b8d52-1b18-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "process.name", + "terms_order_by": "5f5b8d52-1b18-11e7-b09e-037021c4f8df" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top Processes By CPU [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json new file mode 100644 index 00000000000..30f81ada9c3 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New users by shell [Logs System] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "/bin/bash": "#E24D42", + "/bin/false": "#508642", + "/sbin/nologin": "#7EB26D" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.useradd.shell", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "New users by shell ECS", + "type": "pie" + } + }, + "id": "e121b140-fa78-11e6-a1df-a78bd7504d38-ecs", + "references": [ + { + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json b/dev/packages/beats/system/0.0.1/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json new file mode 100644 index 00000000000..3a3860e165b --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Service Sub-State [Metrics System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Service Sub-State [Metrics Services]" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.service.sub_state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Service Sub-State [Metrics System]", + "type": "pie" + } + }, + "id": "e6e639e0-f992-11e9-90e8-1fb18e796788", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json new file mode 100644 index 00000000000..d1aef38a92d --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json @@ -0,0 +1,135 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "New users [Logs System] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Host", + "field": "host.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "UID", + "field": "user.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "GID", + "field": "group.id", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Home", + "field": "system.auth.useradd.home", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Shell", + "field": "system.auth.useradd.shell", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "New users ECS", + "type": "table" + } + }, + "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "references": [ + { + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/beats/system/0.0.1/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json new file mode 100644 index 00000000000..7a88dde5663 --- /dev/null +++ b/dev/packages/beats/system/0.0.1/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json @@ -0,0 +1,84 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Hosts By Memory (Realtime) [Metrics System] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "bar_color": "rgba(104,188,0,1)", + "id": "33349dd0-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0 + }, + { + "bar_color": "rgba(254,146,0,1)", + "id": "997dc440-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.6 + }, + { + "bar_color": "rgba(211,49,21,1)", + "id": "a10d7f20-1b1c-11e7-b09e-037021c4f8df", + "operator": "gte", + "value": 0.85 + } + ], + "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\"{{key}}\"'))", + "filter": "", + "id": "31e5afa0-1b1c-11e7-b09e-037021c4f8df", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "31e5afa1-1b1c-11e7-b09e-037021c4f8df", + "line_width": 1, + "metrics": [ + { + "field": "system.memory.actual.used.pct", + "id": "31e5afa2-1b1c-11e7-b09e-037021c4f8df", + "type": "avg" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "host.name", + "terms_order_by": "31e5afa2-1b1c-11e7-b09e-037021c4f8df", + "terms_size": "10" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top Hosts By Memory (Realtime) [Metrics System] ECS", + "type": "metrics" + } + }, + "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/system/0.0.1/manifest.yml b/dev/packages/beats/system/0.0.1/manifest.yml new file mode 100644 index 00000000000..3df9c69073c --- /dev/null +++ b/dev/packages/beats/system/0.0.1/manifest.yml @@ -0,0 +1,48 @@ +format_version: 1.0.0 +name: system +title: System +version: 0.0.1 +license: basic +description: System Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: false +requirement: + kibana: + versions: '>=7.6.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-system.png + title: kibana system + size: 1220x852 + type: image/png +- src: /img/metricbeat_system_dashboard.png + title: metricbeat system dashboard + size: 2097x1933 + type: image/png +- src: /img/metricbeat-services-host.png + title: metricbeat services host + size: 5006x2260 + type: image/png +icons: +- src: /img/system.svg + title: system + size: 1000x1000 + type: image/svg+xml +datasources: +- name: system + title: System logs and metrics + description: Collect logs and metrics from System instances + inputs: + - type: logs + title: Collect logs from System instances + description: Collecting System auth and syslog logs + - type: system/metrics + title: Collect metrics from System instances + description: Collecting System core, cpu, diskio, entropy, filesystem, fsstat, + load, memory, network, network_summary, process, process_summary, raid, service, + socket, socket_summary, uptime and users metrics diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/cache/agent/stream/stream.yml.hbs b/dev/packages/beats/tomcat/0.0.1/dataset/cache/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..2dbc29021b3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/cache/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["cache"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/fields.yml new file mode 100644 index 00000000000..81ef05859e3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/fields.yml @@ -0,0 +1,22 @@ +- name: tomcat.cache + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: hit.total + type: long + description: The number of requests for resources that were served from the cache + - name: size.total.kb + type: long + description: The current estimate of the cache size in kilobytes + - name: size.max.kb + type: long + description: The maximum permitted size of the cache in kilobytes + - name: lookup.total + type: long + description: The number of requests for resources + - name: ttl.ms + type: long + description: The time-to-live for cache entries in milliseconds diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/package-fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/package-fields.yml new file mode 100644 index 00000000000..1577726d8c3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/cache/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: tomcat + type: group diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/cache/manifest.yml b/dev/packages/beats/tomcat/0.0.1/dataset/cache/manifest.yml new file mode 100644 index 00000000000..98619fb2b42 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/cache/manifest.yml @@ -0,0 +1,15 @@ +title: Tomcat cache metrics +release: experimental +type: metrics +streams: +- input: tomcat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Tomcat cache metrics + description: Collect Tomcat cache metrics diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/memory/agent/stream/stream.yml.hbs b/dev/packages/beats/tomcat/0.0.1/dataset/memory/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e9168375e04 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/memory/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["memory"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 00000000000..c1e4cc5589b --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,31 @@ +- name: tomcat.memory + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: heap.usage.committed + type: long + description: Committed heap memory usage + - name: heap.usage.max + type: long + description: Max heap memory usage + - name: heap.usage.used + type: long + description: Used heap memory usage + - name: heap.usage.init + type: long + description: Initial heap memory usage + - name: other.usage.committed + type: long + description: Committed non-heap memory usage + - name: other.usage.max + type: long + description: Max non-heap memory usage + - name: other.usage.used + type: long + description: Used non-heap memory usage + - name: other.usage.init + type: long + description: Initial non-heap memory usage diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/package-fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/package-fields.yml new file mode 100644 index 00000000000..1577726d8c3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/memory/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: tomcat + type: group diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/memory/manifest.yml b/dev/packages/beats/tomcat/0.0.1/dataset/memory/manifest.yml new file mode 100644 index 00000000000..7b8e7f53297 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/memory/manifest.yml @@ -0,0 +1,15 @@ +title: Tomcat memory metrics +release: experimental +type: metrics +streams: +- input: tomcat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Tomcat memory metrics + description: Collect Tomcat memory metrics diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/requests/agent/stream/stream.yml.hbs b/dev/packages/beats/tomcat/0.0.1/dataset/requests/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..781718c8f39 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/requests/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["requests"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/fields.yml new file mode 100644 index 00000000000..6651f94845e --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/fields.yml @@ -0,0 +1,22 @@ +- name: tomcat.requests + type: group + release: beta + fields: + - name: mbean + type: keyword + description: Mbean that this event is related to + - name: total + type: long + description: Number of requests processed + - name: bytes.received + type: long + description: Amount of data received, in bytes + - name: bytes.sent + type: long + description: Amount of data sent, in bytes + - name: processing.ms + type: long + description: Total time to process the requests + - name: errors.total + type: long + description: Number of errors diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/package-fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/package-fields.yml new file mode 100644 index 00000000000..1577726d8c3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/requests/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: tomcat + type: group diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/requests/manifest.yml b/dev/packages/beats/tomcat/0.0.1/dataset/requests/manifest.yml new file mode 100644 index 00000000000..e37884ee7f2 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/requests/manifest.yml @@ -0,0 +1,15 @@ +title: Tomcat requests metrics +release: experimental +type: metrics +streams: +- input: tomcat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Tomcat requests metrics + description: Collect Tomcat requests metrics diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/threading/agent/stream/stream.yml.hbs b/dev/packages/beats/tomcat/0.0.1/dataset/threading/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..e37fc9f6c23 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/threading/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["threading"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if path}} +path: {{path}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/fields.yml new file mode 100644 index 00000000000..5cd4aafd245 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/fields.yml @@ -0,0 +1,34 @@ +- name: tomcat.threading + type: group + release: beta + fields: + - name: busy + type: long + description: Current busy threads from the ThreadPool + - name: max + type: long + description: Max threads from the ThreadPool + - name: current + type: long + description: Current number of threads, taken from the ThreadPool + - name: keep_alive.total + type: long + description: Total keep alive on the ThreadPool + - name: keep_alive.timeout.ms + type: long + description: Keep alive timeout on the ThreadPool + - name: started.total + type: long + description: Current started threads at JVM level (from java.lang:type=Threading) + - name: user.time.ms + type: long + description: User time in milliseconds (from java.lang:type=Threading) + - name: cpu.time.ms + type: long + description: CPU time in milliseconds (from java.lang:type=Threading) + - name: total + type: long + description: Total threads at the JVM level (from java.lang:type=Threading) + - name: peak + type: long + description: Peak number of threads at JVM level (from java.lang:type=Threading) diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/package-fields.yml b/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/package-fields.yml new file mode 100644 index 00000000000..1577726d8c3 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/threading/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: tomcat + type: group diff --git a/dev/packages/beats/tomcat/0.0.1/dataset/threading/manifest.yml b/dev/packages/beats/tomcat/0.0.1/dataset/threading/manifest.yml new file mode 100644 index 00000000000..e045d9e4b09 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/dataset/threading/manifest.yml @@ -0,0 +1,15 @@ +title: Tomcat threading metrics +release: experimental +type: metrics +streams: +- input: tomcat/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Tomcat threading metrics + description: Collect Tomcat threading metrics diff --git a/dev/packages/beats/tomcat/0.0.1/docs/README.md b/dev/packages/beats/tomcat/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/img/metricbeat-tomcat-overview.png b/dev/packages/beats/tomcat/0.0.1/img/metricbeat-tomcat-overview.png new file mode 100644 index 00000000000..a5ade0e8dfc Binary files /dev/null and b/dev/packages/beats/tomcat/0.0.1/img/metricbeat-tomcat-overview.png differ diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/dashboard/b7675d90-ec34-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/dashboard/b7675d90-ec34-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..c56f2b7fe79 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/dashboard/b7675d90-ec34-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,180 @@ +{ + "attributes": { + "description": "An overview dashboards of all key metrics included in the Tomcat Metrics integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "1", + "w": 18, + "x": 16, + "y": 18 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Other Memory usage", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "2", + "w": 25, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Heap memory usage", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "3", + "w": 16, + "x": 0, + "y": 18 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Total Threads", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "5", + "w": 14, + "x": 34, + "y": 18 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "title": "Cache Size", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "6", + "w": 23, + "x": 25, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "title": "Total requests", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "7", + "w": 16, + "x": 0, + "y": 9 + }, + "panelIndex": "7", + "panelRefName": "panel_5", + "title": "Bytes sent/received", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "8", + "w": 18, + "x": 16, + "y": 9 + }, + "panelIndex": "8", + "panelRefName": "panel_6", + "title": "Processing time ms", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "9", + "w": 14, + "x": 34, + "y": 9 + }, + "panelIndex": "9", + "panelRefName": "panel_7", + "title": "Cache Hit Total", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Metrics Tomcat] Overview", + "version": 1 + }, + "id": "b7675d90-ec34-11e9-a4bb-7b5324058fcc", + "references": [ + { + "id": "618130c0-ec31-11e9-a4bb-7b5324058fcc", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "e037f620-ec30-11e9-a4bb-7b5324058fcc", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "17ec8fd0-ec32-11e9-a4bb-7b5324058fcc", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b3e833d0-ec32-11e9-a4bb-7b5324058fcc", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "9d0616e0-ec33-11e9-a4bb-7b5324058fcc", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "7bcc3ae0-ec33-11e9-a4bb-7b5324058fcc", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "9343a810-ec34-11e9-a4bb-7b5324058fcc", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "38f55440-ec33-11e9-a4bb-7b5324058fcc", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/17ec8fd0-ec32-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/17ec8fd0-ec32-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..4b7ac992063 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/17ec8fd0-ec32-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total Threads [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.threading.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "tomcat.threading.mbean" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "number", + "id": "2e15eea0-ec32-11e9-a38d-abb22848ef7c", + "label": "Peak", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.threading.peak", + "id": "2e15eea1-ec32-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Total Threads [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "17ec8fd0-ec32-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/38f55440-ec33-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/38f55440-ec33-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..be9c3dd5261 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/38f55440-ec33-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cache Hit Total [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.cache.hit.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Cache Hit Total [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "38f55440-ec33-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/618130c0-ec31-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/618130c0-ec31-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..734397fa2b6 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/618130c0-ec31-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,135 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Other Memory usage [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "legend_position": "right", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Used", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.other.usage.used", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "f34791d0-ec30-11e9-a38d-abb22848ef7c", + "label": "Committed", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.other.usage.committed", + "id": "f34791d1-ec30-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "bytes", + "hidden": false, + "id": "2acecf60-ec31-11e9-a38d-abb22848ef7c", + "label": "Init", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.other.usage.init", + "id": "2acecf61-ec31-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(226,115,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "36d48200-ec31-11e9-a38d-abb22848ef7c", + "label": "Max", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.other.usage.max", + "id": "36d48201-ec31-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Other Memory usage [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "618130c0-ec31-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/7bcc3ae0-ec33-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/7bcc3ae0-ec33-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..619932effaa --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/7bcc3ae0-ec33-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Bytes sent/received [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Received", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.requests.bytes.sent", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "a0d8b6a0-ee8c-11e9-a452-e36b1c5ca82b", + "type": "derivative", + "unit": "" + }, + { + "field": "a0d8b6a0-ee8c-11e9-a452-e36b1c5ca82b", + "id": "e3099fa0-ee94-11e9-a452-e36b1c5ca82b", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "number", + "id": "5310fbe0-ec33-11e9-a38d-abb22848ef7c", + "label": "Sent", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.requests.bytes.received", + "id": "5310fbe1-ec33-11e9-a38d-abb22848ef7c", + "type": "avg" + }, + { + "field": "5310fbe1-ec33-11e9-a38d-abb22848ef7c", + "id": "bbfe0610-ee8c-11e9-a452-e36b1c5ca82b", + "type": "derivative", + "unit": "" + }, + { + "field": "bbfe0610-ee8c-11e9-a452-e36b1c5ca82b", + "id": "e6da0890-ee94-11e9-a452-e36b1c5ca82b", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Bytes sent/received [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "7bcc3ae0-ec33-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9343a810-ec34-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9343a810-ec34-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..0b966425b5c --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9343a810-ec34-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Processing time ms [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "ms,ms,3", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.requests.processing.ms", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "cbb9e2e0-ee8c-11e9-a452-e36b1c5ca82b", + "type": "derivative", + "unit": "" + }, + { + "field": "cbb9e2e0-ee8c-11e9-a452-e36b1c5ca82b", + "id": "d0327910-ee94-11e9-a452-e36b1c5ca82b", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 0, + "time_field": "", + "type": "timeseries" + }, + "title": "Processing time ms [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "9343a810-ec34-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9d0616e0-ec33-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9d0616e0-ec33-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..8124a72b812 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/9d0616e0-ec33-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Total requests [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hidden": false, + "id": "a2ae7420-ec33-11e9-a38d-abb22848ef7c", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.requests.total", + "id": "a2ae7421-ec33-11e9-a38d-abb22848ef7c", + "mode": "raw", + "sigma": "1", + "type": "avg" + }, + { + "field": "a2ae7421-ec33-11e9-a38d-abb22848ef7c", + "id": "40d82510-ee8c-11e9-a452-e36b1c5ca82b", + "type": "derivative", + "unit": "" + }, + { + "field": "40d82510-ee8c-11e9-a452-e36b1c5ca82b", + "id": "a3934920-ee94-11e9-a452-e36b1c5ca82b", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Errors", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.requests.errors.total", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "be872850-ee94-11e9-a452-e36b1c5ca82b", + "type": "derivative", + "unit": "" + }, + { + "field": "be872850-ee94-11e9-a452-e36b1c5ca82b", + "id": "c2290730-ee94-11e9-a452-e36b1c5ca82b", + "type": "positive_only", + "unit": "" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Total requests [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "9d0616e0-ec33-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/b3e833d0-ec32-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/b3e833d0-ec32-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..9d5b0c30c34 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/b3e833d0-ec32-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Cache Size [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "814df2c0-ec32-11e9-a38d-abb22848ef7c", + "label": "Total", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.cache.size.total.kb", + "id": "814df2c1-ec32-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Max", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.cache.size.max.kb", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Cache Size [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "b3e833d0-ec32-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/kibana/visualization/e037f620-ec30-11e9-a4bb-7b5324058fcc.json b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/e037f620-ec30-11e9-a4bb-7b5324058fcc.json new file mode 100644 index 00000000000..142ee1bb8a4 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/kibana/visualization/e037f620-ec30-11e9-a4bb-7b5324058fcc.json @@ -0,0 +1,133 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Heap memory usage [Metrics Tomcat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(159,5,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "9057a880-ec30-11e9-a38d-abb22848ef7c", + "label": "Used", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.heap.usage.used", + "id": "9057a881-ec30-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Committed", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.heap.usage.committed", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "78d8a4c0-ec30-11e9-a38d-abb22848ef7c", + "label": "Init", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.heap.usage.init", + "id": "78d8cbd0-ec30-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,146,0,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "855cd630-ec30-11e9-a38d-abb22848ef7c", + "label": "Max", + "line_width": 1, + "metrics": [ + { + "field": "tomcat.memory.heap.usage.max", + "id": "855cd631-ec30-11e9-a38d-abb22848ef7c", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value/1024}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries" + }, + "title": "Heap memory usage [Metrics Tomcat]", + "type": "metrics" + } + }, + "id": "e037f620-ec30-11e9-a4bb-7b5324058fcc", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/tomcat/0.0.1/manifest.yml b/dev/packages/beats/tomcat/0.0.1/manifest.yml new file mode 100644 index 00000000000..becb1b39814 --- /dev/null +++ b/dev/packages/beats/tomcat/0.0.1/manifest.yml @@ -0,0 +1,44 @@ +format_version: 1.0.0 +name: tomcat +title: Tomcat +version: 0.0.1 +license: basic +description: Tomcat Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=8.0.0-SNAPSHOT <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-tomcat-overview.png + title: metricbeat tomcat overview + size: 3836x2148 + type: image/png +datasources: +- name: tomcat + title: Tomcat metrics + description: Collect metrics from Tomcat instances + inputs: + - type: tomcat/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8080 + - name: path + type: text + title: Path + multi: false + required: true + show_user: true + default: /jolokia/?ignoreErrors=true&canonicalNaming=false + title: Collect metrics from Tomcat instances + description: Collecting Tomcat cache, memory, requests and threading metrics diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/agent/stream/log.yml.hbs b/dev/packages/beats/traefik/0.0.1/dataset/access/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..367360d901a --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/agent/stream/log.yml.hbs @@ -0,0 +1,5 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/traefik/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..c367374e2fa --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,131 @@ +{ + "description": "Pipeline for parsing Traefik access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "dissect": { + "field": "message", + "pattern": "%{source.address} %{traefik.access.user_identifier} %{user.name} [%{traefik.access.time}] \"%{http.request.method} %{url.original} HTTP/%{http.version}\" %{http.response.status_code} %{traefik.access.message}" + } + }, + { + "grok": { + "field": "traefik.access.message", + "patterns": [ + "(?:%{NUMBER:http.response.body.bytes:long}|-)( (?:\"%{DATA:http.request.referrer}\"|-)?( (?:\"%{DATA:user_agent.original}\"|-)?)?( (?:%{NUMBER:traefik.access.request_count:long}|-)?)?( (?:\"%{DATA:traefik.access.frontend_name}\"|-)?)?( \"%{DATA:traefik.access.backend_url}\")?( %{NUMBER:temp.duration:long}ms)?)?" + ], + "ignore_missing": true + } + }, + { + "remove": { + "field": "message", + "ignore_missing": true + } + }, + { + "remove": { + "field": "traefik.access.message", + "ignore_missing": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "traefik.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ] + } + }, + { + "remove": { + "field": "traefik.access.time" + } + }, + + { + "convert": { + "field": "http.response.status_code", + "type": "long" + } + }, + + { + "grok": { + "field": "source.address", + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + + { + "script": { + "lang": "painless", + "source": "ctx.event.duration = Math.round(ctx.temp.duration * params.scale)", + "params": { "scale": 1000000 }, + "if": "ctx.temp?.duration != null" + } + }, + { + "remove": { + "field": "temp.duration", + "ignore_missing": true + } + }, + + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/fields/ecs.yml b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/ecs.yml new file mode 100644 index 00000000000..5682053779b --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/ecs.yml @@ -0,0 +1,140 @@ +- name: http + title: HTTP + group: 2 + type: group + fields: + - name: request.method + level: extended + type: keyword + description: |- + HTTP request method. + The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + ignore_above: 1024 + - name: request.referrer + level: extended + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 + - name: response.body.bytes + level: extended + type: long + format: bytes + description: Size in bytes of the response body. + - name: response.status_code + level: extended + type: long + format: string + description: HTTP response status code. + - name: version + level: extended + type: keyword + description: HTTP version. + ignore_above: 1024 +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + description: |- + Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 +- name: url + title: URL + group: 2 + type: group + fields: + - name: original + level: extended + type: keyword + description: |- + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user + title: User + group: 2 + type: group + fields: + - name: name + level: core + type: keyword + description: Short name or login of the user. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false +- name: user_agent + title: User agent + group: 2 + type: group + fields: + - name: device.name + level: extended + type: keyword + description: Name of the device. + ignore_above: 1024 + - name: name + level: extended + type: keyword + description: Name of the user agent. + ignore_above: 1024 + - name: original + level: extended + type: keyword + description: Unparsed user_agent string. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + - name: os.name + level: extended + type: keyword + description: Operating system name, without the version. + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 00000000000..55612fafe7d --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,26 @@ +- name: traefik.access + type: group + fields: + - name: user_identifier + type: keyword + description: | + Is the RFC 1413 identity of the client + - name: request_count + type: long + description: | + The number of requests + - name: frontend_name + type: keyword + description: | + The name of the frontend used + - name: backend_url + type: keyword + description: The url of the backend where request is forwarded + - name: user_agent + type: group + fields: + - name: os + type: alias + path: user_agent.os.full_name + - name: geoip + type: group diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/fields/package-fields.yml b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/package-fields.yml new file mode 100644 index 00000000000..404f1835db4 --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: traefik + type: group diff --git a/dev/packages/beats/traefik/0.0.1/dataset/access/manifest.yml b/dev/packages/beats/traefik/0.0.1/dataset/access/manifest.yml new file mode 100644 index 00000000000..30e3a42c30f --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/access/manifest.yml @@ -0,0 +1,24 @@ +title: Traefik access logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/traefik/access.log* + os: + darwin: + default: + - /usr/local/traefik/access.log* + windows: + default: + - c:/programdata/traefik/logs/*access.log* + template_path: log.yml.hbs + title: Traefik access logs (log) + description: Collect Traefik access logs using log input diff --git a/dev/packages/beats/traefik/0.0.1/dataset/health/agent/stream/stream.yml.hbs b/dev/packages/beats/traefik/0.0.1/dataset/health/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9dd0b000bcd --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/health/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["health"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/traefik/0.0.1/dataset/health/fields/fields.yml b/dev/packages/beats/traefik/0.0.1/dataset/health/fields/fields.yml new file mode 100644 index 00000000000..d6f95818d1b --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/health/fields/fields.yml @@ -0,0 +1,23 @@ +- name: traefik.health + type: group + release: ga + fields: + - name: uptime.sec + type: long + description: | + Uptime of Traefik instance in seconds + - name: response + type: group + fields: + - name: count + type: long + description: | + Number of responses + - name: avg_time.us + type: long + description: | + Average response time in microseconds + - name: status_codes.* + type: object + description: | + Number of responses per status code diff --git a/dev/packages/beats/traefik/0.0.1/dataset/health/fields/package-fields.yml b/dev/packages/beats/traefik/0.0.1/dataset/health/fields/package-fields.yml new file mode 100644 index 00000000000..404f1835db4 --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/health/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: traefik + type: group diff --git a/dev/packages/beats/traefik/0.0.1/dataset/health/manifest.yml b/dev/packages/beats/traefik/0.0.1/dataset/health/manifest.yml new file mode 100644 index 00000000000..21f319d933e --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/dataset/health/manifest.yml @@ -0,0 +1,15 @@ +title: traefik health metrics +release: experimental +type: metrics +streams: +- input: traefik/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: traefik health metrics + description: Collect traefik health metrics diff --git a/dev/packages/beats/traefik/0.0.1/docs/README.md b/dev/packages/beats/traefik/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/img/kibana-traefik.png b/dev/packages/beats/traefik/0.0.1/img/kibana-traefik.png new file mode 100644 index 00000000000..0193fd320a8 Binary files /dev/null and b/dev/packages/beats/traefik/0.0.1/img/kibana-traefik.png differ diff --git a/dev/packages/beats/traefik/0.0.1/img/traefik.svg b/dev/packages/beats/traefik/0.0.1/img/traefik.svg new file mode 100644 index 00000000000..10b38261eca --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/img/traefik.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/dashboard/Filebeat-Traefik-Dashboard-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/dashboard/Filebeat-Traefik-Dashboard-ecs.json new file mode 100644 index 00000000000..00fe93ad68f --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/dashboard/Filebeat-Traefik-Dashboard-ecs.json @@ -0,0 +1,144 @@ +{ + "attributes": { + "description": "Dashboard for the Logs Traefik integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 16, + "x": 0, + "y": 36 + }, + "panelIndex": "3", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 16, + "i": "4", + "w": 16, + "x": 16, + "y": 36 + }, + "panelIndex": "4", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "6", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "7", + "w": 16, + "x": 32, + "y": 36 + }, + "panelIndex": "7", + "panelRefName": "panel_4", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "mapCenter": [ + 50.51342652633956, + -0.17578125 + ] + }, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Logs Traefik] Access logs ECS", + "version": 1 + }, + "id": "Logs-Traefik-Dashboard-ecs", + "references": [ + { + "id": "Traefik-Access-Browsers-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Traefik-Access-OSes-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "New-Visualization-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "Traefik-Access-Response-codes-by-top-URLs-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "Sent-sizes-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "Traefik-Access-Map-ecs", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/search/Filebeat-Traefik-module-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/search/Filebeat-Traefik-module-ecs.json new file mode 100644 index 00000000000..1904c66b15c --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/search/Filebeat-Traefik-module-ecs.json @@ -0,0 +1,49 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:traefik.access)" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Traefik logs [Logs Traefik] ECS", + "version": 1 + }, + "id": "Logs-Traefik-integration-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/New-Visualization-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/New-Visualization-ecs.json new file mode 100644 index 00000000000..33d050ba25e --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/New-Visualization-ecs.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Response codes over time [Logs Traefik] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "New Visualization ECS", + "type": "histogram" + } + }, + "id": "New-Visualization-ecs", + "references": [ + { + "id": "Logs-Traefik-integration-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/Sent-sizes-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Sent-sizes-ecs.json new file mode 100644 index 00000000000..b984fe1dd8c --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Sent-sizes-ecs.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "stream.dataset:traefik.access" + } + } + }, + "title": "Sent Byte Size [Logs Traefik] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Data sent", + "field": "http.response.body.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": "17", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} + }, + "title": "Sent sizes ECS", + "type": "line" + } + }, + "id": "Sent-sizes-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Browsers-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Browsers-ecs.json new file mode 100644 index 00000000000..bb4a0180570 --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Browsers-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Browsers breakdown [Logs Traefik] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Traefik Access Browsers ECS", + "type": "pie" + } + }, + "id": "Traefik-Access-Browsers-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Map-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Map-ecs.json new file mode 100644 index 00000000000..c0caf03288d --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Map-ecs.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchRefName": "search_0", + "title": "Access Map [Logs Traefik] ECS", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Traefik Access Map ECS", + "type": "tile_map" + } + }, + "id": "Traefik-Access-Map-ecs", + "references": [ + { + "id": "Logs-Traefik-integration-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-OSes-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-OSes-ecs.json new file mode 100644 index 00000000000..d80c78ab844 --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-OSes-ecs.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Operating systems breakdown [Logs Traefik] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.os.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Traefik Access OSes ECS", + "type": "pie" + } + }, + "id": "Traefik-Access-OSes-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Response-codes-by-top-URLs-ecs.json b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Response-codes-by-top-URLs-ecs.json new file mode 100644 index 00000000000..723b3cd835a --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/kibana/visualization/Traefik-Access-Response-codes-by-top-URLs-ecs.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Response codes by top URLs [Logs Traefik] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#629E51", + "404": "#0A50A1" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Traefik Access Response codes by top URLs ECS", + "type": "pie" + } + }, + "id": "Traefik-Access-Response-codes-by-top-URLs-ecs", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/traefik/0.0.1/manifest.yml b/dev/packages/beats/traefik/0.0.1/manifest.yml new file mode 100644 index 00000000000..34d32f2ca5e --- /dev/null +++ b/dev/packages/beats/traefik/0.0.1/manifest.yml @@ -0,0 +1,47 @@ +format_version: 1.0.0 +name: traefik +title: traefik +version: 0.0.1 +license: basic +description: traefik Integration +type: integration +categories: +- logs +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-traefik.png + title: kibana traefik + size: 1409x1254 + type: image/png +icons: +- src: /img/traefik.svg + title: traefik + size: 259x296 + type: image/svg+xml +datasources: +- name: traefik + title: traefik logs and metrics + description: Collect logs and metrics from traefik instances + inputs: + - type: logs + title: Collect logs from traefik instances + description: Collecting traefik access logs + - type: traefik/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:8080 + title: Collect metrics from traefik instances + description: Collecting traefik health metrics diff --git a/dev/packages/beats/uwsgi/0.0.1/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/beats/uwsgi/0.0.1/dataset/status/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..8f23ea0dd08 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/dataset/status/agent/stream/stream.yml.hbs @@ -0,0 +1,9 @@ +metricsets: ["status"] +{{#if enable}} +enable: {{enable}} +{{/if}} +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 00000000000..5bc788b3536 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,120 @@ +- name: uwsgi.status + type: group + release: ga + fields: + - name: total.requests + type: long + description: | + Total requests handled + - name: total.exceptions + type: long + description: | + Total exceptions + - name: total.write_errors + type: long + description: | + Total requests write errors + - name: total.read_errors + type: long + description: | + Total read errors + - name: total.pid + type: long + description: | + Process id + - name: worker.id + type: long + description: | + Worker id + - name: worker.pid + type: long + description: | + Worker process id + - name: worker.accepting + type: long + description: | + State of worker, 1 if still accepting new requests otherwise 0 + - name: worker.requests + type: long + description: | + Number of requests served by this worker + - name: worker.delta_requests + type: long + description: | + Number of requests served by this worker after worker is reloaded when reached MAX_REQUESTS + - name: worker.exceptions + type: long + description: | + Exceptions raised + - name: worker.harakiri_count + type: long + description: | + Dropped requests by timeout + - name: worker.signals + type: long + description: | + Emitted signals count + - name: worker.signal_queue + type: long + description: | + Number of signals waiting to be handled + - name: worker.status + type: keyword + description: | + Worker status (cheap, pause, sig, busy, idle) + - name: worker.rss + type: keyword + description: | + Resident Set Size. memory currently used by a process. if always zero try `--memory-report` option of uwsgi + - name: worker.vsz + type: long + description: | + Virtual Set Size. memory size assigned to a process. if always zero try `--memory-report` option of uwsgi + - name: worker.running_time + type: long + description: | + Process running time + - name: worker.respawn_count + type: long + description: | + Respawn count + - name: worker.tx + type: long + description: | + Transmitted size + - name: worker.avg_rt + type: long + description: | + Average response time + - name: core.id + type: long + description: | + worker ID + - name: core.worker_pid + type: long + description: | + Parent worker PID + - name: core.requests.total + type: long + description: | + Number of total requests served + - name: core.requests.static + type: long + description: | + Number of static file serves + - name: core.requests.routed + type: long + description: | + Routed requests + - name: core.requests.offloaded + type: long + description: | + Offloaded requests + - name: core.write_errors + type: long + description: | + Number of failed writes + - name: core.read_errors + type: long + description: | + Number of failed reads diff --git a/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/package-fields.yml b/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/package-fields.yml new file mode 100644 index 00000000000..d7502e367d7 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/dataset/status/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: uwsgi + type: group diff --git a/dev/packages/beats/uwsgi/0.0.1/dataset/status/manifest.yml b/dev/packages/beats/uwsgi/0.0.1/dataset/status/manifest.yml new file mode 100644 index 00000000000..dec1e5c4295 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/dataset/status/manifest.yml @@ -0,0 +1,15 @@ +title: uwsgi status metrics +release: experimental +type: metrics +streams: +- input: uwsgi/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: uwsgi status metrics + description: Collect uwsgi status metrics diff --git a/dev/packages/beats/uwsgi/0.0.1/docs/README.md b/dev/packages/beats/uwsgi/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/img/uwsgi.svg b/dev/packages/beats/uwsgi/0.0.1/img/uwsgi.svg new file mode 100644 index 00000000000..43818ab211e --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/img/uwsgi.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/img/uwsgi_dashboard.png b/dev/packages/beats/uwsgi/0.0.1/img/uwsgi_dashboard.png new file mode 100644 index 00000000000..7e993a77f8c Binary files /dev/null and b/dev/packages/beats/uwsgi/0.0.1/img/uwsgi_dashboard.png differ diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/dashboard/32fca290-f0af-11e7-b9ff-9f96241065de-ecs.json b/dev/packages/beats/uwsgi/0.0.1/kibana/dashboard/32fca290-f0af-11e7-b9ff-9f96241065de-ecs.json new file mode 100644 index 00000000000..db5983bf4c8 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/dashboard/32fca290-f0af-11e7-b9ff-9f96241065de-ecs.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "description": "Overview of uWSGI service metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics uWSGI] Overview ECS", + "version": 1 + }, + "id": "32fca290-f0af-11e7-b9ff-9f96241065de-ecs", + "references": [ + { + "id": "a5058e70-f0ae-11e7-b9ff-9f96241065de-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "ac7194b0-f0ae-11e7-b9ff-9f96241065de-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "8c5f96e0-f0ae-11e7-b9ff-9f96241065de-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "ba4a80b0-f0ae-11e7-b9ff-9f96241065de-ecs", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/search/Metricbeat uWSGI status-ecs ECS.json b/dev/packages/beats/uwsgi/0.0.1/kibana/search/Metricbeat uWSGI status-ecs ECS.json new file mode 100644 index 00000000000..a36b1a881b0 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/search/Metricbeat uWSGI status-ecs ECS.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:uwsgi.status)" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Metrics uWSGI status-ecs ECS", + "version": 1 + }, + "id": "Metrics uWSGI status-ecs ECS", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/8c5f96e0-f0ae-11e7-b9ff-9f96241065de-ecs.json b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/8c5f96e0-f0ae-11e7-b9ff-9f96241065de-ecs.json new file mode 100644 index 00000000000..e62ef631ba6 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/8c5f96e0-f0ae-11e7-b9ff-9f96241065de-ecs.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Workers [Metrics uWSGI] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "params": { + "expression": ".es(split=uwsgi.status.core.id:16,metric=max:uwsgi.status.core.requests.total).derivative().bars().title('Requests handled by each thread (core) per period')", + "interval": "15s" + }, + "title": "Workers [Metrics uWSGI] ECS", + "type": "timelion" + } + }, + "id": "8c5f96e0-f0ae-11e7-b9ff-9f96241065de-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/a5058e70-f0ae-11e7-b9ff-9f96241065de-ecs.json b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/a5058e70-f0ae-11e7-b9ff-9f96241065de-ecs.json new file mode 100644 index 00000000000..b6c5fb40551 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/a5058e70-f0ae-11e7-b9ff-9f96241065de-ecs.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Overview [Metrics uWSGI] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "params": { + "expression": ".es(metric=avg:uwsgi.status.total.requests).derivative().label('Requests').title('Overview of requests per period'),\n.es(metric=avg:uwsgi.status.total.exceptions).derivative().label('Exceptions'),\n.es(metric=max:uwsgi.status.worker.avg_rt).label('Average response time').yaxis(2)", + "interval": "15s" + }, + "title": "Overview [Metrics uWSGI] ECS", + "type": "timelion" + } + }, + "id": "a5058e70-f0ae-11e7-b9ff-9f96241065de-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ac7194b0-f0ae-11e7-b9ff-9f96241065de-ecs.json b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ac7194b0-f0ae-11e7-b9ff-9f96241065de-ecs.json new file mode 100644 index 00000000000..dd169eddc51 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ac7194b0-f0ae-11e7-b9ff-9f96241065de-ecs.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Memory usage [Metrics uWSGI] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "params": { + "expression": ".es(metric=max:uwsgi.status.worker.rss).label('Currently used (rss)').title('Memory usage'),\n.es(metric=max:uwsgi.status.worker.vsz).label('Assigned (vsz)').yaxis(2)", + "interval": "15s" + }, + "title": "Memory usage [Metrics uWSGI] ECS", + "type": "timelion" + } + }, + "id": "ac7194b0-f0ae-11e7-b9ff-9f96241065de-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ba4a80b0-f0ae-11e7-b9ff-9f96241065de-ecs.json b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ba4a80b0-f0ae-11e7-b9ff-9f96241065de-ecs.json new file mode 100644 index 00000000000..9217d8e50f4 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/kibana/visualization/ba4a80b0-f0ae-11e7-b9ff-9f96241065de-ecs.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Errors [Metrics uWSGI] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "params": { + "expression": ".es(metric=max:uwsgi.status.total.read_errors).label('Read errors').title('Errors'),\n.es(metric=max:uwsgi.status.total.write_errors).label('Write errors'),\n.es(metric=max:uwsgi.status.worker.harakiri_count).label('Timeouted requests')", + "interval": "15s" + }, + "title": "Errors [Metrics uWSGI] ECS", + "type": "timelion" + } + }, + "id": "ba4a80b0-f0ae-11e7-b9ff-9f96241065de-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/uwsgi/0.0.1/manifest.yml b/dev/packages/beats/uwsgi/0.0.1/manifest.yml new file mode 100644 index 00000000000..511c4c9d792 --- /dev/null +++ b/dev/packages/beats/uwsgi/0.0.1/manifest.yml @@ -0,0 +1,49 @@ +format_version: 1.0.0 +name: uwsgi +title: uwsgi +version: 0.0.1 +license: basic +description: uwsgi Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/uwsgi_dashboard.png + title: uwsgi dashboard + size: 1305x747 + type: image/png +icons: +- src: /img/uwsgi.svg + title: uwsgi + size: 715x715 + type: image/svg+xml +datasources: +- name: uwsgi + title: uwsgi metrics + description: Collect metrics from uwsgi instances + inputs: + - type: uwsgi/metrics + vars: + - name: enable + type: bool + title: Enable + multi: false + required: true + show_user: true + default: true + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - tcp://127.0.0.1:9191 + title: Collect metrics from uwsgi instances + description: Collecting uwsgi status metrics diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/datastore/agent/stream/stream.yml.hbs b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..bdb4db69245 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["datastore"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if insecure}} +insecure: {{insecure}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/fields.yml new file mode 100644 index 00000000000..96463e1068b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/fields.yml @@ -0,0 +1,32 @@ +- name: vsphere.datastore + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Datastore name + - name: fstype + type: keyword + description: | + Filesystem type + - name: capacity.total.bytes + type: long + format: bytes + description: | + Total bytes of the datastore + - name: capacity.free.bytes + type: long + format: bytes + description: | + Free bytes of the datastore + - name: capacity.used.bytes + type: long + format: bytes + description: | + Used bytes of the datastore + - name: capacity.used.pct + type: long + format: percent + description: | + Used percent of the datastore diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/package-fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/package-fields.yml new file mode 100644 index 00000000000..2e7a874b024 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: vsphere + type: group diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/datastore/manifest.yml b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/manifest.yml new file mode 100644 index 00000000000..b17b83621cb --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/datastore/manifest.yml @@ -0,0 +1,15 @@ +title: vSphere datastore metrics +release: experimental +type: metrics +streams: +- input: vsphere/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: vSphere datastore metrics + description: Collect vSphere datastore metrics diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/host/agent/stream/stream.yml.hbs b/dev/packages/beats/vsphere/0.0.1/dataset/host/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..743107d2a97 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/host/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["host"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if insecure}} +insecure: {{insecure}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/fields.yml new file mode 100644 index 00000000000..8b6e1066e7f --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/fields.yml @@ -0,0 +1,39 @@ +- name: vsphere.host + type: group + release: ga + fields: + - name: name + type: keyword + description: | + Host name + - name: cpu.used.mhz + type: long + description: | + Used CPU in Mhz + - name: cpu.total.mhz + type: long + description: | + Total CPU in Mhz + - name: cpu.free.mhz + type: long + description: | + Free CPU in Mhz + - name: memory.used.bytes + type: long + format: bytes + description: | + Used Memory in bytes + - name: memory.total.bytes + type: long + format: bytes + description: | + Total Memory in bytes + - name: memory.free.bytes + type: long + format: bytes + description: | + Free Memory in bytes + - name: network_names + type: keyword + description: | + Network names diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/package-fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/package-fields.yml new file mode 100644 index 00000000000..2e7a874b024 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/host/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: vsphere + type: group diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/host/manifest.yml b/dev/packages/beats/vsphere/0.0.1/dataset/host/manifest.yml new file mode 100644 index 00000000000..728d80bccb0 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/host/manifest.yml @@ -0,0 +1,15 @@ +title: vSphere host metrics +release: experimental +type: metrics +streams: +- input: vsphere/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: vSphere host metrics + description: Collect vSphere host metrics diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/agent/stream/stream.yml.hbs b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..ce895540f46 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/agent/stream/stream.yml.hbs @@ -0,0 +1,15 @@ +metricsets: ["virtualmachine"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +{{#if insecure}} +insecure: {{insecure}} +{{/if}} +{{#if password}} +password: {{password}} +{{/if}} +period: {{period}} +{{#if username}} +username: {{username}} +{{/if}} diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/fields.yml new file mode 100644 index 00000000000..723b6c4dd7b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/fields.yml @@ -0,0 +1,52 @@ +- name: vsphere.virtualmachine + type: group + release: ga + fields: + - name: host.id + type: keyword + description: | + Host id + - name: host.hostname + type: keyword + description: | + Host name of the host + - name: name + type: keyword + description: | + Virtual Machine name + - name: os + type: keyword + description: | + Virtual Machine Operating System name + - name: cpu.used.mhz + type: long + description: | + Used CPU in Mhz + - name: memory.used.guest.bytes + type: long + format: bytes + description: | + Used Memory of Guest in bytes + - name: memory.used.host.bytes + type: long + format: bytes + description: | + Used Memory of Host in bytes + - name: memory.total.guest.bytes + type: long + format: bytes + description: | + Total Memory of Guest in bytes + - name: memory.free.guest.bytes + type: long + format: bytes + description: | + Free Memory of Guest in bytes + - name: custom_fields + type: object + description: | + Custom fields + - name: network_names + type: keyword + description: | + Network names diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/package-fields.yml b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/package-fields.yml new file mode 100644 index 00000000000..2e7a874b024 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: vsphere + type: group diff --git a/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/manifest.yml b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/manifest.yml new file mode 100644 index 00000000000..93e5eeffa4a --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/dataset/virtualmachine/manifest.yml @@ -0,0 +1,15 @@ +title: vSphere virtualmachine metrics +release: experimental +type: metrics +streams: +- input: vsphere/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: vSphere virtualmachine metrics + description: Collect vSphere virtualmachine metrics diff --git a/dev/packages/beats/vsphere/0.0.1/docs/README.md b/dev/packages/beats/vsphere/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_dashboard.png b/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_dashboard.png new file mode 100644 index 00000000000..925ea3a813f Binary files /dev/null and b/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_dashboard.png differ diff --git a/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_vm_dashboard.png b/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_vm_dashboard.png new file mode 100644 index 00000000000..3871788acab Binary files /dev/null and b/dev/packages/beats/vsphere/0.0.1/img/metricbeat_vsphere_vm_dashboard.png differ diff --git a/dev/packages/beats/vsphere/0.0.1/img/vsphere.svg b/dev/packages/beats/vsphere/0.0.1/img/vsphere.svg new file mode 100644 index 00000000000..2a04026e464 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/img/vsphere.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/0ebd0be0-f049-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/0ebd0be0-f049-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..58374ca9ba2 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/0ebd0be0-f049-11e9-aaf3-15199b632da7.json @@ -0,0 +1,154 @@ +{ + "attributes": { + "description": "Overview of VSphere host and cluster metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5a175530-7b6d-4d40-af46-5c0c518a97bb", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "5a175530-7b6d-4d40-af46-5c0c518a97bb", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "39b334e1-c61e-42c3-8e2f-ac534a19a986", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "39b334e1-c61e-42c3-8e2f-ac534a19a986", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5eb32eda-4f81-490e-a86f-6fc65ea3892a", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5eb32eda-4f81-490e-a86f-6fc65ea3892a", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "1c91b931-f2ec-4284-90eb-4b257f6f7904", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "1c91b931-f2ec-4284-90eb-4b257f6f7904", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "712d4e28-54ad-452f-9f00-525764d4850d", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "712d4e28-54ad-452f-9f00-525764d4850d", + "panelRefName": "panel_4", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "b8b5096a-30e1-4249-b8ca-eb4509b4ba59", + "w": 48, + "x": 0, + "y": 68 + }, + "panelIndex": "b8b5096a-30e1-4249-b8ca-eb4509b4ba59", + "panelRefName": "panel_5", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "e561ff05-9f8f-4412-a2e1-d656cb965e96", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "e561ff05-9f8f-4412-a2e1-d656cb965e96", + "panelRefName": "panel_6", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics VSphere] Hosts Overview ECS", + "version": 1 + }, + "id": "0ebd0be0-f049-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "ab07c5d0-f03f-11e9-aaf3-15199b632da7", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "47125df0-f040-11e9-aaf3-15199b632da7", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "783f2c50-f040-11e9-aaf3-15199b632da7", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "867e0c70-f048-11e9-aaf3-15199b632da7", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "5f74c330-f048-11e9-aaf3-15199b632da7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "79dcd290-f047-11e9-aaf3-15199b632da7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "d6370680-f049-11e9-aaf3-15199b632da7", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/8a2d1540-f049-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/8a2d1540-f049-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..9c4b80c490b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/dashboard/8a2d1540-f049-11e9-aaf3-15199b632da7.json @@ -0,0 +1,120 @@ +{ + "attributes": { + "description": "Overview of the VSphere virtualmachine metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "80c96802-a5b2-4196-91b7-9e39f59f472b", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "80c96802-a5b2-4196-91b7-9e39f59f472b", + "panelRefName": "panel_0", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "948b7896-98e3-4260-b06e-78ac354bed69", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "948b7896-98e3-4260-b06e-78ac354bed69", + "panelRefName": "panel_1", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "b6d0ae24-0b52-4d16-bbcd-a9d6143054d2", + "w": 24, + "x": 0, + "y": 18 + }, + "panelIndex": "b6d0ae24-0b52-4d16-bbcd-a9d6143054d2", + "panelRefName": "panel_2", + "version": "7.4.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "52f8ef2e-3fa3-4494-bdb4-179737fc2fda", + "w": 24, + "x": 24, + "y": 18 + }, + "panelIndex": "52f8ef2e-3fa3-4494-bdb4-179737fc2fda", + "panelRefName": "panel_3", + "version": "7.4.0" + }, + { + "embeddableConfig": { + "vis": null + }, + "gridData": { + "h": 35, + "i": "dfc089db-6bab-4410-962d-14cc622d7681", + "w": 48, + "x": 0, + "y": 37 + }, + "panelIndex": "dfc089db-6bab-4410-962d-14cc622d7681", + "panelRefName": "panel_4", + "version": "7.4.0" + } + ], + "timeRestore": false, + "title": "[Metrics VSphere] VMs overview ECS", + "version": 1 + }, + "id": "8a2d1540-f049-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "dae93d90-f041-11e9-aaf3-15199b632da7", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "a6026680-f017-11e9-aaf3-15199b632da7", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5c6a93a0-f04c-11e9-aaf3-15199b632da7", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "9afddd20-f04c-11e9-aaf3-15199b632da7", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e3a3e080-f018-11e9-aaf3-15199b632da7", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/search/1411b690-f017-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/search/1411b690-f017-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..f1fa9b3a28e --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/search/1411b690-f017-11e9-aaf3-15199b632da7.json @@ -0,0 +1,38 @@ +{ + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(stream.dataset:vsphere.datastore OR stream.dataset:vsphere.host OR stream.dataset:vsphere.virtualmachine)" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "search for event integration [Metrics VSphere] ECS", + "version": 1 + }, + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/47125df0-f040-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/47125df0-f040-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..67659656c41 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/47125df0-f040-11e9-aaf3-15199b632da7.json @@ -0,0 +1,198 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Cluster Memory free vs used stacked [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Used", + "field": "vsphere.host.memory.used.bytes" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Free", + "field": "vsphere.host.memory.free.bytes" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm:ss" + } + }, + "params": { + "bounds": { + "max": "2019-10-16T18:10:00.451Z", + "min": "2019-10-16T17:55:00.451Z" + }, + "date": true, + "format": "HH:mm:ss", + "interval": "PT30S" + } + }, + "y": [ + { + "accessor": 1, + "aggType": "max", + "format": { + "id": "bytes" + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "max", + "format": { + "id": "bytes" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "2", + "label": "Used" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "1", + "label": "Free" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Cluster Memory free vs used stacked [Metrics VSphere] ECS", + "type": "area" + } + }, + "id": "47125df0-f040-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5c6a93a0-f04c-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5c6a93a0-f04c-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..bec944d887b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5c6a93a0-f04c-11e9-aaf3-15199b632da7.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Networks from virtualmachine [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Networks", + "field": "vsphere.virtualmachine.network_names", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Networks from virtualmachine [Metrics VSphere] ECS", + "type": "pie" + } + }, + "id": "5c6a93a0-f04c-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5f74c330-f048-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5f74c330-f048-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..2e904df6732 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/5f74c330-f048-11e9-aaf3-15199b632da7.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Host top CPU util [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "(stream.dataset:vsphere.datastore OR stream.dataset:vsphere.host OR stream.dataset:vsphere.virtualmachine)" + }, + "gauge_color_rules": [ + { + "gauge": "rgba(252,220,0,1)", + "id": "3e4e64a0-f047-11e9-8ffe-6377df51c23d", + "operator": "gt", + "value": 0.35 + }, + { + "gauge": "rgba(251,158,0,1)", + "id": "8e4a5090-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(159,5,0,1)", + "id": "93d7d2d0-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "text": null, + "value": 0.95 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "metrics-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(59,244,64,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "vsphere.host.cpu.total.mhz", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "vsphere.host.cpu.used.mhz", + "id": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "type": "max" + }, + { + "id": "5e69b140-f047-11e9-8ffe-6377df51c23d", + "script": "params.used / params.total", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "5fadf110-f047-11e9-8ffe-6377df51c23d", + "name": "total" + }, + { + "field": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "id": "61c84590-f047-11e9-8ffe-6377df51c23d", + "name": "used" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "vsphere.host.name", + "terms_order_by": "51de05c0-f047-11e9-8ffe-6377df51c23d" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Host top CPU util [Metrics VSphere] ECS", + "type": "metrics" + } + }, + "id": "5f74c330-f048-11e9-aaf3-15199b632da7", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/783f2c50-f040-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/783f2c50-f040-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..4e3f6c5a522 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/783f2c50-f040-11e9-aaf3-15199b632da7.json @@ -0,0 +1,198 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Free vs Used Datastore [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Used", + "field": "vsphere.datastore.capacity.used.bytes" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Free", + "field": "vsphere.datastore.capacity.free.bytes" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm:ss" + } + }, + "params": { + "bounds": { + "max": "2019-10-16T18:11:40.605Z", + "min": "2019-10-16T17:56:40.605Z" + }, + "date": true, + "format": "HH:mm:ss", + "interval": "PT30S" + } + }, + "y": [ + { + "accessor": 1, + "aggType": "max", + "format": { + "id": "bytes" + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "max", + "format": { + "id": "bytes" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "2", + "label": "Used" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "1", + "label": "Free" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Free" + }, + "type": "value" + } + ] + }, + "title": "Free vs Used Datastore [Metrics VSphere] ECS", + "type": "area" + } + }, + "id": "783f2c50-f040-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/79dcd290-f047-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/79dcd290-f047-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..f61e179e295 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/79dcd290-f047-11e9-aaf3-15199b632da7.json @@ -0,0 +1,128 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Datastore Used [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "(stream.dataset:vsphere.datastore OR stream.dataset:vsphere.host OR stream.dataset:vsphere.virtualmachine)" + }, + "gauge_color_rules": [ + { + "gauge": "rgba(252,220,0,1)", + "id": "3e4e64a0-f047-11e9-8ffe-6377df51c23d", + "operator": "gt", + "value": 0.35 + }, + { + "gauge": "rgba(251,158,0,1)", + "id": "8e4a5090-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(159,5,0,1)", + "id": "93d7d2d0-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "text": null, + "value": 0.95 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "metrics-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(59,244,64,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "vsphere.datastore.capacity.total.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "vsphere.datastore.capacity.used.bytes", + "id": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "type": "max" + }, + { + "field": "vsphere.datastore.capacity.used.pct", + "id": "5aec7160-f047-11e9-8ffe-6377df51c23d", + "type": "max" + }, + { + "id": "5e69b140-f047-11e9-8ffe-6377df51c23d", + "script": "params.used / params.total", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "5fadf110-f047-11e9-8ffe-6377df51c23d", + "name": "total" + }, + { + "field": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "id": "61c84590-f047-11e9-8ffe-6377df51c23d", + "name": "used" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "vsphere.datastore.name", + "terms_order_by": "5aec7160-f047-11e9-8ffe-6377df51c23d" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Top Datastore Used [Metrics VSphere] ECS", + "type": "metrics" + } + }, + "id": "79dcd290-f047-11e9-aaf3-15199b632da7", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/867e0c70-f048-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/867e0c70-f048-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..757991ce453 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/867e0c70-f048-11e9-aaf3-15199b632da7.json @@ -0,0 +1,123 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Host top RAM util [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": null, + "default_index_pattern": "metrics-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "(stream.dataset:vsphere.datastore OR stream.dataset:vsphere.host OR stream.dataset:vsphere.virtualmachine)" + }, + "gauge_color_rules": [ + { + "gauge": "rgba(252,220,0,1)", + "id": "3e4e64a0-f047-11e9-8ffe-6377df51c23d", + "operator": "gt", + "value": 0.35 + }, + { + "gauge": "rgba(251,158,0,1)", + "id": "8e4a5090-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "value": 0.7 + }, + { + "gauge": "rgba(159,5,0,1)", + "id": "93d7d2d0-f047-11e9-8ffe-6377df51c23d", + "operator": "gte", + "text": null, + "value": 0.95 + } + ], + "gauge_inner_width": 10, + "gauge_max": "1", + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "metrics-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(59,244,64,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "vsphere.host.memory.total.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "max" + }, + { + "field": "vsphere.host.memory.free.bytes", + "id": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "type": "max" + }, + { + "id": "5e69b140-f047-11e9-8ffe-6377df51c23d", + "script": "params.used / params.total", + "type": "calculation", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "5fadf110-f047-11e9-8ffe-6377df51c23d", + "name": "total" + }, + { + "field": "51de05c0-f047-11e9-8ffe-6377df51c23d", + "id": "61c84590-f047-11e9-8ffe-6377df51c23d", + "name": "used" + } + ] + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "vsphere.host.name", + "terms_order_by": "51de05c0-f047-11e9-8ffe-6377df51c23d" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "gauge" + }, + "title": "Host top RAM util [Metrics VSphere] ECS", + "type": "metrics" + } + }, + "id": "867e0c70-f048-11e9-aaf3-15199b632da7", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/9afddd20-f04c-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/9afddd20-f04c-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..b460c1cdffa --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/9afddd20-f04c-11e9-aaf3-15199b632da7.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "VMs per ESXI host [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VM ESXi Host", + "field": "vsphere.virtualmachine.host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "how many VMs run on a ESXI host [Metrics VSphere] ECS", + "type": "pie" + } + }, + "id": "9afddd20-f04c-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/a6026680-f017-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/a6026680-f017-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..7b0c005d0a9 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/a6026680-f017-11e9-aaf3-15199b632da7.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "OS Distribution [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operating Systems", + "field": "vsphere.virtualmachine.os", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "OS Pie [Metrics VSphere] ECS", + "type": "pie" + } + }, + "id": "a6026680-f017-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/ab07c5d0-f03f-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/ab07c5d0-f03f-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..cfd2e8fe51b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/ab07c5d0-f03f-11e9-aaf3-15199b632da7.json @@ -0,0 +1,198 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Free vs Used CPU on Cluster stacked [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Free", + "field": "vsphere.host.cpu.free.mhz" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Used", + "field": "vsphere.host.cpu.used.mhz" + }, + "schema": "metric", + "type": "max" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "HH:mm:ss" + } + }, + "params": { + "bounds": { + "max": "2019-10-16T18:04:26.629Z", + "min": "2019-10-16T17:49:26.629Z" + }, + "date": true, + "format": "HH:mm:ss", + "interval": "PT30S" + } + }, + "y": [ + { + "accessor": 1, + "aggType": "max", + "format": { + "id": "number" + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "max", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Free" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Used" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#34130C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Free" + }, + "type": "value" + } + ] + }, + "title": "Free vs Used CPU on Cluster stacked [Metrics VSphere] ECS", + "type": "area" + } + }, + "id": "ab07c5d0-f03f-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/d6370680-f049-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/d6370680-f049-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..df7b866da6b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/d6370680-f049-11e9-aaf3-15199b632da7.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Datastore Types [Metrics VSphere] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "vsphere.datastore.fstype", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Datastore types [Metrics VSphere] ECS", + "type": "pie" + } + }, + "id": "d6370680-f049-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/dae93d90-f041-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/dae93d90-f041-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..1d1e731471b --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/dae93d90-f041-11e9-aaf3-15199b632da7.json @@ -0,0 +1,213 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "CPU/RAM/Network per VM [Metrics VSphere] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Name", + "field": "vsphere.virtualmachine.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Used CPU", + "field": "vsphere.virtualmachine.cpu.used.mhz", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderAgg": { + "enabled": true, + "id": "5-orderAgg", + "params": { + "field": "vsphere.virtualmachine.cpu.used.mhz" + }, + "schema": "orderAgg", + "type": "max" + }, + "orderBy": "custom", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total RAM", + "field": "vsphere.virtualmachine.memory.total.guest.bytes", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderAgg": { + "enabled": true, + "id": "3-orderAgg", + "params": { + "field": "vsphere.virtualmachine.memory.total.guest.bytes" + }, + "schema": "orderAgg", + "type": "max" + }, + "orderBy": "custom", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Networks", + "field": "vsphere.virtualmachine.network_names", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "number", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "bytes", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "CPU/RAM/Network per VM [Metrics VSphere] ECS", + "type": "table" + } + }, + "id": "dae93d90-f041-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/kibana/visualization/e3a3e080-f018-11e9-aaf3-15199b632da7.json b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/e3a3e080-f018-11e9-aaf3-15199b632da7.json new file mode 100644 index 00000000000..df12f000541 --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/kibana/visualization/e3a3e080-f018-11e9-aaf3-15199b632da7.json @@ -0,0 +1,154 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "VM placements on ESXi Hosts[Metrics VSphere] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 40": "rgb(247,252,245)", + "120 - 160": "rgb(35,139,69)", + "40 - 80": "rgb(199,233,192)", + "80 - 120": "rgb(116,196,118)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VM Name", + "field": "vsphere.virtualmachine.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "ESXi Host", + "field": "vsphere.virtualmachine.host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Greens", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "VM placements on ESXi Hosts[Metrics VSphere] ECS", + "type": "heatmap" + } + }, + "id": "e3a3e080-f018-11e9-aaf3-15199b632da7", + "references": [ + { + "id": "1411b690-f017-11e9-aaf3-15199b632da7", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/vsphere/0.0.1/manifest.yml b/dev/packages/beats/vsphere/0.0.1/manifest.yml new file mode 100644 index 00000000000..b0710b1286f --- /dev/null +++ b/dev/packages/beats/vsphere/0.0.1/manifest.yml @@ -0,0 +1,67 @@ +format_version: 1.0.0 +name: vsphere +title: vSphere +version: 0.0.1 +license: basic +description: vSphere Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.4.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat_vsphere_dashboard.png + title: metricbeat vsphere dashboard + size: 3744x4832 + type: image/png +- src: /img/metricbeat_vsphere_vm_dashboard.png + title: metricbeat vsphere vm dashboard + size: 3744x4048 + type: image/png +icons: +- src: /img/vsphere.svg + title: vsphere + size: 162x162 + type: image/svg+xml +datasources: +- name: vsphere + title: vSphere metrics + description: Collect metrics from vSphere instances + inputs: + - type: vsphere/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - https://localhost/sdk + - name: insecure + type: bool + title: Insecure + multi: false + required: true + show_user: true + default: false + - name: password + type: password + title: Password + multi: false + required: true + show_user: true + default: password + - name: username + type: text + title: Username + multi: false + required: true + show_user: true + default: user + title: Collect metrics from vSphere instances + description: Collecting vSphere datastore, host and virtualmachine metrics diff --git a/dev/packages/beats/windows/0.0.1/dataset/perfmon/agent/stream/stream.yml.hbs b/dev/packages/beats/windows/0.0.1/dataset/perfmon/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a91cd7d2ee2 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/perfmon/agent/stream/stream.yml.hbs @@ -0,0 +1,8 @@ +metricsets: ["perfmon"] +{{#if perfmon.group_measurements_by_instance}} +perfmon.group_measurements_by_instance: {{perfmon.group_measurements_by_instance}} +{{/if}} +{{#if perfmon.ignore_non_existent_counters}} +perfmon.ignore_non_existent_counters: {{perfmon.ignore_non_existent_counters}} +{{/if}} +period: {{period}} diff --git a/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/fields.yml b/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/fields.yml new file mode 100644 index 00000000000..aefdd8b4b33 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/fields.yml @@ -0,0 +1,12 @@ +- name: windows.perfmon + type: group + release: ga + fields: + - name: instance + type: keyword + description: | + Instance value. + - name: metrics.*.* + type: object + description: | + Metric values returned. diff --git a/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/package-fields.yml b/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/package-fields.yml new file mode 100644 index 00000000000..ae5f9222cbb --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/perfmon/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: windows + type: group diff --git a/dev/packages/beats/windows/0.0.1/dataset/perfmon/manifest.yml b/dev/packages/beats/windows/0.0.1/dataset/perfmon/manifest.yml new file mode 100644 index 00000000000..9f893d86f6a --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/perfmon/manifest.yml @@ -0,0 +1,29 @@ +title: Windows perfmon metrics +release: experimental +type: metrics +streams: +- input: windows/metrics + vars: + - name: perfmon.group_measurements_by_instance + type: bool + title: Perfmon Group Measurements By Instance + multi: false + required: true + show_user: true + default: false + - name: perfmon.ignore_non_existent_counters + type: bool + title: Perfmon Ignore Non Existent Counters + multi: false + required: true + show_user: true + default: false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: Windows perfmon metrics + description: Collect Windows perfmon metrics diff --git a/dev/packages/beats/windows/0.0.1/dataset/service/agent/stream/stream.yml.hbs b/dev/packages/beats/windows/0.0.1/dataset/service/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..31c6059799f --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/service/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +metricsets: ["service"] +period: {{period}} diff --git a/dev/packages/beats/windows/0.0.1/dataset/service/fields/fields.yml b/dev/packages/beats/windows/0.0.1/dataset/service/fields/fields.yml new file mode 100644 index 00000000000..46bfacb21a9 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/service/fields/fields.yml @@ -0,0 +1,45 @@ +- name: windows.service + type: group + release: ga + fields: + - name: id + type: keyword + description: | + A unique ID for the service. It is a hash of the machine's GUID and the service name. + - name: name + type: keyword + description: | + The service name. + - name: display_name + type: keyword + description: | + The display name of the service. + - name: start_type + type: keyword + description: | + The startup type of the service. The possible values are `Automatic`, `Boot`, `Disabled`, `Manual`, and `System`. + - name: start_name + type: keyword + description: | + Account name under which a service runs. + - name: path_name + type: keyword + description: | + Fully qualified path to the file that implements the service, including arguments. + - name: state + type: keyword + description: | + The actual state of the service. The possible values are `Continuing`, `Pausing`, `Paused`, `Running`, `Starting`, `Stopping`, and `Stopped`. + - name: exit_code + type: keyword + description: | + For `Stopped` services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code. + - name: pid + type: long + description: | + For `Running` services this is the associated process PID. + - name: uptime.ms + type: long + format: duration + description: | + The service's uptime specified in milliseconds. diff --git a/dev/packages/beats/windows/0.0.1/dataset/service/fields/package-fields.yml b/dev/packages/beats/windows/0.0.1/dataset/service/fields/package-fields.yml new file mode 100644 index 00000000000..ae5f9222cbb --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/service/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: windows + type: group diff --git a/dev/packages/beats/windows/0.0.1/dataset/service/manifest.yml b/dev/packages/beats/windows/0.0.1/dataset/service/manifest.yml new file mode 100644 index 00000000000..b460725227f --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/dataset/service/manifest.yml @@ -0,0 +1,15 @@ +title: Windows service metrics +release: experimental +type: metrics +streams: +- input: windows/metrics + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + title: Windows service metrics + description: Collect Windows service metrics diff --git a/dev/packages/beats/windows/0.0.1/docs/README.md b/dev/packages/beats/windows/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/img/logo_windows.svg b/dev/packages/beats/windows/0.0.1/img/logo_windows.svg new file mode 100644 index 00000000000..953b33d8f5a --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/img/logo_windows.svg @@ -0,0 +1,3 @@ + + + diff --git a/dev/packages/beats/windows/0.0.1/img/metricbeat-windows-service.png b/dev/packages/beats/windows/0.0.1/img/metricbeat-windows-service.png new file mode 100644 index 00000000000..b9437930a98 Binary files /dev/null and b/dev/packages/beats/windows/0.0.1/img/metricbeat-windows-service.png differ diff --git a/dev/packages/beats/windows/0.0.1/kibana/dashboard/d9eba730-c991-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/dashboard/d9eba730-c991-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..fa6643508a0 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/dashboard/d9eba730-c991-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "Overview of the Windows Service States", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "1", + "w": 36, + "x": 12, + "y": 12 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 12, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Windows] Services ECS", + "version": 1 + }, + "id": "d9eba730-c991-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "eb8277d0-c98c-11e7-9835-2f31fe08873b-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "23a5fff0-c98e-11e7-9835-2f31fe08873b-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "830c45f0-c991-11e7-9835-2f31fe08873b-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "35f5ad60-c996-11e7-9835-2f31fe08873b-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c36b2ba0-ca29-11e7-9835-2f31fe08873b-ecs", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/search/b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/search/b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..33a13248f80 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/search/b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "columns": [ + "host.name", + "windows.service.display_name", + "windows.service.state", + "windows.service.start_type", + "windows.service.uptime.ms", + "windows.service.pid", + "windows.service.exit_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"windows.\"}}}" + }, + "query": { + "match_phrase_prefix": { + "stream.dataset": { + "query": "windows." + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "metricset.name", + "negate": false, + "params": { + "query": "service", + "type": "phrase" + }, + "type": "phrase", + "value": "service" + }, + "query": { + "match": { + "metricset.name": { + "query": "service", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Services [Metrics Windows] ECS", + "version": 1 + }, + "id": "b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/visualization/23a5fff0-c98e-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/visualization/23a5fff0-c98e-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..128af74885d --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/visualization/23a5fff0-c98e-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Hosts [Metrics Windows] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Services", + "field": "windows.service.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Host", + "field": "host.name", + "order": "desc", + "orderBy": "1", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Hosts [Metrics Windows] ECS", + "type": "table" + } + }, + "id": "23a5fff0-c98e-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/visualization/35f5ad60-c996-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/visualization/35f5ad60-c996-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..ec798a5ce0c --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/visualization/35f5ad60-c996-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Unique Services [Metrics Windows] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Services", + "field": "windows.service.id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": false + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "Unique Services [Metrics Windows] ECS", + "type": "metric" + } + }, + "id": "35f5ad60-c996-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/visualization/830c45f0-c991-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/visualization/830c45f0-c991-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..c3f5cbb4447 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/visualization/830c45f0-c991-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Startup States [Metrics Windows] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Service Count", + "field": "windows.service.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Startup Type", + "field": "windows.service.start_type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "State", + "field": "windows.service.state", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Startup States [Metrics Windows] ECS", + "type": "pie" + } + }, + "id": "830c45f0-c991-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/visualization/c36b2ba0-ca29-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/visualization/c36b2ba0-ca29-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..b1790980d06 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/visualization/c36b2ba0-ca29-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "windows.service.exit_code" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "windows.service.exit_code", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "windows.service.exit_code", + "negate": true, + "params": { + "query": "0", + "type": "phrase" + }, + "type": "phrase", + "value": "0" + }, + "query": { + "match": { + "windows.service.exit_code": { + "query": "0", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "windows.service.exit_code", + "negate": true, + "params": { + "query": "ERROR_SERVICE_NEVER_STARTED", + "type": "phrase" + }, + "type": "phrase", + "value": "ERROR_SERVICE_NEVER_STARTED" + }, + "query": { + "match": { + "windows.service.exit_code": { + "query": "ERROR_SERVICE_NEVER_STARTED", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Non-zero Service Exit Codes [Metrics Windows] ECS", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Non-zero Exit Codes", + "field": "windows.service.id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": false + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "title": "Non-zero Service Exit Codes [Metrics Windows] ECS", + "type": "metric" + } + }, + "id": "c36b2ba0-ca29-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "b6b7ccc0-c98d-11e7-9835-2f31fe08873b-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/kibana/visualization/eb8277d0-c98c-11e7-9835-2f31fe08873b-ecs.json b/dev/packages/beats/windows/0.0.1/kibana/visualization/eb8277d0-c98c-11e7-9835-2f31fe08873b-ecs.json new file mode 100644 index 00000000000..c3a6263bddc --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/kibana/visualization/eb8277d0-c98c-11e7-9835-2f31fe08873b-ecs.json @@ -0,0 +1,185 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Service States [Metrics Windows] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Latest Report", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Service", + "field": "windows.service.display_name", + "order": "asc", + "orderBy": "_term", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Host", + "field": "host.name", + "order": "desc", + "orderBy": "_term", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "State", + "field": "windows.service.state", + "order": "desc", + "orderAgg": { + "enabled": true, + "id": "3-orderAgg", + "params": { + "field": "@timestamp" + }, + "schema": { + "aggFilter": [ + "!top_hits", + "!percentiles", + "!median", + "!std_dev", + "!derivative", + "!moving_avg", + "!serial_diff", + "!cumulative_sum", + "!avg_bucket", + "!max_bucket", + "!min_bucket", + "!sum_bucket" + ], + "deprecate": false, + "editor": false, + "group": "none", + "hideCustomLabel": true, + "max": null, + "min": 0, + "name": "orderAgg", + "params": [], + "title": "Order Agg" + }, + "type": "max" + }, + "orderBy": "custom", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Startup Type", + "field": "windows.service.start_type", + "order": "desc", + "orderAgg": { + "enabled": true, + "id": "4-orderAgg", + "params": { + "field": "@timestamp" + }, + "schema": { + "aggFilter": [ + "!top_hits", + "!percentiles", + "!median", + "!std_dev", + "!derivative", + "!moving_avg", + "!serial_diff", + "!cumulative_sum", + "!avg_bucket", + "!max_bucket", + "!min_bucket", + "!sum_bucket" + ], + "deprecate": false, + "editor": false, + "group": "none", + "hideCustomLabel": true, + "max": null, + "min": 0, + "name": "orderAgg", + "params": [], + "title": "Order Agg" + }, + "type": "max" + }, + "orderBy": "custom", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Service States [Metrics Windows] ECS", + "type": "table" + } + }, + "id": "eb8277d0-c98c-11e7-9835-2f31fe08873b-ecs", + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/windows/0.0.1/manifest.yml b/dev/packages/beats/windows/0.0.1/manifest.yml new file mode 100644 index 00000000000..d0c86fed194 --- /dev/null +++ b/dev/packages/beats/windows/0.0.1/manifest.yml @@ -0,0 +1,33 @@ +format_version: 1.0.0 +name: windows +title: Windows +version: 0.0.1 +license: basic +description: Windows Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.3.0 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-windows-service.png + title: metricbeat windows service + size: 3142x1834 + type: image/png +icons: +- src: /img/logo_windows.svg + title: logo windows + size: 32x32 + type: image/svg+xml +datasources: +- name: windows + title: Windows metrics + description: Collect metrics from Windows instances + inputs: + - type: windows/metrics + title: Collect metrics from Windows instances + description: Collecting Windows perfmon and service metrics diff --git a/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9f8b26eaff8 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/agent/stream/log.yml.hbs @@ -0,0 +1,15 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.capture_loss" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..7d662ab7da1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,28 @@ +{ + "description": "Pipeline for normalizing Zeek capture_loss.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.capture_loss.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.capture_loss.ts" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/fields.yml new file mode 100644 index 00000000000..3c40e298dcc --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/fields.yml @@ -0,0 +1,23 @@ +- name: zeek.capture_loss + type: group + fields: + - name: ts_delta + type: integer + description: | + The time delay between this measurement and the last. + - name: peer + type: keyword + description: | + In the event that there are multiple Bro instances logging to the same host, this distinguishes each peer with its individual name. + - name: gaps + type: integer + description: | + Number of missed ACKs from the previous measurement interval. + - name: acks + type: integer + description: | + Total number of ACKs seen in the previous measurement interval. + - name: percent_lost + type: double + description: | + Percentage of ACKs seen where the data being ACKed wasn't seen. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/manifest.yml new file mode 100644 index 00000000000..6c303bbae8f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/capture_loss/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek capture_loss logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/capture_loss.log + os: + darwin: + default: + - /usr/local/var/logs/current/capture_loss.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.capture_loss + template_path: log.yml.hbs + title: Zeek capture_loss logs (log) + description: Collect Zeek capture_loss logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/connection/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/connection/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..62f98131710 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/connection/agent/stream/log.yml.hbs @@ -0,0 +1,71 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +processors: + - drop_fields: + fields: ["json.orig_bytes","json.resp_bytes","json.tunnel_parents"] + - rename: + fields: + - from: "json" + to: "zeek.connection" + - from: "zeek.connection.duration" + to: "temp.duration" + - from: "zeek.connection.id.orig_h" + to: "source.address" + - from: "zeek.connection.id.orig_p" + to: "source.port" + - from: "zeek.connection.id.resp_h" + to: "destination.address" + - from: "zeek.connection.id.resp_p" + to: "destination.port" + - from: "zeek.connection.proto" + to: "network.transport" + - from: "zeek.connection.service" + to: "network.protocol" + - from: "zeek.connection.uid" + to: "zeek.session_id" + - from: "zeek.connection.orig_ip_bytes" + to: "source.bytes" + - from: "zeek.connection.resp_ip_bytes" + to: "destination.bytes" + - from: "zeek.connection.orig_pkts" + to: "source.packets" + - from: "zeek.connection.resp_pkts" + to: "destination.packets" + - from: "zeek.connection.conn_state" + to: "zeek.connection.state" + - from: "zeek.connection.orig_l2_addr" + to: "source.mac" + - from: "zeek.connection.resp_l2_addr" + to: "destination.mac" + ignore_missing: true + fail_on_error: false + - rename: + when.equals.network.transport: icmp + fields: + - from: "source.port" + to: "zeek.connection.icmp.type" + - from: "destination.port" + to: "zeek.connection.icmp.code" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - if: + equals.network.transport: icmp + then: + community_id: + fields: + source_ip: source.address + destination_ip: destination.address + icmp_type: zeek.connection.icmp.type + icmp_code: zeek.connection.icmp.code + else: + community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/connection/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/connection/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..a930fd08ec9 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/connection/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,160 @@ +{ + "description": "Pipeline for normalizing Zeek conn.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.connection.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.connection.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "script": { + "source": "ctx.event.duration = Math.round(ctx.temp.duration * params.scale)", + "params": { + "scale": 1000000000 + }, + "if": "ctx.temp?.duration != null" + } + }, + { + "remove": { + "field": "temp.duration", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.zeek.connection.local_orig) ctx.tags.add(\"local_orig\");", + "if": "ctx.zeek.connection.local_orig != null" + } + }, + { + "script": { + "source": "if (ctx.zeek.connection.local_resp) ctx.tags.add(\"local_resp\");", + "if": "ctx.zeek.connection.local_resp != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "script": { + "source": "ctx.network.packets = ctx.source.packets + ctx.destination.packets", + "ignore_failure": true + } + }, + { + "script": { + "source": "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes", + "ignore_failure": true + } + }, + { + "script": { + "source": "if (ctx.zeek.connection.local_orig == true && ctx.zeek.connection.local_resp == true) {ctx.network.direction = \"internal\"} else if (ctx.zeek.connection.local_orig == true && ctx.zeek.connection.local_resp == false) {ctx.network.direction = \"outbound\"} else if (ctx.zeek.connection.local_orig == false && ctx.zeek.connection.local_resp == true) {ctx.network.direction = \"inbound\"} else {ctx.network.direction = \"external\"}" + } + }, + { + "geoip": { + "field": "destination.ip", + "target_field": "destination.geo" + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo" + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "destination.ip", + "target_field": "destination.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.asn", + "target_field": "destination.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.organization_name", + "target_field": "destination.as.organization.name", + "ignore_missing": true + } + }, + { + "script": { + "source": "if (ctx.zeek.connection.state == \"S0\") {ctx.zeek.connection.state_message = \"Connection attempt seen, no reply.\"} else if (ctx.zeek.connection.state == \"S1\") {ctx.zeek.connection.state_message = \"Connection established, not terminated.\"} else if (ctx.zeek.connection.state == \"SF\") {ctx.zeek.connection.state_message = \"Normal establishment and termination.\"} else if (ctx.zeek.connection.state == \"REJ\") {ctx.zeek.connection.state_message = \"Connection attempt rejected.\"} else if (ctx.zeek.connection.state == \"S2\") {ctx.zeek.connection.state_message = \" Connection established and close attempt by originator seen (but no reply from responder).\"} else if (ctx.zeek.connection.state == \"S3\") {ctx.zeek.connection.state_message = \"Connection established and close attempt by responder seen (but no reply from originator).\"} else if (ctx.zeek.connection.state == \"RSTO\") {ctx.zeek.connection.state_message = \"Connection established, originator aborted (sent a RST).\"} else if (ctx.zeek.connection.state == \"RSTR\") {ctx.zeek.connection.state_message = \"Responder sent a RST.\"} else if (ctx.zeek.connection.state == \"RSTOS0\") {ctx.zeek.connection.state_message = \"Originator sent a SYN followed by a RST, we never saw a SYN-ACK from the responder.\"} else if (ctx.zeek.connection.state == \"RSTRH\") {ctx.zeek.connection.state_message = \"Responder sent a SYN ACK followed by a RST, we never saw a SYN from the (purported) originator.\"} else if (ctx.zeek.connection.state == \"SH\") {ctx.zeek.connection.state_message = \"Originator sent a SYN followed by a FIN, we never saw a SYN ACK from the responder (hence the connection was 'half' open).\"} else if (ctx.zeek.connection.state == \"SHR\") {ctx.zeek.connection.state_message = \"Responder sent a SYN ACK followed by a FIN, we never saw a SYN from the originator.\"} else if (ctx.zeek.connection.state == \"OTH\") {ctx.zeek.connection.state_message = \"No SYN seen, just midstream traffic (a 'partial connection' that was not later closed).\"}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 00000000000..fd919d01bb4 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,46 @@ +- name: zeek.connection + type: group + fields: + - name: local_orig + type: boolean + description: | + Indicates whether the session is originated locally. + - name: local_resp + type: boolean + description: | + Indicates whether the session is responded locally. + - name: missed_bytes + type: long + description: | + Missed bytes for the session. + - name: state + type: keyword + description: | + Code indicating the state of the session. + - name: state_message + type: keyword + description: | + The state of the session. + - name: icmp + type: group + fields: + - name: type + type: integer + description: | + ICMP message type. + - name: code + type: integer + description: | + ICMP message code. + - name: history + type: keyword + description: | + Flags indicating the history of the session. + - name: vlan + type: integer + description: | + VLAN identifier. + - name: inner_vlan + type: integer + description: | + VLAN identifier. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/connection/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/connection/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/connection/manifest.yml new file mode 100644 index 00000000000..4b217575343 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/connection/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek connection logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/conn.log + os: + darwin: + default: + - /usr/local/var/logs/current/conn.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.connection + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek connection logs (log) + description: Collect Zeek connection logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e3908442e3b --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/agent/stream/log.yml.hbs @@ -0,0 +1,31 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: dce_rpc +processors: + - rename: + fields: + - from: "json" + to: "zeek.dce_rpc" + - from: "zeek.dce_rpc.id.orig_h" + to: "source.address" + - from: "zeek.dce_rpc.id.orig_p" + to: "source.port" + - from: "zeek.dce_rpc.id.resp_h" + to: "destination.address" + - from: "zeek.dce_rpc.id.resp_p" + to: "destination.port" + - from: "zeek.dce_rpc.uid" + to: "zeek.session_id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..0f274438186 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek dce_rpc.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.dce_rpc.ts", + "formats": ["UNIX"] + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "remove": { + "field": "zeek.dce_rpc.ts" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/fields.yml new file mode 100644 index 00000000000..379f18af116 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/fields.yml @@ -0,0 +1,19 @@ +- name: zeek.dce_rpc + type: group + fields: + - name: rtt + type: integer + description: | + Round trip time from the request to the response. If either the request or response wasn't seen, this will be null. + - name: named_pipe + type: keyword + description: | + Remote pipe name. + - name: endpoint + type: keyword + description: | + Endpoint name looked up from the uuid. + - name: operation + type: keyword + description: | + Operation seen in the call. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/manifest.yml new file mode 100644 index 00000000000..c92617d2562 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dce_rpc/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek dce_rpc logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/dce_rpc.log + os: + darwin: + default: + - /usr/local/var/logs/current/dce_rpc.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.dce_rpc + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek dce_rpc logs (log) + description: Collect Zeek dce_rpc logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dhcp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..2410b2c05f3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/agent/stream/log.yml.hbs @@ -0,0 +1,76 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: udp + network.protocol: dhcp +processors: + - rename: + fields: + - from: "json" + to: "zeek.dhcp" + - from: "zeek.dhcp.uids" + to: "zeek.session_id" + - from: "zeek.dhcp.assigned_addr" + to: "zeek.dhcp.address.assigned" + - from: "zeek.dhcp.client_addr" + to: "zeek.dhcp.address.client" + - from: "zeek.dhcp.mac" + to: "zeek.dhcp.address.mac" + - from: "zeek.dhcp.requested_addr" + to: "zeek.dhcp.address.requested" + - from: "zeek.dhcp.server_addr" + to: "zeek.dhcp.address.server" + - from: "zeek.dhcp.host_name" + to: "zeek.dhcp.hostname" + - from: "zeek.dhcp.client_message" + to: "zeek.dhcp.msg.client" + - from: "zeek.dhcp.server_message" + to: "zeek.dhcp.msg.server" + - from: "zeek.dhcp.msg_types" + to: "zeek.dhcp.msg.types" + - from: "zeek.dhcp.msg_orig" + to: "zeek.dhcp.msg.origin" + - from: "zeek.dhcp.client_software" + to: "zeek.dhcp.software.client" + - from: "zeek.dhcp.server_software" + to: "zeek.dhcp.software.server" + - from: "zeek.dhcp.circuit_id" + to: "zeek.dhcp.id.circuit" + - from: "zeek.dhcp.agent_remote_id" + to: "zeek.dhcp.id.remote_agent" + - from: "zeek.dhcp.subscriber_id" + to: "zeek.dhcp.id.subscriber" + - from: "zeek.dhcp.client_port" + to: "source.port" + - from: "zeek.dhcp.server_port" + to: "destination.port" + ignore_missing: true + fail_on_error: false + - if: + not: + has_fields: ["source.port"] + then: + - add_fields: + target: source + fields: + port: 68 + - if: + not: + has_fields: ["destination.port"] + then: + - add_fields: + target: destination + fields: + port: 67 +{{#if community_id}} + - community_id: + fields: + source.address: zeek.dhcp.address.client + destination.address: zeek.dhcp.address.server +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dhcp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..92c1a43dd4a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,84 @@ +{ + "description": "Pipeline for normalizing Zeek dhcp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.dhcp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.dhcp.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.address", + "value": "{{zeek.dhcp.address.client}}", + "if": "ctx.zeek.dhcp.address?.client != null" + } + }, + { + "set": { + "field": "client.address", + "value": "{{zeek.dhcp.address.client}}", + "if": "ctx.zeek.dhcp.address?.client != null" + } + }, + { + "set": { + "field": "destination.address", + "value": "{{zeek.dhcp.address.server}}", + "if": "ctx.zeek.dhcp.address?.server != null" + } + }, + { + "set": { + "field": "server.address", + "value": "{{zeek.dhcp.address.server}}", + "if": "ctx.zeek.dhcp.address?.server != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}", + "if": "ctx.source?.address != null" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}", + "if": "ctx.destination?.address != null" + } + }, + { + "set": { + "field": "network.name", + "value": "{{zeek.dhcp.domain}}", + "if": "ctx.zeek.dhcp.domain != null" + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/fields.yml new file mode 100644 index 00000000000..1f42b89a472 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/fields.yml @@ -0,0 +1,110 @@ +- name: zeek.dhcp + type: group + fields: + - name: domain + type: keyword + description: | + Domain given by the server in option 15. + - name: duration + type: double + description: | + Duration of the DHCP session representing the time from the first + message to the last, in seconds. + - name: hostname + type: keyword + description: | + Name given by client in Hostname option 12. + - name: client_fqdn + type: keyword + description: | + FQDN given by client in Client FQDN option 81. + - name: lease_time + type: integer + description: | + IP address lease interval in seconds. + - name: address + type: group + fields: + - name: assigned + type: ip + description: | + IP address assigned by the server. + - name: client + type: ip + description: | + IP address of the client. If a transaction is only a client sending + INFORM messages then there is no lease information exchanged so this + is helpful to know who sent the messages. Getting an address in this + field does require that the client sources at least one DHCP message + using a non-broadcast address. + - name: mac + type: keyword + description: | + Client's hardware address. + - name: requested + type: ip + description: | + IP address requested by the client. + - name: server + type: ip + description: | + IP address of the DHCP server. + - name: msg + type: group + fields: + - name: types + type: keyword + description: | + List of DHCP message types seen in this exchange. + - name: origin + type: ip + description: | + (present if policy/protocols/dhcp/msg-orig.bro is loaded) + The address that originated each message from the msg.types field. + - name: client + type: keyword + description: | + Message typically accompanied with a DHCP_DECLINE so the client can + tell the server why it rejected an address. + - name: server + type: keyword + description: | + Message typically accompanied with a DHCP_NAK to let the client know + why it rejected the request. + - name: software + type: group + fields: + - name: client + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + - name: server + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + - name: id + type: group + fields: + - name: circuit + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + Added by DHCP relay agents which terminate switched or permanent + circuits. It encodes an agent-local identifier of the circuit from + which a DHCP client-to-server packet was received. Typically it + should represent a router or switch interface number. + - name: remote_agent + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + A globally unique identifier added by relay agents to identify the + remote host end of the circuit. + - name: subscriber + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + The subscriber ID is a value independent of the physical network + configuration so that a customer's DHCP configuration can be given + to them correctly no matter where they are physically connected. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dhcp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/manifest.yml new file mode 100644 index 00000000000..217afa88c2a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dhcp/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek dhcp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/dhcp.log + os: + darwin: + default: + - /usr/local/var/logs/current/dhcp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.dhcp + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek dhcp logs (log) + description: Collect Zeek dhcp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dnp3/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..1a7f64bd102 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/agent/stream/log.yml.hbs @@ -0,0 +1,40 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: dnp3 +processors: + - rename: + fields: + - from: "json" + to: "zeek.dnp3" + - from: "zeek.dnp3.id.orig_h" + to: "source.address" + - from: "zeek.dnp3.id.orig_p" + to: "source.port" + - from: "zeek.dnp3.id.resp_h" + to: "destination.address" + - from: "zeek.dnp3.id.resp_p" + to: "destination.port" + - from: "zeek.dnp3.uid" + to: "event.id" + - from: "zeek.dnp3.fc_request" + to: "zeek.dnp3.function.request" + - from: "zeek.dnp3.fc_reply" + to: "zeek.dnp3.function.reply" + - from: "zeek.dnp3.iin" + to: "zeek.dnp3.id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dnp3/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..3f7e3c4baee --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek dnp3.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.dnp3.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.dnp3.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/fields.yml new file mode 100644 index 00000000000..4cad3295c24 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/fields.yml @@ -0,0 +1,18 @@ +- name: zeek.dnp3 + type: group + fields: + - name: function + type: group + fields: + - name: request + type: keyword + description: | + The name of the function message in the request. + - name: reply + type: keyword + description: | + The name of the function message in the reply. + - name: id + type: integer + description: | + The response's internal indication number. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dnp3/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/manifest.yml new file mode 100644 index 00000000000..5ecc592230b --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dnp3/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek dnp3 logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/dnp3.log + os: + darwin: + default: + - /usr/local/var/logs/current/dnp3.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.dnp3 + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek dnp3 logs (log) + description: Collect Zeek dnp3 logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dns/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/dns/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..1d769658dfb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dns/agent/stream/log.yml.hbs @@ -0,0 +1,149 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.dns + - script: + lang: javascript + id: zeek_dns_flags + source: > + var net = require("net"); + function addDnsHeaderFlags(evt) { + var flag = evt.Get("zeek.dns.AA"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "AA"); + } + flag = evt.Get("zeek.dns.TC"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "TC"); + } + flag = evt.Get("zeek.dns.RD"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RD"); + } + flag = evt.Get("zeek.dns.RA"); + if (flag === true) { + evt.AppendTo("dns.header_flags", "RA"); + } + } + function addDnsQuestionClass(evt) { + var qclass = evt.Get("zeek.dns.qclass"); + if (!qclass) { + return; + } + switch (qclass) { + case 1: + qclass = "IN"; + break; + case 3: + qclass = "CH"; + break; + case 4: + qclass = "HS"; + break; + case 254: + qclass = "NONE"; + break; + case 255: + qclass = "ANY"; + break; + } + evt.Put("dns.question.class", qclass); + } + function addDnsAnswers(evt) { + var answers = evt.Get("zeek.dns.answers"); + var ttls = evt.Get("zeek.dns.TTLs"); + if (!answers || !ttls || answers.length != ttls.length) { + return; + } + var resolvedIps = []; + var answersObjs = []; + for (var i = 0; i < answers.length; i++) { + var answer = answers[i]; + answersObjs.push({ + data: answer, + ttl: ttls[i], + }) + if (net.isIP(answer)) { + resolvedIps.push(answer); + } + } + evt.Put("dns.answers", answersObjs); + if (resolvedIps.length > 0) { + evt.Put("dns.resolved_ip", resolvedIps); + } + } + function setDnsType(evt) { + var response_code = evt.Get("zeek.dns.rcode_name"); + if (response_code) { + evt.Put("dns.type", "answer"); + } else { + evt.Put("dns.type", "query"); + } + } + function addEventDuration(evt) { + var rttSec = evt.Get("zeek.dns.rtt"); + if (!rttSec) { + return; + } + evt.Put("event.duration", rttSec * 1000000000); + } + function process(evt) { + addDnsHeaderFlags(evt); + addDnsQuestionClass(evt); + addDnsAnswers(evt); + setDnsType(evt); + addEventDuration(evt); + } + - convert: + ignore_missing: true + ignore_failure: true + mode: rename + fields: + - {from: zeek.dns.id.orig_h, to: source.address} + - {from: zeek.dns.id.orig_p, to: source.port, type: long} + - {from: zeek.dns.id.resp_h, to: destination.address} + - {from: zeek.dns.id.resp_p, to: destination.port, type: long} + - {from: zeek.dns.uid, to: zeek.session_id} + - {from: zeek.dns.proto, to: network.transport} + - convert: + ignore_missing: true + ignore_failure: true + mode: copy + fields: + - {from: source.address, to: source.ip, type: ip} + - {from: destination.address, to: destination.ip, type: ip} + - {from: zeek.session_id, to: event.id} + - {from: '@timestamp', to: event.created} + - {from: zeek.dns.trans_id, to: dns.id} + - {from: zeek.dns.query, to: dns.question.name} + - {from: zeek.dns.qtype_name, to: dns.question.type} + - {from: zeek.dns.rcode_name, to: dns.response_code} + - registered_domain: + ignore_missing: true + ignore_failure: true + field: dns.question.name + target_field: dns.question.registered_domain +{{#if community_id}} + - community_id: ~ +{{/if}} + - timestamp: + ignore_missing: true + field: zeek.dns.ts + layouts: + - UNIX + - drop_fields: + ignore_missing: true + fields: + - zeek.dns.Z + - zeek.dns.auth + - zeek.dns.addl + - zeek.dns.ts \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dns/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/zeek/0.0.1/dataset/dns/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..db603d93dbb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dns/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,52 @@ +--- +description: Pipeline for Filebeat Zeek dns.log + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/fields.yml new file mode 100644 index 00000000000..b52838d787f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/fields.yml @@ -0,0 +1,86 @@ +- name: zeek.dns + type: group + fields: + - name: trans_id + type: keyword + description: | + DNS transaction identifier. + - name: rtt + type: double + description: | + Round trip time for the query and response. + - name: query + type: keyword + description: | + The domain name that is the subject of the DNS query. + - name: qclass + type: long + description: | + The QCLASS value specifying the class of the query. + - name: qclass_name + type: keyword + description: | + A descriptive name for the class of the query. + - name: qtype + type: long + description: | + A QTYPE value specifying the type of the query. + - name: qtype_name + type: keyword + description: | + A descriptive name for the type of the query. + - name: rcode + type: long + description: | + The response code value in DNS response messages. + - name: rcode_name + type: keyword + description: | + A descriptive name for the response code value. + - name: AA + type: boolean + description: | + The Authoritative Answer bit for response messages specifies that the responding + name server is an authority for the domain name in the question section. + - name: TC + type: boolean + description: | + The Truncation bit specifies that the message was truncated. + - name: RD + type: boolean + description: | + The Recursion Desired bit in a request message indicates that the client + wants recursive service for this query. + - name: RA + type: boolean + description: | + The Recursion Available bit in a response message indicates that the name + server supports recursive queries. + - name: answers + type: keyword + description: | + The set of resource descriptions in the query answer. + - name: TTLs + type: double + description: | + The caching intervals of the associated RRs described by the answers field. + - name: rejected + type: boolean + description: | + Indicates whether the DNS query was rejected by the server. + - name: total_answers + type: integer + description: | + The total number of resource records in the reply. + - name: total_replies + type: integer + description: | + The total number of resource records in the reply message. + - name: saw_query + type: boolean + description: | + Whether the full DNS query has been seen. + - name: saw_reply + type: boolean + description: | + Whether the full DNS reply has been seen. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dns/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dns/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/dns/manifest.yml new file mode 100644 index 00000000000..3216fded4ec --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dns/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek dns logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/dns.log + os: + darwin: + default: + - /usr/local/var/logs/current/dns.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.dns + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek dns logs (log) + description: Collect Zeek dns logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dpd/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/dpd/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..37e671d0042 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dpd/agent/stream/log.yml.hbs @@ -0,0 +1,33 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.dpd" + - from: "zeek.dpd.id.orig_h" + to: "source.address" + - from: "zeek.dpd.id.orig_p" + to: "source.port" + - from: "zeek.dpd.id.resp_h" + to: "destination.address" + - from: "zeek.dpd.id.resp_p" + to: "destination.port" + - from: "zeek.dpd.uid" + to: "zeek.session_id" + - from: "zeek.dpd.proto" + to: "network.transport" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dpd/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/dpd/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..7a8958013fc --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dpd/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek dpd.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.dpd.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.dpd.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/fields.yml new file mode 100644 index 00000000000..241bb1dc67e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/fields.yml @@ -0,0 +1,16 @@ +- name: zeek.dpd + type: group + fields: + - name: analyzer + type: keyword + description: | + The analyzer that generated the violation. + - name: failure_reason + type: keyword + description: | + The textual reason for the analysis failure. + - name: packet_segment + type: keyword + description: | + (present if policy/frameworks/dpd/packet-segment-logging.bro is loaded) + A chunk of the payload that most likely resulted in the protocol violation. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dpd/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/dpd/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/dpd/manifest.yml new file mode 100644 index 00000000000..0148154589c --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/dpd/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek dpd logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/dpd.log + os: + darwin: + default: + - /usr/local/var/logs/current/dpd.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.dpd + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek dpd logs (log) + description: Collect Zeek dpd logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/files/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/files/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..73fad39e88c --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/files/agent/stream/log.yml.hbs @@ -0,0 +1,19 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +processors: + - drop_fields: + fields: ["json.x509"] + - rename: + fields: + - from: "json" + to: "zeek.files" + - from: "zeek.files.conn_uids" + to: "zeek.files.session_ids" + + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/files/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/files/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..1c47b4d0b42 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/files/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,57 @@ +{ + "description": "Pipeline for normalizing Zeek files.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.files.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.files.ts" + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.zeek.session_id = ctx.zeek.files.session_ids[0];", + "if": "ctx.zeek.files.session_ids != null", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.zeek.files.rx_host = ctx.zeek.files.rx_hosts[0]; ctx.zeek.files.remove('rx_hosts');", + "ignore_failure": true + } + }, + { + "script": { + "lang": "painless", + "source": "ctx.zeek.files.tx_host = ctx.zeek.files.tx_hosts[0]; ctx.zeek.files.remove('tx_hosts');", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/files/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/files/fields/fields.yml new file mode 100644 index 00000000000..c2d44e8c44e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/files/fields/fields.yml @@ -0,0 +1,112 @@ +- name: zeek.files + type: group + fields: + - name: fuid + type: keyword + description: | + A file unique identifier. + - name: tx_host + type: ip + description: | + The host that transferred the file. + - name: rx_host + type: ip + description: | + The host that received the file. + - name: session_ids + type: keyword + description: | + The sessions that have this file. + - name: source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + - name: depth + type: long + description: | + A value to represent the depth of this file in relation to its source. In SMTP, it + is the depth of the MIME attachment on the message. In HTTP, it is the depth of the + request within the TCP connection. + - name: analyzers + type: keyword + description: | + A set of analysis types done during the file analysis. + - name: mime_type + type: keyword + description: | + Mime type of the file. + - name: filename + type: keyword + description: | + Name of the file if available. + - name: local_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the data + originated from the local network or not. + - name: is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + - name: duration + type: double + description: | + The duration the file was analyzed for. Not the duration of the session. + - name: seen_bytes + type: long + description: | + Number of bytes provided to the file analysis engine for the file. + - name: total_bytes + type: long + description: | + Total number of bytes that are supposed to comprise the full file. + - name: missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + - name: overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + - name: timedout + type: boolean + description: | + Whether the file analysis timed out at least once for the file. + - name: parent_fuid + type: keyword + description: | + Identifier associated with a container file from which this one was extracted as part of + the file analysis. + - name: md5 + type: keyword + description: | + An MD5 digest of the file contents. + - name: sha1 + type: keyword + description: | + A SHA1 digest of the file contents. + - name: sha256 + type: keyword + description: | + A SHA256 digest of the file contents. + - name: extracted + type: keyword + description: | + Local filename of extracted file. + - name: extracted_cutoff + type: boolean + description: | + Indicate whether the file being extracted was cut off hence not extracted completely. + - name: extracted_size + type: long + description: | + The number of bytes extracted to disk. + - name: entropy + type: double + description: | + The information density of the contents of the file. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/files/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/files/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/files/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/files/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/files/manifest.yml new file mode 100644 index 00000000000..41169769a78 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/files/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek files logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/files.log + os: + darwin: + default: + - /usr/local/var/logs/current/files.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.files + template_path: log.yml.hbs + title: Zeek files logs (log) + description: Collect Zeek files logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ftp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/ftp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..0de9d402cba --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ftp/agent/stream/log.yml.hbs @@ -0,0 +1,50 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ftp +processors: + - rename: + fields: + - from: "json" + to: "zeek.ftp" + - from: "zeek.ftp.id.orig_h" + to: "source.address" + - from: "zeek.ftp.id.orig_p" + to: "source.port" + - from: "zeek.ftp.id.resp_h" + to: "destination.address" + - from: "zeek.ftp.id.resp_p" + to: "destination.port" + - from: "zeek.ftp.uid" + to: "zeek.session_id" + - from: "zeek.ftp.file_size" + to: "zeek.ftp.file.size" + - from: "zeek.ftp.mime_type" + to: "zeek.ftp.file.mime_type" + - from: "zeek.ftp.fuid" + to: "zeek.ftp.file.uid" + - from: "zeek.ftp.reply_code" + to: "zeek.ftp.reply.code" + - from: "zeek.ftp.reply_msg" + to: "zeek.ftp.reply.msg" + - from: "zeek.ftp.data_channel.orig_h" + to: "zeek.ftp.data_channel.originating_host" + - from: "zeek.ftp.data_channel.resp_h" + to: "zeek.ftp.data_channel.response_host" + - from: "zeek.ftp.data_channel.resp_p" + to: "zeek.ftp.data_channel.response_port" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ftp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/ftp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..06b896b53d3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ftp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,53 @@ +{ + "description": "Pipeline for normalizing Zeek ftp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.ftp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.ftp.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "dot_expander": { + "field": "data_channel.passive", + "path": "zeek.ftp" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/fields.yml new file mode 100644 index 00000000000..b1f91feebb1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/fields.yml @@ -0,0 +1,101 @@ +- name: zeek.ftp + type: group + fields: + - name: user + type: keyword + description: | + User name for the current FTP session. + - name: password + type: keyword + description: | + Password for the current FTP session if captured. + - name: command + type: keyword + description: | + Command given by the client. + - name: arg + type: keyword + description: | + Argument for the command if one is given. + - name: file + type: group + fields: + - name: size + type: long + description: | + Size of the file if the command indicates a file transfer. + - name: mime_type + type: keyword + description: | + Sniffed mime type of file. + - name: fuid + type: keyword + description: | + (present if base/protocols/ftp/files.bro is loaded) + File unique ID. + - name: reply + type: group + fields: + - name: code + type: integer + description: | + Reply code from the server in response to the command. + - name: msg + type: keyword + description: | + Reply message from the server in response to the command. + - name: data_channel + type: group + fields: + - name: passive + type: boolean + description: | + Whether PASV mode is toggled for control channel. + - name: originating_host + type: ip + description: | + The host that will be initiating the data connection. + - name: response_host + type: ip + description: | + The host that will be accepting the data connection. + - name: response_port + type: integer + description: | + The port at which the acceptor is listening for the data connection. + - name: cwd + type: keyword + description: | + Current working directory that this session is in. By making the default value '.', we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use. + - name: cmdarg + type: group + fields: + - name: cmd + type: keyword + description: | + Command. + - name: arg + type: keyword + description: | + Argument for the command if one was given. + - name: seq + type: integer + description: | + Counter to track how many commands have been executed. + - name: pending_commands + type: integer + description: | + Queue for commands that have been sent but not yet responded to are tracked here. + - name: passive + type: boolean + description: | + Indicates if the session is in active or passive mode. + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. + - name: last_auth_requested + type: keyword + description: | + present if base/protocols/ftp/gridftp.bro is loaded. + Last authentication/security mechanism that was used. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ftp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ftp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/ftp/manifest.yml new file mode 100644 index 00000000000..7de56398e92 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ftp/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek ftp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/ftp.log + os: + darwin: + default: + - /usr/local/var/logs/current/ftp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.ftp + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek ftp logs (log) + description: Collect Zeek ftp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/http/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/http/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..cbc817e15d9 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/http/agent/stream/log.yml.hbs @@ -0,0 +1,56 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp +processors: + - rename: + fields: + - from: "json" + to: "zeek.http" + - from: "zeek.http.id.orig_h" + to: "source.address" + - from: "zeek.http.id.orig_p" + to: "source.port" + - from: "zeek.http.id.resp_h" + to: "destination.address" + - from: "zeek.http.id.resp_p" + to: "destination.port" + - from: "zeek.http.uid" + to: "zeek.session_id" + - from: "zeek.http.method" + to: "http.request.method" + - from: "zeek.http.referrer" + to: "http.request.referrer" + - from: "zeek.http.status_code" + to: "http.response.status_code" + - from: "zeek.http.version" + to: "http.version" + - from: "zeek.http.request_body_len" + to: "http.request.body.bytes" + - from: "zeek.http.response_body_len" + to: "http.response.body.bytes" + - from: "zeek.http.uri" + to: "url.original" + - from: "zeek.http.host" + to: "url.domain" + - from: "zeek.http.username" + to: "url.username" + - from: "zeek.http.password" + to: "url.password" + + - from: "zeek.http.user_agent" + to: "user_agent.original" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/http/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/http/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..af771f8c745 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/http/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,123 @@ +{ + "description": "Pipeline for normalizing Zeek http.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.http.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.http.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "set": { + "field": "url.port", + "value": "{{destination.port}}" + } + }, + { + "geoip": { + "field": "destination.ip", + "target_field": "destination.geo" + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo" + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "destination.ip", + "target_field": "destination.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.asn", + "target_field": "destination.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.organization_name", + "target_field": "destination.as.organization.name", + "ignore_missing": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_missing": true + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/http/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/http/fields/fields.yml new file mode 100644 index 00000000000..03aa3629f84 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/http/fields/fields.yml @@ -0,0 +1,82 @@ +- name: zeek.http + type: group + fields: + - name: trans_depth + type: integer + description: | + Represents the pipelined depth into the connection of this request/response transaction. + - name: status_msg + type: keyword + description: | + Status message returned by the server. + - name: info_code + type: integer + description: | + Last seen 1xx informational reply code returned by the server. + - name: info_msg + type: keyword + description: | + Last seen 1xx informational reply message returned by the server. + - name: tags + type: keyword + description: | + A set of indicators of various attributes discovered and related to a particular + request/response pair. + - name: password + type: keyword + description: | + Password if basic-auth is performed for the request. + - name: captured_password + type: boolean + description: | + Determines if the password will be captured for this request. + - name: proxied + type: keyword + description: | + All of the headers that may indicate if the HTTP request was proxied. + - name: range_request + type: boolean + description: | + Indicates if this request can assume 206 partial content in response. + - name: client_header_names + type: keyword + description: | + The vector of HTTP header names sent by the client. No header values + are included here, just the header names. + - name: server_header_names + type: keyword + description: | + The vector of HTTP header names sent by the server. No header values + are included here, just the header names. + - name: orig_fuids + type: keyword + description: | + An ordered vector of file unique IDs from the originator. + - name: orig_mime_types + type: keyword + description: | + An ordered vector of mime types from the originator. + - name: orig_filenames + type: keyword + description: | + An ordered vector of filenames from the originator. + - name: resp_fuids + type: keyword + description: | + An ordered vector of file unique IDs from the responder. + - name: resp_mime_types + type: keyword + description: | + An ordered vector of mime types from the responder. + - name: resp_filenames + type: keyword + description: | + An ordered vector of filenames from the responder. + - name: orig_mime_depth + type: integer + description: | + Current number of MIME entities in the HTTP request message body. + - name: resp_mime_depth + type: integer + description: | + Current number of MIME entities in the HTTP response message body. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/http/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/http/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/http/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/http/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/http/manifest.yml new file mode 100644 index 00000000000..0d2c8738361 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/http/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek http logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/http.log + os: + darwin: + default: + - /usr/local/var/logs/current/http.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.http + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek http logs (log) + description: Collect Zeek http logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/intel/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/intel/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..c64d2361e4f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/intel/agent/stream/log.yml.hbs @@ -0,0 +1,60 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.intel + - timestamp: + field: zeek.intel.ts + layouts: [UNIX] + test: "1573030980.989353" + - convert: + ignore_missing: true + fields: + - {from: zeek.intel.id.orig_h, to: source.address} + - {from: zeek.intel.id.orig_h, to: source.ip, type: ip} + - {from: zeek.intel.id.orig_p, to: source.port, type: long} + - {from: zeek.intel.id.resp_h, to: destination.address} + - {from: zeek.intel.id.resp_h, to: destination.ip, type: ip} + - {from: zeek.intel.id.resp_p, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.intel.uid + to: zeek.session_id + # Expand field names containing dots. + - from: zeek.intel.seen.indicator + to: seen.indicator + - from: zeek.intel.seen.indicator_type + to: seen.indicator_type + - from: zeek.intel.seen.host + to: seen.host + - from: zeek.intel.seen.where + to: seen.where + - from: zeek.intel.seen.node + to: seen.node + - from: zeek.intel.seen.conn + to: seen.conn + - from: zeek.intel.seen.uid + to: seen.uid + - from: zeek.intel.seen.f + to: seen.f + - from: zeek.intel.seen.fuid + to: seen.fuid + - from: seen + to: zeek.intel.seen + - drop_fields: + ignore_missing: true + fields: + - zeek.intel.ts + - zeek.intel.id.orig_h + - zeek.intel.id.orig_p + - zeek.intel.id.resp_h + - zeek.intel.id.resp_p \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/intel/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/zeek/0.0.1/dataset/intel/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..512cf67ff93 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/intel/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,72 @@ +--- +description: Pipeline for normalizing Zeek intel.log. +processors: + - set: + field: event.created + value: "{{_ingest.timestamp}}" + + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/fields.yml new file mode 100644 index 00000000000..15607f747c0 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/fields.yml @@ -0,0 +1,62 @@ +- name: zeek.intel + type: group + fields: + - name: seen + type: group + fields: + - name: indicator + type: keyword + description: | + The intelligence indicator. + - name: indicator_type + type: keyword + description: | + The type of data the indicator represents. + - name: host + type: keyword + description: | + If the indicator type was Intel::ADDR, then this field will be present. + - name: conn + type: keyword + description: | + If the data was discovered within a connection, the connection record should go here to give context to the data. + - name: where + type: keyword + description: | + Where the data was discovered. + - name: node + type: keyword + description: | + The name of the node where the match was discovered. + - name: uid + type: keyword + description: | + If the data was discovered within a connection, the connection uid should go here to give context to the data. If the conn field is provided, this will be automatically filled out. + - name: f + type: object + description: | + If the data was discovered within a file, the file record should go here to provide context to the data. + - name: fuid + type: keyword + description: | + If the data was discovered within a file, the file uid should go here to provide context to the data. If the file record f is provided, this will be automatically filled out. + - name: matched + type: keyword + description: | + Event to represent a match in the intelligence data from data that was seen. + - name: sources + type: keyword + description: | + Sources which supplied data for this match. + - name: fuid + type: keyword + description: | + If a file was associated with this intelligence hit, this is the uid for the file. + - name: file_mime_type + type: keyword + description: | + A mime type if the intelligence hit is related to a file. If the $f field is provided this will be automatically filled out. + - name: file_desc + type: keyword + description: | + Frequently files can be described to give a bit more context. If the $f field is provided this field will be automatically filled out. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/intel/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/intel/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/intel/manifest.yml new file mode 100644 index 00000000000..9456bea61fb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/intel/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek intel logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/intel.log + os: + darwin: + default: + - /usr/local/var/logs/current/intel.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.intel + template_path: log.yml.hbs + title: Zeek intel logs (log) + description: Collect Zeek intel logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/irc/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/irc/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..f1a03e3a16e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/irc/agent/stream/log.yml.hbs @@ -0,0 +1,40 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: irc +processors: + - rename: + fields: + - from: "json" + to: "zeek.irc" + - from: "zeek.irc.id.orig_h" + to: "source.address" + - from: "zeek.irc.id.orig_p" + to: "source.port" + - from: "zeek.irc.id.resp_h" + to: "destination.address" + - from: "zeek.irc.id.resp_p" + to: "destination.port" + - from: "zeek.irc.uid" + to: "zeek.session_id" + - from: "zeek.irc.dcc_file_name" + to: "zeek.irc.dcc.file.name" + - from: "zeek.irc.dcc_file_size" + to: "zeek.irc.dcc.file.size" + - from: "zee.irc.dcc_mime_type" + to: "zeek.irc.dcc.mime_type" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/irc/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/irc/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..40723512349 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/irc/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek irc.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.irc.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.irc.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/fields.yml new file mode 100644 index 00000000000..0d2bb303346 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/fields.yml @@ -0,0 +1,49 @@ +- name: zeek.irc + type: group + fields: + - name: nick + type: keyword + description: | + Nickname given for the connection. + - name: user + type: keyword + description: | + Username given for the connection. + - name: command + type: keyword + description: | + Command given by the client. + - name: value + type: keyword + description: | + Value for the command given by the client. + - name: addl + type: keyword + description: | + Any additional data for the command. + - name: dcc + type: group + fields: + - name: file + type: group + fields: + - name: name + type: keyword + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + DCC filename requested. + - name: size + type: long + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + Size of the DCC transfer as indicated by the sender. + - name: mime_type + type: keyword + description: | + present if base/protocols/irc/dcc-send.bro is loaded. + Sniffed mime type of the file. + - name: fuid + type: keyword + description: | + present if base/protocols/irc/files.bro is loaded. + File unique ID. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/irc/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/irc/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/irc/manifest.yml new file mode 100644 index 00000000000..707e53042f2 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/irc/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek irc logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/irc.log + os: + darwin: + default: + - /usr/local/var/logs/current/irc.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.irc + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek irc logs (log) + description: Collect Zeek irc logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/kerberos/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..5d13790aea3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/agent/stream/log.yml.hbs @@ -0,0 +1,58 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: kerberos +processors: + - rename: + fields: + - from: "json" + to: "zeek.kerberos" + - from: "zeek.kerberos.id.orig_h" + to: "source.address" + - from: "zeek.kerberos.id.orig_p" + to: "source.port" + - from: "zeek.kerberos.id.resp_h" + to: "destination.address" + - from: "zeek.kerberos.id.resp_p" + to: "destination.port" + - from: "zeek.kerberos.uid" + to: "zeek.session_id" + - from: "zeek.kerberos.till" + to: "zeek.kerberos.valid.until" + - from: "zeek.kerberos.from" + to: "zeek.kerberos.valid.from" + - from: "zeek.kerberos.error_code" + to: "zeek.kerberos.error.code" + - from: "zeek.kerberos.error_msg" + to: "zeek.kerberos.error.msg" + - from: "zeek.kerberos.cert.client" + to: "zeek.kerberos.cert.client.value" + - from: "zeek.kerberos.cert.client_subject" + to: "zeek.kerberos.cert.client.subject" + - from: "zeek.kerberos.cert.client_fuid" + to: "zeek.kerberos.cert.client.fuid" + - from: "zeek.kerberos.cert.server" + to: "zeek.kerberos.cert.server.value" + - from: "zeek.kerberos.cert.server_subject" + to: "zeek.kerberos.cert.server.subject" + - from: "zeek.kerberos.cert.server_fuid" + to: "zeek.kerberos.cert.server.fuid" + - from: "zeek.kerberos.auth_ticket" + to: "zeek.kerberos.ticket.auth" + - from: "zeek.kerberos.new_ticket" + to: "zeek.kerberos.ticket.new" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/kerberos/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..988e9b7f2b1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,81 @@ +{ + "description": "Pipeline for normalizing Zeek kerberos.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.kerberos.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.kerberos.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "client.address", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "server.address", + "value": "{{destination.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "script": { + "source": "ctx.zeek.kerberos.valid.days = Math.round( (ctx.zeek.kerberos.valid.until - ctx.zeek.kerberos.valid.from) / 86400 )", + "if": "ctx.zeek.kerberos.valid?.from != null && ctx.zeek.kerberos.valid?.until != null" + } + }, + { + "date": { + "field": "zeek.kerberos.valid.until", + "target_field": "zeek.kerberos.valid.until", + "formats": ["UNIX"], + "if": "ctx.zeek.kerberos.valid?.until != null" + } + }, + { + "date": { + "field": "zeek.kerberos.valid.from", + "target_field": "zeek.kerberos.valid.from", + "formats": ["UNIX"], + "if": "ctx.zeek.kerberos.valid?.from != null" + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/fields.yml new file mode 100644 index 00000000000..af35a2c7df9 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/fields.yml @@ -0,0 +1,101 @@ +- name: zeek.kerberos + type: group + fields: + - name: request_type + type: keyword + description: | + Request type - Authentication Service (AS) or Ticket Granting Service (TGS). + - name: client + type: keyword + description: | + Client name. + - name: service + type: keyword + description: | + Service name. + - name: success + type: boolean + description: | + Request result. + - name: error + type: group + fields: + - name: code + type: integer + description: | + Error code. + - name: msg + type: keyword + description: | + Error message. + - name: valid + type: group + fields: + - name: from + type: date + description: | + Ticket valid from. + - name: until + type: date + description: | + Ticket valid until. + - name: days + type: integer + description: | + Number of days the ticket is valid for. + - name: cipher + type: keyword + description: | + Ticket encryption type. + - name: forwardable + type: boolean + description: | + Forwardable ticket requested. + - name: renewable + type: boolean + description: | + Renewable ticket requested. + - name: ticket + type: group + fields: + - name: auth + type: keyword + description: | + Hash of ticket used to authorize request/transaction. + - name: new + type: keyword + description: | + Hash of ticket returned by the KDC. + - name: cert + type: group + fields: + - name: client + type: group + fields: + - name: value + type: keyword + description: | + Client certificate. + - name: fuid + type: keyword + description: | + File unique ID of client cert. + - name: subject + type: keyword + description: | + Subject of client certificate. + - name: server + type: group + fields: + - name: value + type: keyword + description: | + Server certificate. + - name: fuid + type: keyword + description: | + File unique ID of server certificate. + - name: subject + type: keyword + description: | + Subject of server certificate. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/kerberos/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/manifest.yml new file mode 100644 index 00000000000..ecf2f69a456 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/kerberos/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek kerberos logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/kerberos.log + os: + darwin: + default: + - /usr/local/var/logs/current/kerberos.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.kerberos + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek kerberos logs (log) + description: Collect Zeek kerberos logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/modbus/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/modbus/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..ae92cb6a033 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/modbus/agent/stream/log.yml.hbs @@ -0,0 +1,36 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: modbus +processors: + - rename: + fields: + - from: "json" + to: "zeek.modbus" + - from: "zeek.modbus.id.orig_h" + to: "source.address" + - from: "zeek.modbus.id.orig_p" + to: "source.port" + - from: "zeek.modbus.id.resp_h" + to: "destination.address" + - from: "zeek.modbus.id.resp_p" + to: "destination.port" + - from: "zeek.modbus.uid" + to: "zeek.session_id" + - from: "zeek.modbus.func" + to: "zeek.modbus.function" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/modbus/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/modbus/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..78026f2dc87 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/modbus/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek modbus.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.modbus.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.modbus.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/fields.yml new file mode 100644 index 00000000000..f144f17e716 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/fields.yml @@ -0,0 +1,16 @@ +- name: zeek.modbus + type: group + fields: + - name: function + type: keyword + description: | + The name of the function message that was sent. + - name: exception + type: keyword + description: | + The exception if the response was a failure. + - name: track_address + type: integer + description: | + Present if policy/protocols/modbus/track-memmap.bro is loaded. + Modbus track address. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/modbus/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/modbus/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/modbus/manifest.yml new file mode 100644 index 00000000000..c5ea2d6deae --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/modbus/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek modbus logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/modbus.log + os: + darwin: + default: + - /usr/local/var/logs/current/modbus.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.modbus + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek modbus logs (log) + description: Collect Zeek modbus logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/mysql/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/mysql/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..2602de2e2c1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/mysql/agent/stream/log.yml.hbs @@ -0,0 +1,34 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: mysql +processors: + - rename: + fields: + - from: "json" + to: "zeek.mysql" + - from: "zeek.mysql.id.orig_h" + to: "source.address" + - from: "zeek.mysql.id.orig_p" + to: "source.port" + - from: "zeek.mysql.id.resp_h" + to: "destination.address" + - from: "zeek.mysql.id.resp_p" + to: "destination.port" + - from: "zeek.mysql.uid" + to: "zeek.session_id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/mysql/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/mysql/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..ec55df982d7 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/mysql/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek mysql.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.mysql.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.mysql.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/fields.yml new file mode 100644 index 00000000000..411cd6a56da --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/fields.yml @@ -0,0 +1,23 @@ +- name: zeek.mysql + type: group + fields: + - name: cmd + type: keyword + description: | + The command that was issued. + - name: arg + type: keyword + description: | + The argument issued to the command. + - name: success + type: boolean + description: | + Whether the command succeeded. + - name: rows + type: integer + description: | + The number of affected rows, if any. + - name: response + type: keyword + description: | + Server message, if any. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/mysql/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/mysql/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/mysql/manifest.yml new file mode 100644 index 00000000000..0697f3d3b54 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/mysql/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek mysql logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/mysql.log + os: + darwin: + default: + - /usr/local/var/logs/current/mysql.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.mysql + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek mysql logs (log) + description: Collect Zeek mysql logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/notice/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/notice/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..03e98146e2e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/notice/agent/stream/log.yml.hbs @@ -0,0 +1,62 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +processors: + - drop_fields: + fields: ["json.actions"] + - rename: + fields: + - from: "json" + to: "zeek.notice" + - from: "zeek.notice.src" + to: "source.address" + - from: "zeek.notice.dst" + to: "destination.address" + - from: "zeek.notice.uid" + to: "zeek.session_id" + - from: "zeek.notice.p" + to: "destination.port" + - from: "zeek.notice.conn" + to: "zeek.notice.connnection_id" + - from: "zeek.notice.iconn" + to: "zeek.notice.icmp_id" + - from: "zeek.notice.id.orig_h" + to: "source.address" + - from: "zeek.notice.id.orig_p" + to: "source.port" + - from: "zeek.notice.id.resp_h" + to: "destination.address" + - from: "zeek.notice.id.resp_p" + to: "destination.port" + - from: "zeek.notice.proto" + to: "network.transport" + - from: "zeek.notice.id.orig_p" + to: "source.port" + - from: "zeek.notice.f.id" + to: "zeek.notice.file.id" + - from: "zeek.notice.f.parent_id" + to: "zeek.notice.file.parent_id" + - from: "zeek.notice.f.source" + to: "zeek.notice.file.source" + - from: "zeek.notice.f.is_orig" + to: "zeek.notice.file.is_orig" + - from: "zeek.notice.f.seen_bytes" + to: "zeek.notice.file.seen_bytes" + - from: "zeek.notice.f.total_bytes" + to: "zeek.notice.file.total_bytes" + - from: "zeek.notice.file_mime_type" + to: "zeek.notice.file.mime_type" + ignore_missing: true + fail_on_error: false + - drop_fields: + fields: ["zeek.notice.remote_location", "zeek.notice.f"] +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/notice/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/notice/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..b343068d6c6 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/notice/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,115 @@ +{ + "description": "Pipeline for normalizing Zeek notice.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.notice.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.notice.ts" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}", + "if": "ctx.destination?.address != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}", + "if": "ctx.source?.address != null" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "geoip": { + "field": "destination.ip", + "target_field": "destination.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "destination.ip", + "target_field": "destination.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.asn", + "target_field": "destination.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "destination.as.organization_name", + "target_field": "destination.as.organization.name", + "ignore_missing": true + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/fields.yml new file mode 100644 index 00000000000..e6a3a3c523a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/fields.yml @@ -0,0 +1,107 @@ +- name: zeek.notice + type: group + fields: + - name: connection_id + type: keyword + description: | + Identifier of the related connection session. + - name: icmp_id + type: keyword + description: | + Identifier of the related ICMP session. + - name: file.id + type: keyword + description: | + An identifier associated with a single file that is related to this notice. + - name: file.parent_id + type: keyword + description: | + Identifier associated with a container file from which this one was extracted. + - name: file.source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + - name: file.mime_type + type: keyword + description: | + A mime type if the notice is related to a file. + - name: file.is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + - name: file.seen_bytes + type: long + description: | + Number of bytes provided to the file analysis engine for the file. + - name: ffile.total_bytes + type: long + description: | + Total number of bytes that are supposed to comprise the full file. + - name: file.missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + - name: file.overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + - name: fuid + type: keyword + description: | + A file unique ID if this notice is related to a file. + - name: note + type: keyword + description: | + The type of the notice. + - name: msg + type: keyword + description: | + The human readable message for the notice. + - name: sub + type: keyword + description: | + The human readable sub-message. + - name: "n" + type: long + description: | + Associated count, or a status code. + - name: peer_name + type: keyword + description: | + Name of remote peer that raised this notice. + - name: peer_descr + type: text + description: | + Textual description for the peer that raised this notice. + - name: actions + type: keyword + description: | + The actions which have been applied to this notice. + - name: email_body_sections + type: text + description: | + By adding chunks of text into this element, other scripts can expand on notices + that are being emailed. + - name: email_delay_tokens + type: keyword + description: | + Adding a string token to this set will cause the built-in emailing functionality + to delay sending the email either the token has been removed or the email + has been delayed for the specified time duration. + - name: identifier + type: keyword + description: | + This field is provided when a notice is generated for the purpose of deduplicating notices. + - name: suppress_for + type: double + description: | + This field indicates the length of time that this unique notice should be suppressed. + - name: dropped + type: boolean + description: | + Indicate if the source IP address was dropped and denied network access. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/notice/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/notice/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/notice/manifest.yml new file mode 100644 index 00000000000..9ca6fc0c702 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/notice/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek notice logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/notice.log + os: + darwin: + default: + - /usr/local/var/logs/current/notice.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.notice + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek notice logs (log) + description: Collect Zeek notice logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ntlm/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..a0d97e55a73 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/agent/stream/log.yml.hbs @@ -0,0 +1,42 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ntlm +processors: + - rename: + fields: + - from: "json" + to: "zeek.ntlm" + - from: "zeek.ntlm.id.orig_h" + to: "source.address" + - from: "zeek.ntlm.id.orig_p" + to: "source.port" + - from: "zeek.ntlm.id.resp_h" + to: "destination.address" + - from: "zeek.ntlm.id.resp_p" + to: "destination.port" + - from: "zeek.ntlm.uid" + to: "zeek.session_id" + - from: "zeek.ntlm.domainname" + to: "zeek.ntlm.domain" + - from: "zeek.ntlm.server_dns_computer_name" + to: "zeek.ntlm.server.name.dns" + - from: "zeek.ntlm.server_nb_computer_name" + to: "zeek.ntlm.server.name.netbios" + - from: "zeek.ntlm.server_tree_name" + to: "zeek.ntlm.server.name.tree" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ntlm/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..680ea8815e0 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek ntlm.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.ntlm.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.ntlm.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/fields.yml new file mode 100644 index 00000000000..56575b2e960 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/fields.yml @@ -0,0 +1,37 @@ +- name: zeek.ntlm + type: group + fields: + - name: domain + type: keyword + description: | + Domain name given by the client. + - name: hostname + type: keyword + description: | + Hostname given by the client. + - name: success + type: boolean + description: | + Indicate whether or not the authentication was successful. + - name: username + type: keyword + description: | + Username given by the client. + - name: server + type: group + fields: + - name: name + type: group + fields: + - name: dns + type: keyword + description: | + DNS name given by the server in a CHALLENGE. + - name: netbios + type: keyword + description: | + NetBIOS name given by the server in a CHALLENGE. + - name: tree + type: keyword + description: | + Tree name given by the server in a CHALLENGE. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ntlm/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/manifest.yml new file mode 100644 index 00000000000..485a51eebb9 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ntlm/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek ntlm logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/ntlm.log + os: + darwin: + default: + - /usr/local/var/logs/current/ntlm.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.ntlm + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek ntlm logs (log) + description: Collect Zeek ntlm logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ocsp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..fbf45973a91 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/agent/stream/log.yml.hbs @@ -0,0 +1,41 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp +processors: + - rename: + fields: + - from: "json" + to: "zeek.ocsp" + - from: "zeek.ocsp.id" + to: "zeek.ocsp.file_id" + - from: "zeek.ocsp.hashAlgorithm" + to: "zeek.ocsp.hash.algorithm" + - from: "zeek.ocsp.issuerNameHash" + to: "zeek.ocsp.hash.issuer.name" + - from: "zeek.ocsp.issuerKeyHash" + to: "zeek.ocsp.hash.issuer.key" + - from: "zeek.ocsp.serialNumber" + to: "zeek.ocsp.serial_number" + - from: "zeek.ocsp.serialNumber" + to: "zeek.ocsp.serial_number" + - from: "zeek.ocsp.certStatus" + to: "zeek.ocsp.status" + - from: "zeek.ocsp.certStatus" + to: "zeek.ocsp.status" + - from: "zeek.ocsp.revoketime" + to: "zeek.ocsp.revoke.date" + - from: "zeek.ocsp.revokereason" + to: "zeek.ocsp.revoke.reason" + - from: "zeek.ocsp.thisUpdate" + to: "zeek.ocsp.update.this" + - from: "zeek.ocsp.nextUpdate" + to: "zeek.ocsp.update.next" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ocsp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..e56642bd4a8 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,52 @@ +{ + "description": "Pipeline for normalizing Zeek ocsp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.ocsp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.ocsp.ts" + } + }, + { + "date": { + "field": "zeek.ocsp.revoke.date", + "target_field": "zeek.ocsp.revoke.date", + "formats": ["UNIX"], + "if": "ctx.zeek.ocsp.revoke?.date != null" + } + }, + { + "date": { + "field": "zeek.ocsp.update.this", + "target_field": "zeek.ocsp.update.this", + "formats": ["UNIX"], + "if": "ctx.zeek.ocsp.update?.this != null" + } + }, + { + "date": { + "field": "zeek.ocsp.update.next", + "target_field": "zeek.ocsp.update.next", + "formats": ["UNIX"], + "if": "ctx.zeek.ocsp.update?.next != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/fields.yml new file mode 100644 index 00000000000..2a3645eabb0 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/fields.yml @@ -0,0 +1,55 @@ +- name: zeek.ocsp + type: group + fields: + - name: file_id + type: keyword + description: | + File id of the OCSP reply. + - name: hash + type: group + fields: + - name: algorithm + type: keyword + description: | + Hash algorithm used to generate issuerNameHash and issuerKeyHash. + - name: issuer + type: group + fields: + - name: name + type: keyword + description: | + Hash of the issuer's distingueshed name. + - name: key + type: keyword + description: | + Hash of the issuer's public key. + - name: serial_number + type: keyword + description: | + Serial number of the affected certificate. + - name: status + type: keyword + description: | + Status of the affected certificate. + - name: revoke + type: group + fields: + - name: time + type: date + description: | + Time at which the certificate was revoked. + - name: reason + type: keyword + description: | + Reason for which the certificate was revoked. + - name: update + type: group + fields: + - name: this + type: date + description: | + The time at which the status being shows is known to have been correct. + - name: next + type: date + description: | + The latest time at which new information about the status of the certificate will be available. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ocsp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/manifest.yml new file mode 100644 index 00000000000..9ad4a37d0a5 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ocsp/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek ocsp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/ocsp.log + os: + darwin: + default: + - /usr/local/var/logs/current/ocsp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.ocsp + template_path: log.yml.hbs + title: Zeek ocsp logs (log) + description: Collect Zeek ocsp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/pe/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/pe/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..565490274e7 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/pe/agent/stream/log.yml.hbs @@ -0,0 +1,17 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.pe" + - from: "zeek.pe.compile_ts" + to: "zeek.pe.compile_time" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/pe/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/pe/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..f950772464c --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/pe/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,36 @@ +{ + "description": "Pipeline for normalizing Zeek pe.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.pe.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.pe.ts" + } + }, + { + "date": { + "field": "zeek.pe.compile_time", + "target_field": "zeek.pe.compile_time", + "formats": ["UNIX"], + "if": "ctx.zeek.pe.compile_time != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/fields.yml new file mode 100644 index 00000000000..2357c22614e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/fields.yml @@ -0,0 +1,71 @@ +- name: zeek.pe + type: group + fields: + - name: client + type: keyword + description: | + The client's version string. + - name: id + type: keyword + description: | + File id of this portable executable file. + - name: machine + type: keyword + description: | + The target machine that the file was compiled for. + - name: compile_time + type: date + description: | + The time that the file was created at. + - name: os + type: keyword + description: | + The required operating system. + - name: subsystem + type: keyword + description: | + The subsystem that is required to run this file. + - name: is_exe + type: boolean + description: | + Is the file an executable, or just an object file? + - name: is_64bit + type: boolean + description: | + Is the file a 64-bit executable? + - name: uses_aslr + type: boolean + description: | + Does the file support Address Space Layout Randomization? + - name: uses_dep + type: boolean + description: | + Does the file support Data Execution Prevention? + - name: uses_code_integrity + type: boolean + description: | + Does the file enforce code integrity checks? + - name: uses_seh + type: boolean + description: | + Does the file use structured exception handing? + - name: has_import_table + type: boolean + description: | + Does the file have an import table? + - name: has_export_table + type: boolean + description: | + Does the file have an export table? + - name: has_cert_table + type: boolean + description: | + Does the file have an attribute certificate table? + - name: has_debug_data + type: boolean + description: | + Does the file have a debug table? + - name: section_names + type: keyword + description: | + The names of the sections, in order. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/pe/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/pe/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/pe/manifest.yml new file mode 100644 index 00000000000..a135e8226f8 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/pe/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek pe logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/pe.log + os: + darwin: + default: + - /usr/local/var/logs/current/pe.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.pe + template_path: log.yml.hbs + title: Zeek pe logs (log) + description: Collect Zeek pe logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/radius/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/radius/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..90df81dc703 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/radius/agent/stream/log.yml.hbs @@ -0,0 +1,34 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: udp + network.protocol: radius +processors: + - rename: + fields: + - from: "json" + to: "zeek.radius" + - from: "zeek.radius.id.orig_h" + to: "source.address" + - from: "zeek.radius.id.orig_p" + to: "source.port" + - from: "zeek.radius.id.resp_h" + to: "destination.address" + - from: "zeek.radius.id.resp_p" + to: "destination.port" + - from: "zeek.radius.uid" + to: "zeek.session_id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/radius/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/radius/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..72f645dd651 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/radius/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek radius.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.radius.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.radius.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/fields.yml new file mode 100644 index 00000000000..34df96c198e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/fields.yml @@ -0,0 +1,39 @@ +- name: zeek.radius + type: group + fields: + - name: username + type: keyword + description: | + The username, if present. + - name: mac + type: keyword + description: | + MAC address, if present. + - name: framed_addr + type: ip + description: | + The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address. + - name: remote_ip + type: ip + description: | + Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute. + - name: connect_info + type: keyword + description: | + Connect info, if present. + - name: reply_msg + type: keyword + description: | + Reply message from the server challenge. This is frequently shown to the user authenticating. + - name: result + type: keyword + description: | + Successful or failed authentication. + - name: ttl + type: integer + description: | + The duration between the first request and either the "Access-Accept" message or an error. If the field is empty, it means that either the request or response was not seen. + - name: logged + type: boolean + description: | + Whether this has already been logged and can be ignored. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/radius/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/radius/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/radius/manifest.yml new file mode 100644 index 00000000000..a0f9a1a6741 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/radius/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek radius logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/radius.log + os: + darwin: + default: + - /usr/local/var/logs/current/radius.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.radius + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek radius logs (log) + description: Collect Zeek radius logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rdp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/rdp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..1dd2ff43516 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rdp/agent/stream/log.yml.hbs @@ -0,0 +1,56 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: rdp +processors: + - rename: + fields: + - from: "json" + to: "zeek.rdp" + - from: "zeek.rdp.id.orig_h" + to: "source.address" + - from: "zeek.rdp.id.orig_p" + to: "source.port" + - from: "zeek.rdp.id.resp_h" + to: "destination.address" + - from: "zeek.rdp.id.resp_p" + to: "destination.port" + - from: "zeek.rdp.uid" + to: "zeek.session_id" + - from: "zeek.rdp.client_build" + to: "zeek.rdp.client.build" + - from: "zeek.rdp.client_name" + to: "zeek.rdp.client.name" + - from: "zeek.rdp.client_dig_product_id" + to: "zeek.rdp.client.product_id" + - from: "zeek.rdp.desktop_width" + to: "zeek.rdp.desktop.width" + - from: "zeek.rdp.desktop_height" + to: "zeek.rdp.desktop.height" + - from: "zeek.rdp.requested_color_depth" + to: "zeek.rdp.desktop.color_depth" + - from: "zeek.rdp.cert_type" + to: "zeek.rdp.cert.type" + - from: "zeek.rdp.cert_count" + to: "zeek.rdp.cert.count" + - from: "zeek.rdp.cert_permanent" + to: "zeek.rdp.cert.permanent" + - from: "zeek.rdp.encryption_level" + to: "zeek.rdp.encryption.level" + - from: "zeek.rdp.encryption_method" + to: "zeek.rdp.encryption.method" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rdp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/rdp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..ae56b98801f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rdp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,55 @@ +{ + "description": "Pipeline for normalizing Zeek rdp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.rdp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.rdp.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "convert": { + "field": "zeek.rdp.ssl", + "target_field": "tls.established", + "type": "boolean", + "ignore_missing": true + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/fields.yml new file mode 100644 index 00000000000..0ca63f0caf6 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/fields.yml @@ -0,0 +1,84 @@ +- name: zeek.rdp + type: group + fields: + - name: cookie + type: keyword + description: | + Cookie value used by the client machine. This is typically a username. + - name: result + type: keyword + description: | + Status result for the connection. It's a mix between RDP negotation failure messages and GCC server create response messages. + - name: security_protocol + type: keyword + description: | + Security protocol chosen by the server. + - name: keyboard_layout + type: keyword + description: | + Keyboard layout (language) of the client machine. + - name: client + type: group + fields: + - name: build + type: keyword + description: | + RDP client version used by the client machine. + - name: client_name + type: keyword + description: | + Name of the client machine. + - name: product_id + type: keyword + description: | + Product ID of the client machine. + - name: desktop + type: group + fields: + - name: width + type: integer + description: | + Desktop width of the client machine. + - name: height + type: integer + description: | + Desktop height of the client machine. + - name: color_depth + type: keyword + description: | + The color depth requested by the client in the high_color_depth field. + - name: cert + type: group + fields: + - name: type + type: keyword + description: | + If the connection is being encrypted with native RDP encryption, this is the type of cert being used. + - name: count + type: integer + description: | + The number of certs seen. X.509 can transfer an entire certificate chain. + - name: permanent + type: boolean + description: | + Indicates if the provided certificate or certificate chain is permanent or temporary. + - name: encryption + type: group + fields: + - name: level + type: keyword + description: | + Encryption level of the connection. + - name: method + type: keyword + description: | + Encryption method of the connection. + - name: done + type: boolean + description: | + Track status of logging RDP connections. + - name: ssl + type: boolean + description: | + (present if policy/protocols/rdp/indicate_ssl.bro is loaded) + Flag the connection if it was seen over SSL. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rdp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rdp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/rdp/manifest.yml new file mode 100644 index 00000000000..b93b5296d2c --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rdp/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek rdp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/rdp.log + os: + darwin: + default: + - /usr/local/var/logs/current/rdp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.rdp + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek rdp logs (log) + description: Collect Zeek rdp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rfb/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/rfb/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..04229bde167 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rfb/agent/stream/log.yml.hbs @@ -0,0 +1,46 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: rfb +processors: + - rename: + fields: + - from: "json" + to: "zeek.rfb" + - from: "zeek.rfb.id.orig_h" + to: "source.address" + - from: "zeek.rfb.id.orig_p" + to: "source.port" + - from: "zeek.rfb.id.resp_h" + to: "destination.address" + - from: "zeek.rfb.id.resp_p" + to: "destination.port" + - from: "zeek.rfb.uid" + to: "zeek.session_id" + - from: "zeek.rfb.client_major_version" + to: "zeek.rfb.version.client.major" + - from: "zeek.rfb.client_minor_version" + to: "zeek.rfb.version.client.minor" + - from: "zeek.rfb.server_major_version" + to: "zeek.rfb.version.server.major" + - from: "zeek.rfb.server_minor_version" + to: "zeek.rfb.version.server.minor" + - from: "zeek.rfb.auth" + to: "zeek.rfb.auth.success" + - from: "zeek.rfb.authentication_method" + to: "zeek.rfb.auth.method" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rfb/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/rfb/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..14ae112ffea --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rfb/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek rfb.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.rfb.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.rfb.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/fields.yml new file mode 100644 index 00000000000..ad39402e9dd --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/fields.yml @@ -0,0 +1,55 @@ +- name: zeek.rfb + type: group + fields: + - name: version + type: group + fields: + - name: client + type: group + fields: + - name: major + type: keyword + description: | + Major version of the client. + - name: minor + type: keyword + description: | + Minor version of the client. + - name: server + type: group + fields: + - name: major + type: keyword + description: | + Major version of the server. + - name: minor + type: keyword + description: | + Minor version of the server. + - name: auth + type: group + fields: + - name: success + type: boolean + description: | + Whether or not authentication was successful. + - name: method + type: keyword + description: | + Identifier of authentication method used. + - name: share_flag + type: boolean + description: | + Whether the client has an exclusive or a shared session. + - name: desktop_name + type: keyword + description: | + Name of the screen that is being shared. + - name: width + type: integer + description: | + Width of the screen that is being shared. + - name: height + type: integer + description: | + Height of the screen that is being shared. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rfb/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/rfb/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/rfb/manifest.yml new file mode 100644 index 00000000000..08d10db1c93 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/rfb/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek rfb logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/rfb.log + os: + darwin: + default: + - /usr/local/var/logs/current/rfb.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.rfb + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek rfb logs (log) + description: Collect Zeek rfb logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/sip/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/sip/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..69cbe457d4d --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/sip/agent/stream/log.yml.hbs @@ -0,0 +1,58 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: udp + network.protocol: sip +processors: + - rename: + fields: + - from: "json" + to: "zeek.sip" + - from: "zeek.sip.id.orig_h" + to: "source.address" + - from: "zeek.sip.id.orig_p" + to: "source.port" + - from: "zeek.sip.id.resp_h" + to: "destination.address" + - from: "zeek.sip.id.resp_p" + to: "destination.port" + - from: "zeek.sip.uid" + to: "zeek.session_id" + - from: "zeek.sip.trans_depth" + to: "zeek.sip.transaction_depth" + - from: "zeek.sip.method" + to: "zeek.sip.sequence.method" + - from: "zeek.sip.request_from" + to: "zeek.sip.request.from" + - from: "zeek.sip.request_to" + to: "zeek.sip.request.to" + - from: "zeek.sip.request_path" + to: "zeek.sip.request.path" + - from: "zeek.sip.request_body_len" + to: "zeek.sip.request.body_length" + - from: "zeek.sip.response_from" + to: "zeek.sip.response.from" + - from: "zeek.sip.response_to" + to: "zeek.sip.response.to" + - from: "zeek.sip.response_path" + to: "zeek.sip.response.path" + - from: "zeek.sip.response_body_len" + to: "zeek.sip.response.body_length" + - from: "zeek.sip.status_code" + to: "zeek.sip.status.code" + - from: "zeek.sip.status_msg" + to: "zeek.sip.status.msg" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/sip/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/sip/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..c3b7eab58fb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/sip/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,60 @@ +{ + "description": "Pipeline for normalizing Zeek sip.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.sip.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.sip.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "grok": { + "field": "zeek.sip.seq", + "patterns": ["%{NUMBER:zeek.sip.sequence.number}"], + "ignore_missing": true + } + }, + { + "remove": { + "field": "zeek.sip.seq", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/fields.yml new file mode 100644 index 00000000000..e20f211a6ee --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/fields.yml @@ -0,0 +1,99 @@ +- name: zeek.sip + type: group + fields: + - name: transaction_depth + type: integer + description: | + Represents the pipelined depth into the connection of this request/response transaction. + - name: sequence + type: group + fields: + - name: method + type: keyword + description: | + Verb used in the SIP request (INVITE, REGISTER etc.). + - name: number + type: keyword + description: | + Contents of the CSeq: header from the client. + - name: uri + type: keyword + description: | + URI used in the request. + - name: date + type: keyword + description: | + Contents of the Date: header from the client. + - name: request + type: group + fields: + - name: from + type: keyword + description: | + Contents of the request From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + - name: to + type: keyword + description: | + Contents of the To: header. + - name: path + type: keyword + description: | + The client message transmission path, as extracted from the headers. + - name: body_length + type: long + description: | + Contents of the Content-Length: header from the client. + - name: response + type: group + fields: + - name: from + type: keyword + description: | + Contents of the response From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + - name: to + type: keyword + description: | + Contents of the response To: header. + - name: path + type: keyword + description: | + The server message transmission path, as extracted from the headers. + - name: body_length + type: long + description: | + Contents of the Content-Length: header from the server. + - name: reply_to + type: keyword + description: | + Contents of the Reply-To: header. + - name: call_id + type: keyword + description: | + Contents of the Call-ID: header from the client. + - name: subject + type: keyword + description: | + Contents of the Subject: header from the client. + - name: user_agent + type: keyword + description: | + Contents of the User-Agent: header from the client. + - name: status + type: group + fields: + - name: code + type: integer + description: | + Status code returned by the server. + - name: msg + type: keyword + description: | + Status message returned by the server. + - name: warning + type: keyword + description: | + Contents of the Warning: header. + - name: content_type + type: keyword + description: | + Contents of the Content-Type: header from the server. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/sip/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/sip/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/sip/manifest.yml new file mode 100644 index 00000000000..d000c7bcb9c --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/sip/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek sip logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/sip.log + os: + darwin: + default: + - /usr/local/var/logs/current/sip.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.sip + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek sip logs (log) + description: Collect Zeek sip logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..e065b75eed1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/agent/stream/log.yml.hbs @@ -0,0 +1,68 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_cmd" + - drop_fields: + fields: + - "zeek.smb_cmd.referenced_file.ts" + - "zeek.smb_cmd.referenced_file.id.orig_p" + - "zeek.smb_cmd.referenced_file.id.resp_p" + - "zeek.smb_cmd.referenced_file.size" + - "zeek.smb_cmd.referenced_file.times.modified" + - "zeek.smb_cmd.referenced_file.times.accessed" + - "zeek.smb_cmd.referenced_file.times.created" + - "zeek.smb_cmd.referenced_file.times.changed" + ignore_missing: true + - drop_fields: + when: + not: + has_fields: ["zeek.smb_cmd.referenced_file.action"] + fields: + - "zeek.smb_cmd.referenced_file.uid" + - "zeek.smb_cmd.referenced_file.id.orig_h" + - "zeek.smb_cmd.referenced_file.id.resp_h" + ignore_missing: true + - rename: + fields: + - from: "zeek.smb_cmd.id.orig_h" + to: "source.address" + - from: "zeek.smb_cmd.id.orig_p" + to: "source.port" + - from: "zeek.smb_cmd.id.resp_h" + to: "destination.address" + - from: "zeek.smb_cmd.id.resp_p" + to: "destination.port" + - from: "zeek.smb_cmd.uid" + to: "zeek.session_id" + - from: "zeek.smb_cmd.referenced_file.uid" + to: "zeek.smb_cmd.file.uid" + - from: "zeek.smb_cmd.referenced_file.id.orig_h" + to: "zeek.smb_cmd.file.host.tx" + - from: "zeek.smb_cmd.referenced_file.id.resp_h" + to: "zeek.smb_cmd.file.host.rx" + - from: "zeek.smb_cmd.referenced_file.name" + to: "zeek.smb_cmd.file.name" + - from: "zeek.smb_cmd.referenced_file.path" + to: "zeek.smb_cmd.file.path" + - from: "zeek.smb_cmd.referenced_file.action" + to: "zeek.smb_cmd.file.action" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..6b1f7f1b2af --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,53 @@ +{ + "description": "Pipeline for normalizing Zeek smb_cmd.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.smb_cmd.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.smb_cmd.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "remove": { + "field": "zeek.smb_cmd.referenced_file", + "ignore_missing": true + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/fields.yml new file mode 100644 index 00000000000..d57fcb5aaae --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/fields.yml @@ -0,0 +1,75 @@ +- name: zeek.smb_cmd + type: group + fields: + - name: command + type: keyword + description: | + The command sent by the client. + - name: sub_command + type: keyword + description: | + The subcommand sent by the client, if present. + - name: argument + type: keyword + description: | + Command argument sent by the client, if any. + - name: status + type: keyword + description: | + Server reply to the client's command. + - name: rtt + type: double + description: | + Round trip time from the request to the response. + - name: version + type: keyword + description: | + Version of SMB for the command. + - name: username + type: keyword + description: | + Authenticated username, if available. + - name: tree + type: keyword + description: | + If this is related to a tree, this is the tree that was used for the current command. + - name: tree_service + type: keyword + description: | + The type of tree (disk share, printer share, named pipe, etc.). + - name: file + type: group + fields: + - name: name + type: keyword + description: | + Filename if one was seen. + - name: action + type: keyword + description: | + Action this log record represents. + - name: uid + type: keyword + description: | + UID of the referenced file. + - name: host + type: group + fields: + - name: tx + type: ip + description: | + Address of the transmitting host. + - name: rx + type: ip + description: | + Address of the receiving host. + - name: smb1_offered_dialects + type: keyword + description: | + Present if base/protocols/smb/smb1-main.bro is loaded. + Dialects offered by the client. + - name: smb2_offered_dialects + type: integer + description: | + Present if base/protocols/smb/smb2-main.bro is loaded. + Dialects offered by the client. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/manifest.yml new file mode 100644 index 00000000000..c97cfee1395 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_cmd/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek smb_cmd logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/smb_cmd.log + os: + darwin: + default: + - /usr/local/var/logs/current/smb_cmd.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.smb_cmd + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek smb_cmd logs (log) + description: Collect Zeek smb_cmd logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_files/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..13fb3fe9343 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/agent/stream/log.yml.hbs @@ -0,0 +1,34 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_files" + - from: "zeek.smb_files.id.orig_h" + to: "source.address" + - from: "zeek.smb_files.id.orig_p" + to: "source.port" + - from: "zeek.smb_files.id.resp_h" + to: "destination.address" + - from: "zeek.smb_files.id.resp_p" + to: "destination.port" + - from: "zeek.smb_files.uid" + to: "zeek.session_id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_files/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..b4cfcfaa5b1 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,103 @@ +{ + "description": "Pipeline for normalizing Zeek smb_files.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.smb_files.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.smb_files.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "dot_expander": { + "field": "times.accessed", + "path": "zeek.smb_files" + } + }, + { + "dot_expander": { + "field": "times.changed", + "path": "zeek.smb_files" + } + }, + { + "dot_expander": { + "field": "times.created", + "path": "zeek.smb_files" + } + }, + { + "dot_expander": { + "field": "times.modified", + "path": "zeek.smb_files" + } + }, + { + "date": { + "field": "zeek.smb_files.times.accessed", + "target_field": "zeek.smb_files.times.accessed", + "formats": ["UNIX"], + "if": "ctx.zeek.smb_files.times?.accessed != null" + } + }, + { + "date": { + "field": "zeek.smb_files.times.changed", + "target_field": "zeek.smb_files.times.changed", + "formats": ["UNIX"], + "if": "ctx.zeek.smb_files.times?.accessed != null" + } + }, + { + "date": { + "field": "zeek.smb_files.times.created", + "target_field": "zeek.smb_files.times.created", + "formats": ["UNIX"], + "if": "ctx.zeek.smb_files.times?.accessed != null" + } + }, + { + "date": { + "field": "zeek.smb_files.times.modified", + "target_field": "zeek.smb_files.times.modified", + "formats": ["UNIX"], + "if": "ctx.zeek.smb_files.times?.accessed != null" + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/fields.yml new file mode 100644 index 00000000000..c90e9c215f5 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/fields.yml @@ -0,0 +1,50 @@ +- name: zeek.smb_files + type: group + fields: + - name: action + type: keyword + description: | + Action this log record represents. + - name: fid + type: integer + description: | + ID referencing this file. + - name: name + type: keyword + description: | + Filename if one was seen. + - name: path + type: keyword + description: | + Path pulled from the tree this file was transferred to or from. + - name: previous_name + type: keyword + description: | + If the rename action was seen, this will be the file's previous name. + - name: size + type: long + description: | + Byte size of the file. + - name: times + type: group + fields: + - name: accessed + type: date + description: | + The file's access time. + - name: changed + type: date + description: | + The file's change time. + - name: created + type: date + description: | + The file's create time. + - name: modified + type: date + description: | + The file's modify time. + - name: uuid + type: keyword + description: | + UUID referencing this file if DCE/RPC. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_files/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/manifest.yml new file mode 100644 index 00000000000..fbe5f59f2e0 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_files/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek smb_files logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/smb_files.log + os: + darwin: + default: + - /usr/local/var/logs/current/smb_files.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.smb_files + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek smb_files logs (log) + description: Collect Zeek smb_files logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..7d97a778253 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/agent/stream/log.yml.hbs @@ -0,0 +1,34 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smb +processors: + - rename: + fields: + - from: "json" + to: "zeek.smb_mapping" + - from: "zeek.smb_mapping.id.orig_h" + to: "source.address" + - from: "zeek.smb_mapping.id.orig_p" + to: "source.port" + - from: "zeek.smb_mapping.id.resp_h" + to: "destination.address" + - from: "zeek.smb_mapping.id.resp_p" + to: "destination.port" + - from: "zeek.smb_mapping.uid" + to: "zeek.session_id" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..c15ad371ed3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek smb_mapping.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.smb_mapping.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.smb_mapping.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure": [{ + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/fields.yml new file mode 100644 index 00000000000..c1a7407075e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/fields.yml @@ -0,0 +1,20 @@ +- name: zeek.smb_mapping + type: group + fields: + - name: path + type: keyword + description: | + Name of the tree path. + - name: service + type: keyword + description: | + The type of resource of the tree (disk share, printer share, named pipe, etc.). + - name: native_file_system + type: keyword + description: | + File system of the tree. + - name: share_type + type: keyword + description: | + If this is SMB2, a share type will be included. For SMB1, the type of share + will be deduced and included as well. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/manifest.yml new file mode 100644 index 00000000000..24eef39f1b3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smb_mapping/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek smb_mapping logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/smb_mapping.log + os: + darwin: + default: + - /usr/local/var/logs/current/smb_mapping.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.smb_mapping + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek smb_mapping logs (log) + description: Collect Zeek smb_mapping logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smtp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/smtp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..29ffb38cc32 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smtp/agent/stream/log.yml.hbs @@ -0,0 +1,40 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: smtp +processors: + - rename: + fields: + - from: "json" + to: "zeek.smtp" + - from: "zeek.smtp.id.orig_h" + to: "source.address" + - from: "zeek.smtp.id.orig_p" + to: "source.port" + - from: "zeek.smtp.id.resp_h" + to: "destination.address" + - from: "zeek.smtp.id.resp_p" + to: "destination.port" + - from: "zeek.smtp.uid" + to: "zeek.session_id" + - from: "zeek.smtp.trans_depth" + to: "zeek.smtp.transaction_depth" + - from: "zeek.smtp.mailfrom" + to: "zeek.smtp.mail_from" + - from: "zeek.smtp.rcptto" + to: "zeek.smtp.rcpt_to" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smtp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/smtp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..44bc0b189aa --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smtp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,63 @@ +{ + "description": "Pipeline for normalizing Zeek smtp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.smtp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.smtp.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "convert": { + "field": "zeek.smtp.tls", + "target_field": "tls.established", + "type": "boolean", + "ignore_missing": true + } + }, + { + "date": { + "field": "zeek.smtp.date", + "target_field": "zeek.smtp.date", + "formats": ["EEE, d MMM yyyy HH:mm:ss Z"], + "if": "ctx.zeek.smtp.date != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/fields.yml new file mode 100644 index 00000000000..fded1969156 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/fields.yml @@ -0,0 +1,96 @@ +- name: zeek.smtp + type: group + fields: + - name: transaction_depth + type: integer + description: | + A count to represent the depth of this message transaction in a single connection where multiple messages were transferred. + - name: helo + type: keyword + description: | + Contents of the Helo header. + - name: mail_from + type: keyword + description: | + Email addresses found in the MAIL FROM header. + - name: rcpt_to + type: keyword + description: | + Email addresses found in the RCPT TO header. + - name: date + type: date + description: | + Contents of the Date header. + - name: from + type: keyword + description: | + Contents of the From header. + - name: to + type: keyword + description: | + Contents of the To header. + - name: cc + type: keyword + description: | + Contents of the CC header. + - name: reply_to + type: keyword + description: | + Contents of the ReplyTo header. + - name: msg_id + type: keyword + description: | + Contents of the MsgID header. + - name: in_reply_to + type: keyword + description: | + Contents of the In-Reply-To header. + - name: subject + type: keyword + description: | + Contents of the Subject header. + - name: x_originating_ip + type: keyword + description: | + Contents of the X-Originating-IP header. + - name: first_received + type: keyword + description: | + Contents of the first Received header. + - name: second_received + type: keyword + description: | + Contents of the second Received header. + - name: last_reply + type: keyword + description: | + The last message that the server sent to the client. + - name: path + type: ip + description: | + The message transmission path, as extracted from the headers. + - name: user_agent + type: keyword + description: | + Value of the User-Agent header from the client. + - name: tls + type: boolean + description: | + Indicates that the connection has switched to using TLS. + - name: process_received_from + type: boolean + description: | + Indicates if the "Received: from" headers should still be processed. + - name: has_client_activity + type: boolean + description: | + Indicates if client activity has been seen, but not yet logged. + - name: fuids + type: keyword + description: | + (present if base/protocols/smtp/files.bro is loaded) + An ordered vector of file unique IDs seen attached to the message. + - name: is_webmail + type: boolean + description: | + Indicates if the message was sent through a webmail interface. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smtp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/smtp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/smtp/manifest.yml new file mode 100644 index 00000000000..3a633e8edfa --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/smtp/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek smtp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/smtp.log + os: + darwin: + default: + - /usr/local/var/logs/current/smtp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.smtp + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek smtp logs (log) + description: Collect Zeek smtp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/snmp/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/snmp/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..52606ef3cdc --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/snmp/agent/stream/log.yml.hbs @@ -0,0 +1,42 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: udp + network.protocol: snmp +processors: + - rename: + fields: + - from: "json" + to: "zeek.snmp" + - from: "zeek.snmp.id.orig_h" + to: "source.address" + - from: "zeek.snmp.id.orig_p" + to: "source.port" + - from: "zeek.snmp.id.resp_h" + to: "destination.address" + - from: "zeek.snmp.id.resp_p" + to: "destination.port" + - from: "zeek.snmp.uid" + to: "event.id" + - from: "zeek.snmp.get_requests" + to: "zeek.snmp.get.requests" + - from: "zeek.snmp.get_bulk_requests" + to: "zeek.snmp.get.bulk_requests" + - from: "zeek.snmp.get_responses" + to: "zeek.snmp.get.responses" + - from: "zeek.snmp.set_requests" + to: "zeek.snmp.set.requests" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/snmp/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/snmp/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..646b7edf845 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/snmp/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,55 @@ +{ + "description": "Pipeline for normalizing Zeek snmp.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.snmp.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.snmp.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "date": { + "field": "zeek.snmp.up_since", + "target_field": "zeek.snmp.up_since", + "formats": ["UNIX"], + "if": "ctx.zeek.snmp.up_since != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/fields.yml new file mode 100644 index 00000000000..97e70a5a328 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/fields.yml @@ -0,0 +1,45 @@ +- name: zeek.snmp + type: group + fields: + - name: duration + type: double + description: | + The amount of time between the first packet beloning to the SNMP session and the latest one seen. + - name: version + type: keyword + description: | + The version of SNMP being used. + - name: community + type: keyword + description: | + The community string of the first SNMP packet associated with the session. This is used as part of SNMP's (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901. + - name: get + type: group + fields: + - name: requests + type: integer + description: | + The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session. + - name: bulk_requests + type: integer + description: | + The number of variable bindings in GetBulkRequest PDUs seen for the session. + - name: responses + type: integer + description: | + The number of variable bindings in GetResponse/Response PDUs seen for the session. + - name: set + type: group + fields: + - name: requests + type: integer + description: | + The number of variable bindings in SetRequest PDUs seen for the session. + - name: display_string + type: keyword + description: | + A system description of the SNMP responder endpoint. + - name: up_since + type: date + description: | + The time at which the SNMP responder endpoint claims it's been up since. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/snmp/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/snmp/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/snmp/manifest.yml new file mode 100644 index 00000000000..099683e3199 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/snmp/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek snmp logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/snmp.log + os: + darwin: + default: + - /usr/local/var/logs/current/snmp.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.snmp + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek snmp logs (log) + description: Collect Zeek snmp logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/socks/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/socks/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..67736d0b80f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/socks/agent/stream/log.yml.hbs @@ -0,0 +1,40 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: socks +processors: + - rename: + fields: + - from: "json" + to: "zeek.socks" + - from: "zeek.socks.id.orig_h" + to: "source.address" + - from: "zeek.socks.id.orig_p" + to: "source.port" + - from: "zeek.socks.id.resp_h" + to: "destination.address" + - from: "zeek.socks.id.resp_p" + to: "destination.port" + - from: "zeek.socks.uid" + to: "zeek.session_id" + - from: "zeek.socks.request.name" + to: "zeek.socks.request.host" + - from: "zeek.socks.request_p" + to: "zeek.socks.request.port" + - from: "zeek.socks.bound_p" + to: "zeek.socks.bound.port" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/socks/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/socks/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..eabb2837d82 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/socks/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,53 @@ +{ + "description": "Pipeline for normalizing Zeek socks.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.socks.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.socks.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + }, + { + "dot_expander": { + "field": "bound.host", + "path": "zeek.socks" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/fields.yml new file mode 100644 index 00000000000..fbe0bef70db --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/fields.yml @@ -0,0 +1,45 @@ +- name: zeek.socks + type: group + fields: + - name: version + type: integer + description: | + Protocol version of SOCKS. + - name: user + type: keyword + description: | + Username used to request a login to the proxy. + - name: password + type: keyword + description: | + Password used to request a login to the proxy. + - name: status + type: keyword + description: | + Server status for the attempt at using the proxy. + - name: request + type: group + fields: + - name: host + type: keyword + description: | + Client requested SOCKS address. Could be an address, a name or both. + - name: port + type: integer + description: | + Client requested port. + - name: bound + type: group + fields: + - name: host + type: keyword + description: | + Server bound address. Could be an address, a name or both. + - name: port + type: integer + description: | + Server bound port. + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/socks/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/socks/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/socks/manifest.yml new file mode 100644 index 00000000000..d87104973bb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/socks/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek socks logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/socks.log + os: + darwin: + default: + - /usr/local/var/logs/current/socks.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.socks + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek socks logs (log) + description: Collect Zeek socks logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssh/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/ssh/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..0915945eb83 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssh/agent/stream/log.yml.hbs @@ -0,0 +1,48 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp + network.protocol: ssh +processors: + - rename: + fields: + - from: "json" + to: "zeek.ssh" + - from: "zeek.ssh.id.orig_h" + to: "source.address" + - from: "zeek.ssh.id.orig_p" + to: "source.port" + - from: "zeek.ssh.id.resp_h" + to: "destination.address" + - from: "zeek.ssh.id.resp_p" + to: "destination.port" + - from: "zeek.ssh.uid" + to: "zeek.session_id" + - from: "zeek.ssh.auth_attempts" + to: "zeek.ssh.auth.attempts" + - from: "zeek.ssh.auth_success" + to: "zeek.ssh.auth.success" + - from: "zeek.ssh.cipher_alg" + to: "zeek.ssh.algorithm.cipher" + - from: "zeek.ssh.mac_alg" + to: "zeek.ssh.algorithm.mac" + - from: "zeek.ssh.compression_alg" + to: "zeek.ssh.algorithm.compression" + - from: "zeek.ssh.kex_alg" + to: "zeek.ssh.algorithm.key_exchange" + - from: "zeek.ssh.host_key_alg" + to: "zeek.ssh.algorithm.host_key" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssh/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/ssh/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..2eefd208860 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssh/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek ssh.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.ssh.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.ssh.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/fields.yml new file mode 100644 index 00000000000..e1899c601eb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/fields.yml @@ -0,0 +1,62 @@ +- name: zeek.ssh + type: group + fields: + - name: client + type: keyword + description: | + The client's version string. + - name: direction + type: keyword + description: | + Direction of the connection. If the client was a local host logging into + an external host, this would be OUTBOUND. INBOUND would be set for the + opposite situation. + - name: host_key + type: keyword + description: | + The server's key thumbprint. + - name: server + type: keyword + description: | + The server's version string. + - name: version + type: integer + description: | + SSH major version (1 or 2). + - name: algorithm + type: group + fields: + - name: cipher + type: keyword + description: | + The encryption algorithm in use. + - name: compression + type: keyword + description: | + The compression algorithm in use. + - name: host_key + type: keyword + description: | + The server host key's algorithm. + - name: key_exchange + type: keyword + description: | + The key exchange algorithm in use. + - name: mac + type: keyword + description: | + The signing (MAC) algorithm in use. + - name: auth + type: group + fields: + - name: attempts + type: integer + description: | + The number of authentication attemps we observed. There's always at + least one, since some servers might support no authentication at all. + It's important to note that not all of these are failures, since some + servers require two-factor auth (e.g. password AND pubkey). + - name: success + type: boolean + description: | + Authentication result. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssh/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssh/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssh/manifest.yml new file mode 100644 index 00000000000..517b48c3c6d --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssh/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek ssh logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/ssh.log + os: + darwin: + default: + - /usr/local/var/logs/current/ssh.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.ssh + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek ssh logs (log) + description: Collect Zeek ssh logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssl/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/ssl/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..9a4d2641035 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssl/agent/stream/log.yml.hbs @@ -0,0 +1,47 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.transport: tcp +processors: + - rename: + fields: + - from: "json" + to: "zeek.ssl" + - from: "zeek.ssl.id.orig_h" + to: "source.address" + - from: "zeek.ssl.id.orig_p" + to: "source.port" + - from: "zeek.ssl.id.resp_h" + to: "destination.address" + - from: "zeek.ssl.id.resp_p" + to: "destination.port" + - from: "zeek.ssl.uid" + to: "zeek.session_id" + - from: "zeek.ssl.server_name" + to: "zeek.ssl.server.name" + - from: "zeek.ssl.cert_chain" + to: "zeek.ssl.server.cert_chain" + - from: "zeek.ssl.cert_chain_fuids" + to: "zeek.ssl.server.cert_chain_fuids" + - from: "zeek.ssl.client_cert_chain" + to: "zeek.ssl.client.cert_chain" + - from: "zeek.ssl.client_cert_chain_fuids" + to: "zeek.ssl.client.cert_chain_fuids" + - from: "zeek.ssl.validation_status" + to: "zeek.ssl.validation.status" + - from: "zeek.ssl.validation_code" + to: "zeek.ssl.validation.code" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.address +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssl/elasticsearch/ingest-pipeline/default.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssl/elasticsearch/ingest-pipeline/default.yml new file mode 100644 index 00000000000..2a5ebf4ce7a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssl/elasticsearch/ingest-pipeline/default.yml @@ -0,0 +1,255 @@ +--- +description: Pipeline for normalizing Zeek ssl.log +processors: +- set: + field: event.created + value: '{{_ingest.timestamp}}' +- date: + field: zeek.ssl.ts + formats: + - UNIX +- remove: + field: zeek.ssl.ts +- set: + field: event.id + value: '{{zeek.session_id}}' + if: ctx.zeek.session_id != null +- set: + field: source.ip + value: '{{source.address}}' +- set: + field: destination.ip + value: '{{destination.address}}' +- geoip: + field: destination.ip + target_field: destination.geo +- geoip: + field: source.ip + target_field: source.geo +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- remove: + field: zeek.ssl.client.cert_chain_fuids + if: ctx.zeek.ssl.client?.cert_chain_fuids?.length == 0 + ignore_missing: true +- gsub: + field: zeek.ssl.issuer + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.issuer + field_split: ',' + value_split: = + target_field: zeek.ssl.server.issuer + ignore_missing: true +- rename: + field: zeek.ssl.issuer + target_field: tls.server.issuer + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.C + target_field: zeek.ssl.server.issuer.country + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.CN + target_field: zeek.ssl.server.issuer.common_name + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.L + target_field: zeek.ssl.server.issuer.locality + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.O + target_field: zeek.ssl.server.issuer.organization + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.OU + target_field: zeek.ssl.server.issuer.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.server.issuer.ST + target_field: zeek.ssl.server.issuer.state + ignore_missing: true +- gsub: + field: zeek.ssl.subject + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.subject + field_split: ',' + value_split: = + target_field: zeek.ssl.server.subject + ignore_missing: true +- remove: + field: zeek.ssl.subject + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.C + target_field: zeek.ssl.server.subject.country + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.CN + target_field: zeek.ssl.server.subject.common_name + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.L + target_field: zeek.ssl.server.subject.locality + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.O + target_field: zeek.ssl.server.subject.organization + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.OU + target_field: zeek.ssl.server.subject.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.server.subject.ST + target_field: zeek.ssl.server.subject.state + ignore_missing: true +- gsub: + field: zeek.ssl.client_issuer + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.client_issuer + field_split: ',' + value_split: = + target_field: zeek.ssl.client.issuer + ignore_missing: true +- rename: + field: zeek.ssl.client_issuer + target_field: tls.client.issuer + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.C + target_field: zeek.ssl.client.issuer.country + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.CN + target_field: zeek.ssl.client.issuer.common_name + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.L + target_field: zeek.ssl.client.issuer.locality + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.O + target_field: zeek.ssl.client.issuer.organization + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.OU + target_field: zeek.ssl.client.issuer.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.client.issuer.ST + target_field: zeek.ssl.client.issuer.state + ignore_missing: true +- gsub: + field: zeek.ssl.client_subject + pattern: \\, + replacement: "" + ignore_missing: true +- kv: + field: zeek.ssl.client_subject + field_split: ',' + value_split: = + target_field: zeek.ssl.client.subject + ignore_missing: true +- remove: + field: zeek.ssl.client_subject + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.C + target_field: zeek.ssl.client.subject.country + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.CN + target_field: zeek.ssl.client.subject.common_name + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.L + target_field: zeek.ssl.client.subject.locality + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.O + target_field: zeek.ssl.client.subject.organization + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.OU + target_field: zeek.ssl.client.subject.organizational_unit + ignore_missing: true +- rename: + field: zeek.ssl.client.subject.ST + target_field: zeek.ssl.client.subject.state + ignore_missing: true +- set: + field: tls.cipher + value: '{{zeek.ssl.cipher}}' + if: ctx.zeek?.ssl?.cipher != null +- set: + field: tls.curve + value: '{{zeek.ssl.curve}}' + if: ctx.zeek?.ssl?.curve != null +- convert: + target_field: tls.established + field: zeek.ssl.established + type: boolean + ignore_missing: true +- convert: + target_field: tls.resumed + field: zeek.ssl.resumed + type: boolean + ignore_missing: true +- script: + lang: painless + if: ctx.zeek?.ssl?.version != null + source: >- + def parts = ctx.zeek.ssl.version.splitOnToken("v"); + if (parts.length != 2) { + return; + } + if (parts[0] == "SSL") { + ctx.tls.version = parts[1] + ".0"; + } else { + ctx.tls.version = parts[1].substring(0,1) + "." + parts[1].substring(1); + } + ctx.tls.version_protocol = parts[0].toLowerCase(); + +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/fields.yml new file mode 100644 index 00000000000..84482fa63c2 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/fields.yml @@ -0,0 +1,178 @@ +- name: zeek.ssl + type: group + fields: + - name: version + type: keyword + description: | + SSL/TLS version that was logged. + - name: cipher + type: keyword + description: | + SSL/TLS cipher suite that was logged. + - name: curve + type: keyword + description: | + Elliptic curve that was logged when using ECDH/ECDHE. + - name: resumed + type: boolean + description: | + Flag to indicate if the session was resumed reusing the key material exchanged in an + earlier connection. + - name: next_protocol + type: keyword + description: | + Next protocol the server chose using the application layer next protocol extension. + - name: established + type: boolean + description: | + Flag to indicate if this ssl session has been established successfully. + - name: validation + type: group + fields: + - name: status + type: keyword + description: | + Result of certificate validation for this connection. + - name: code + type: keyword + description: | + Result of certificate validation for this connection, given as OpenSSL validation code. + - name: last_alert + type: keyword + description: | + Last alert that was seen during the connection. + - name: server + type: group + fields: + - name: name + type: keyword + description: | + Value of the Server Name Indicator SSL/TLS extension. It indicates the server name + that the client was requesting. + - name: cert_chain + type: keyword + description: | + Chain of certificates offered by the server to validate its complete signing chain. + - name: cert_chain_fuids + type: keyword + description: | + An ordered vector of certificate file identifiers for the certificates offered by the server. + - name: issuer + type: group + fields: + - name: common_name + type: keyword + description: | + Common name of the signer of the X.509 certificate offered by the server. + - name: country + type: keyword + description: | + Country code of the signer of the X.509 certificate offered by the server. + - name: locality + type: keyword + description: | + Locality of the signer of the X.509 certificate offered by the server. + - name: organization + type: keyword + description: | + Organization of the signer of the X.509 certificate offered by the server. + - name: organizational_unit + type: keyword + description: | + Organizational unit of the signer of the X.509 certificate offered by the server. + - name: state + type: keyword + description: | + State or province name of the signer of the X.509 certificate offered by the server. + - name: subject + type: group + fields: + - name: common_name + type: keyword + description: | + Common name of the X.509 certificate offered by the server. + - name: country + type: keyword + description: | + Country code of the X.509 certificate offered by the server. + - name: locality + type: keyword + description: | + Locality of the X.509 certificate offered by the server. + - name: organization + type: keyword + description: | + Organization of the X.509 certificate offered by the server. + - name: organizational_unit + type: keyword + description: | + Organizational unit of the X.509 certificate offered by the server. + - name: state + type: keyword + description: | + State or province name of the X.509 certificate offered by the server. + - name: client + type: group + fields: + - name: cert_chain + type: keyword + description: | + Chain of certificates offered by the client to validate its complete signing chain. + - name: cert_chain_fuids + type: keyword + description: | + An ordered vector of certificate file identifiers for the certificates offered by the client. + - name: issuer + type: group + fields: + - name: common_name + type: keyword + description: | + Common name of the signer of the X.509 certificate offered by the client. + - name: country + type: keyword + description: | + Country code of the signer of the X.509 certificate offered by the client. + - name: locality + type: keyword + description: | + Locality of the signer of the X.509 certificate offered by the client. + - name: organization + type: keyword + description: | + Organization of the signer of the X.509 certificate offered by the client. + - name: organizational_unit + type: keyword + description: | + Organizational unit of the signer of the X.509 certificate offered by the client. + - name: state + type: keyword + description: | + State or province name of the signer of the X.509 certificate offered by the client. + - name: subject + type: group + fields: + - name: common_name + type: keyword + description: | + Common name of the X.509 certificate offered by the client. + - name: country + type: keyword + description: | + Country code of the X.509 certificate offered by the client. + - name: locality + type: keyword + description: | + Locality of the X.509 certificate offered by the client. + - name: organization + type: keyword + description: | + Organization of the X.509 certificate offered by the client. + - name: organizational_unit + type: keyword + description: | + Organizational unit of the X.509 certificate offered by the client. + - name: state + type: keyword + description: | + State or province name of the X.509 certificate offered by the client. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssl/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/ssl/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/ssl/manifest.yml new file mode 100644 index 00000000000..8cd1637d89a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/ssl/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek ssl logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/ssl.log + os: + darwin: + default: + - /usr/local/var/logs/current/ssl.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.ssl + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek ssl logs (log) + description: Collect Zeek ssl logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/stats/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/stats/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..c8e119db81b --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/stats/agent/stream/log.yml.hbs @@ -0,0 +1,65 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.stats" + - from: "zeek.stats.mem" + to: "zeek.stats.memory" + - from: "zeek.stats.pkts_proc" + to: "zeek.stats.packets.processed" + - from: "zeek.stats.pkts_dropped" + to: "zeek.stats.packets.dropped" + - from: "zeek.stats.pkts_link" + to: "zeek.stats.packets.received" + - from: "zeek.stats.pkts_link" + to: "zeek.stats.packets.received" + - from: "zeek.stats.bytes_recv" + to: "zeek.stats.bytes.received" + - from: "zeek.stats.tcp_conns" + to: "zeek.stats.connections.tcp.count" + - from: "zeek.stats.active_tcp_conns" + to: "zeek.stats.connections.tcp.active" + - from: "zeek.stats.udp_conns" + to: "zeek.stats.connections.udp.count" + - from: "zeek.stats.active_udp_conns" + to: "zeek.stats.connections.udp.active" + - from: "zeek.stats.icmp_conns" + to: "zeek.stats.connections.icmp.count" + - from: "zeek.stats.active_icmp_conns" + to: "zeek.stats.connections.icmp.active" + - from: "zeek.stats.events_proc" + to: "zeek.stats.events.processed" + - from: "zeek.stats.events_queued" + to: "zeek.stats.events.queued" + - from: "zeek.stats.timers" + to: "zeek.stats.timers.count" + - from: "zeek.stats.active_timers" + to: "zeek.stats.timers.active" + - from: "zeek.stats.files" + to: "zeek.stats.files.count" + - from: "zeek.stats.active_files" + to: "zeek.stats.files.active" + - from: "zeek.stats.dns_requests" + to: "zeek.stats.dns_requests.count" + - from: "zeek.stats.active_dns_requests" + to: "zeek.stats.dns_requests.active" + - from: "zeek.stats.reassem_tcp_size" + to: "zeek.stats.reassembly_size.tcp" + - from: "zeek.stats.reassem_file_size" + to: "zeek.stats.reassembly_size.file" + - from: "zeek.stats.reassem_frag_size" + to: "zeek.stats.reassembly_size.frag" + - from: "zeek.stats.reassem_unknown_size" + to: "zeek.stats.reassembly_size.unknown" + - from: "zeek.stats.pkt_lag" + to: "zeek.stats.timestamp_lag" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/stats/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/stats/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..6115bc6c1d2 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/stats/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,28 @@ +{ + "description": "Pipeline for normalizing Zeek stats.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.stats.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.stats.ts" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 00000000000..7bcdd1435bc --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,136 @@ +- name: zeek.stats + type: group + fields: + - name: peer + type: keyword + description: | + Peer that generated this log. Mostly for clusters. + - name: memory + type: integer + description: | + Amount of memory currently in use in MB. + - name: packets + type: group + fields: + - name: processed + type: long + description: | + Number of packets processed since the last stats interval. + - name: dropped + type: long + description: | + Number of packets dropped since the last stats interval if reading live traffic. + - name: received + type: long + description: | + Number of packets seen on the link since the last stats interval if reading live traffic. + - name: bytes + type: group + fields: + - name: received + type: long + description: | + Number of bytes received since the last stats interval if reading live traffic. + - name: connections + type: group + fields: + - name: tcp + type: group + fields: + - name: active + type: integer + description: | + TCP connections currently in memory. + - name: count + type: integer + description: | + TCP connections seen since last stats interval. + - name: udp + type: group + fields: + - name: active + type: integer + description: | + UDP connections currently in memory. + - name: count + type: integer + description: | + UDP connections seen since last stats interval. + - name: icmp + type: group + fields: + - name: active + type: integer + description: | + ICMP connections currently in memory. + - name: count + type: integer + description: | + ICMP connections seen since last stats interval. + - name: events + type: group + fields: + - name: processed + type: integer + description: | + Number of events processed since the last stats interval. + - name: queued + type: integer + description: | + Number of events that have been queued since the last stats interval. + - name: timers + type: group + fields: + - name: count + type: integer + description: | + Number of timers scheduled since last stats interval. + - name: active + type: integer + description: | + Current number of scheduled timers. + - name: files + type: group + fields: + - name: count + type: integer + description: | + Number of files seen since last stats interval. + - name: active + type: integer + description: | + Current number of files actively being seen. + - name: dns_requests + type: group + fields: + - name: count + type: integer + description: | + Number of DNS requests seen since last stats interval. + - name: active + type: integer + description: | + Current number of DNS requests awaiting a reply. + - name: reassembly_size + type: group + fields: + - name: tcp + type: integer + description: | + Current size of TCP data in reassembly. + - name: file + type: integer + description: | + Current size of File data in reassembly. + - name: frag + type: integer + description: | + Current size of packet fragment data in reassembly. + - name: unknown + type: integer + description: | + Current size of unknown data in reassembly (this is only PIA buffer right now). + - name: timestamp_lag + type: integer + description: | + Lag between the wall clock and packet timestamps if reading live traffic. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/stats/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/stats/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/stats/manifest.yml new file mode 100644 index 00000000000..2f5981fedc9 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/stats/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek stats logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/stats.log + os: + darwin: + default: + - /usr/local/var/logs/current/stats.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.stats + template_path: log.yml.hbs + title: Zeek stats logs (log) + description: Collect Zeek stats logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/syslog/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/syslog/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..4427b7f42c7 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/syslog/agent/stream/log.yml.hbs @@ -0,0 +1,37 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +fields: + network.protocol: syslog +processors: + - rename: + fields: + - from: "json" + to: "zeek.syslog" + - from: "zeek.syslog.id.orig_h" + to: "source.address" + - from: "zeek.syslog.id.orig_p" + to: "source.port" + - from: "zeek.syslog.id.resp_h" + to: "destination.address" + - from: "zeek.syslog.id.resp_p" + to: "destination.port" + - from: "zeek.syslog.uid" + to: "zeek.session_id" + - from: "zeek.syslog.proto" + to: "network.transport" + - from: "zeek.syslog.message" + to: "zeek.syslog.msg" + ignore_missing: true + fail_on_error: false +{{#if community_id}} + - community_id: + fields: + source_ip: source.address + destination_ip: destination.addresss +{{/if}} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..fcb98b1b91d --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/syslog/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek syslog.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.syslog.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.syslog.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/fields.yml new file mode 100644 index 00000000000..29b14cb1d32 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/fields.yml @@ -0,0 +1,15 @@ +- name: zeek.syslog + type: group + fields: + - name: facility + type: keyword + description: | + Syslog facility for the message. + - name: severity + type: keyword + description: | + Syslog severity for the message. + - name: message + type: keyword + description: | + The plain text message. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/syslog/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/syslog/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/syslog/manifest.yml new file mode 100644 index 00000000000..555c288c7a4 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/syslog/manifest.yml @@ -0,0 +1,36 @@ +title: Zeek syslog logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/syslog.log + os: + darwin: + default: + - /usr/local/var/logs/current/syslog.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.syslog + - name: community_id + type: bool + title: Community Id + multi: false + required: true + show_user: true + default: true + template_path: log.yml.hbs + title: Zeek syslog logs (log) + description: Collect Zeek syslog logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/traceroute/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..94b49ed7cac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/agent/stream/log.yml.hbs @@ -0,0 +1,21 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.traceroute" + - from: "zeek.traceroute.src" + to: "source.address" + - from: "zeek.traceroute.dst" + to: "destination.address" + - from: "zeek.traceroute.proto" + to: "network.transport" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/traceroute/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..9a755fa3913 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,40 @@ +{ + "description": "Pipeline for normalizing Zeek traceroute.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.traceroute.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.traceroute.ts" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/traceroute/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/traceroute/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/manifest.yml new file mode 100644 index 00000000000..de29befdc34 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/traceroute/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek traceroute logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/traceroute.log + os: + darwin: + default: + - /usr/local/var/logs/current/traceroute.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.traceroute + template_path: log.yml.hbs + title: Zeek traceroute logs (log) + description: Collect Zeek traceroute logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/tunnel/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..d465a7fe533 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/agent/stream/log.yml.hbs @@ -0,0 +1,27 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.tunnel" + - from: "zeek.tunnel.id.orig_h" + to: "source.address" + - from: "zeek.tunnel.id.orig_p" + to: "source.port" + - from: "zeek.tunnel.id.resp_h" + to: "destination.address" + - from: "zeek.tunnel.id.resp_p" + to: "destination.port" + - from: "zeek.tunnel.uid" + to: "zeek.session_id" + - from: "zeek.tunnel.tunnel_type" + to: "zeek.tunnel.type" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/tunnel/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..bc9eacce8b0 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,47 @@ +{ + "description": "Pipeline for normalizing Zeek tunnel.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.tunnel.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.tunnel.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/fields.yml new file mode 100644 index 00000000000..4576a86cd8e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/fields.yml @@ -0,0 +1,11 @@ +- name: zeek.tunnel + type: group + fields: + - name: type + type: keyword + description: | + The type of tunnel. + - name: action + type: keyword + description: | + The type of activity that occurred. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/tunnel/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/manifest.yml new file mode 100644 index 00000000000..d4b64dc45f4 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/tunnel/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek tunnel logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/tunnel.log + os: + darwin: + default: + - /usr/local/var/logs/current/tunnel.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.tunnel + template_path: log.yml.hbs + title: Zeek tunnel logs (log) + description: Collect Zeek tunnel logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/weird/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/weird/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..bd18aadf202 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/weird/agent/stream/log.yml.hbs @@ -0,0 +1,27 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.weird" + - from: "zeek.weird.id.orig_h" + to: "source.address" + - from: "zeek.weird.id.orig_p" + to: "source.port" + - from: "zeek.weird.id.resp_h" + to: "destination.address" + - from: "zeek.weird.id.resp_p" + to: "destination.port" + - from: "zeek.weird.uid" + to: "zeek.session_id" + - from: "zeek.weird.addl" + to: "zeek.weird.additional_info" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/weird/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/weird/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..a97cdeb22bb --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/weird/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,49 @@ +{ + "description": "Pipeline for normalizing Zeek weird.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.weird.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.weird.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "set": { + "field": "source.ip", + "value": "{{source.address}}", + "if": "ctx?.source?.address != null" + } + }, + { + "set": { + "field": "destination.ip", + "value": "{{destination.address}}", + "if": "ctx?.destination?.address != null" + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/fields.yml new file mode 100644 index 00000000000..e3769127949 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/fields.yml @@ -0,0 +1,23 @@ +- name: zeek.weird + type: group + fields: + - name: name + type: keyword + description: | + The name of the weird that occurred. + - name: additional_info + type: keyword + description: | + Additional information accompanying the weird if any. + - name: notice + type: boolean + description: | + Indicate if this weird was also turned into a notice. + - name: peer + type: keyword + description: | + The peer that originated this weird. This is helpful in cluster deployments if a particular cluster node is having trouble to help identify which node is having trouble. + - name: identifier + type: keyword + description: | + This field is to be provided when a weird is generated for the purpose of deduplicating weirds. The identifier string should be unique for a single instance of the weird. This field is used to define when a weird is conceptually a duplicate of a previous weird. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/weird/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/weird/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/weird/manifest.yml new file mode 100644 index 00000000000..cb50d8b2e7e --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/weird/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek weird logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/weird.log + os: + darwin: + default: + - /usr/local/var/logs/current/weird.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.weird + template_path: log.yml.hbs + title: Zeek weird logs (log) + description: Collect Zeek weird logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/dataset/x509/agent/stream/log.yml.hbs b/dev/packages/beats/zeek/0.0.1/dataset/x509/agent/stream/log.yml.hbs new file mode 100644 index 00000000000..6629a6201a6 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/x509/agent/stream/log.yml.hbs @@ -0,0 +1,41 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +exclude_files: [".gz$"] +tags: {{tags}} +json.keys_under_root: false +fields_under_root: true +processors: + - rename: + fields: + - from: "json" + to: "zeek.x509" + - from: "zeek.x509.id" + to: "zeek.session_id" + - from: "zeek.x509.certificate.not_valid_before" + to: "zeek.x509.certificate.valid.from" + - from: "zeek.x509.certificate.not_valid_after" + to: "zeek.x509.certificate.valid.until" + - from: "zeek.x509.basic_constraints.ca" + to: "zeek.x509.basic_constraints.certificate_authority" + - from: "zeek.x509.basic_constraints.path_len" + to: "zeek.x509.basic_constraints.path_length" + - from: "zeek.x509.certificate.cn" + to: "zeek.x509.certificate.common_name" + - from: "zeek.x509.certificate.issuer" + to: "zeek.x509.certificate.iss" + - from: "zeek.x509.certificate.subject" + to: "zeek.x509.certificate.sub" + - from: "zeek.x509.certificate.key_alg" + to: "zeek.x509.certificate.key.algorithm" + - from: "zeek.x509.certificate.key_length" + to: "zeek.x509.certificate.key.length" + - from: "zeek.x509.certificate.key_type" + to: "zeek.x509.certificate.key.type" + - from: "zeek.x509.certificate.sig_alg" + to: "zeek.x509.certificate.signature_algorithm" + - from: "zeek.x509.logcert" + to: "zeek.x509.log_cert" + ignore_missing: true + fail_on_error: false \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/dataset/x509/elasticsearch/ingest-pipeline/default.json b/dev/packages/beats/zeek/0.0.1/dataset/x509/elasticsearch/ingest-pipeline/default.json new file mode 100644 index 00000000000..e35b8bbbafc --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/x509/elasticsearch/ingest-pipeline/default.json @@ -0,0 +1,231 @@ +{ + "description": "Pipeline for normalizing Zeek x509.log", + "processors": [ + { + "set": { + "field": "event.created", + "value": "{{_ingest.timestamp}}" + } + }, + { + "date": { + "field": "zeek.x509.ts", + "formats": ["UNIX"] + } + }, + { + "remove": { + "field": "zeek.x509.ts" + } + }, + { + "set": { + "field": "event.id", + "value": "{{zeek.session_id}}", + "if": "ctx.zeek.session_id != null" + } + }, + { + "dot_expander": { + "field": "certificate.exponent", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "certificate.serial", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "certificate.version", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.dns", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.uri", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.email", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.ip", + "path": "zeek.x509" + } + }, + { + "dot_expander": { + "field": "san.other_fields", + "path": "zeek.x509" + } + }, + { + "date": { + "field": "zeek.x509.certificate.valid.from", + "target_field": "zeek.x509.certificate.valid.from", + "formats": ["UNIX"], + "if": "ctx.zeek.x509.certificate?.valid?.from != null" + } + }, + { + "date": { + "field": "zeek.x509.certificate.valid.until", + "target_field": "zeek.x509.certificate.valid.until", + "formats": ["UNIX"], + "if": "ctx.zeek.x509.certificate?.valid?.until != null" + } + }, + + { + "gsub": { + "field": "zeek.x509.certificate.iss", + "pattern": "\\\\,", + "replacement": "", + "ignore_missing": true + } + }, + { + "kv": { + "field": "zeek.x509.certificate.iss", + "field_split": ",", + "value_split": "=", + "target_field": "zeek.x509.certificate.issuer", + "ignore_missing": true + } + }, + { + "remove": { + "field": "zeek.x509.certificate.iss", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.C", + "target_field": "zeek.x509.certificate.issuer.country", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.CN", + "target_field": "zeek.x509.certificate.issuer.common_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.L", + "target_field": "zeek.x509.certificate.issuer.locality", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.O", + "target_field": "zeek.x509.certificate.issuer.organization", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.OU", + "target_field": "zeek.x509.certificate.issuer.organizational_unit", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.issuer.ST", + "target_field": "zeek.x509.certificate.issuer.state", + "ignore_missing": true + } + }, + + { + "gsub": { + "field": "zeek.x509.certificate.sub", + "pattern": "\\\\,", + "replacement": "", + "ignore_missing": true + } + }, + { + "kv": { + "field": "zeek.x509.certificate.sub", + "field_split": ",", + "value_split": "=", + "target_field": "zeek.x509.certificate.subject", + "ignore_missing": true + } + }, + { + "remove": { + "field": "zeek.x509.certificate.sub", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.C", + "target_field": "zeek.x509.certificate.subject.country", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.CN", + "target_field": "zeek.x509.certificate.subject.common_name", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.L", + "target_field": "zeek.x509.certificate.subject.locality", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.O", + "target_field": "zeek.x509.certificate.subject.organization", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.OU", + "target_field": "zeek.x509.certificate.subject.organizational_unit", + "ignore_missing": true + } + }, + { + "rename": { + "field": "zeek.x509.certificate.subject.ST", + "target_field": "zeek.x509.certificate.subject.state", + "ignore_missing": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error.message", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/fields.yml new file mode 100644 index 00000000000..f66accec451 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/fields.yml @@ -0,0 +1,153 @@ +- name: zeek.x509 + type: group + fields: + - name: id + type: keyword + description: | + File id of this certificate. + - name: certificate + type: group + fields: + - name: version + type: integer + description: | + Version number. + - name: serial + type: keyword + description: | + Serial number. + - name: subject + type: group + fields: + - name: country + type: keyword + description: | + Country provided in the certificate subject. + - name: common_name + type: keyword + description: | + Common name provided in the certificate subject. + - name: locality + type: keyword + description: | + Locality provided in the certificate subject. + - name: organization + type: keyword + description: | + Organization provided in the certificate subject. + - name: organizational_unit + type: keyword + description: | + Organizational unit provided in the certificate subject. + - name: state + type: keyword + description: | + State or province provided in the certificate subject. + - name: issuer + type: group + fields: + - name: country + type: keyword + description: | + Country provided in the certificate issuer field. + - name: common_name + type: keyword + description: | + Common name provided in the certificate issuer field. + - name: locality + type: keyword + description: | + Locality provided in the certificate issuer field. + - name: organization + type: keyword + description: | + Organization provided in the certificate issuer field. + - name: organizational_unit + type: keyword + description: | + Organizational unit provided in the certificate issuer field. + - name: state + type: keyword + description: | + State or province provided in the certificate issuer field. + - name: common_name + type: keyword + description: | + Last (most specific) common name. + - name: valid + type: group + fields: + - name: from + type: date + description: | + Timestamp before when certificate is not valid. + - name: until + type: date + description: | + Timestamp after when certificate is not valid. + - name: key + type: group + fields: + - name: algorithm + type: keyword + description: | + Name of the key algorithm. + - name: type + type: keyword + description: | + Key type, if key parseable by openssl (either rsa, dsa or ec). + - name: length + type: integer + description: | + Key length in bits. + - name: signature_algorithm + type: keyword + description: | + Name of the signature algorithm. + - name: exponent + type: keyword + description: | + Exponent, if RSA-certificate. + - name: curve + type: keyword + description: | + Curve, if EC-certificate. + - name: san + type: group + fields: + - name: dns + type: keyword + description: | + List of DNS entries in SAN. + - name: uri + type: keyword + description: | + List of URI entries in SAN. + - name: email + type: keyword + description: | + List of email entries in SAN. + - name: ip + type: ip + description: | + List of IP entries in SAN. + - name: other_fields + type: boolean + description: | + True if the certificate contained other, not recognized or parsed name fields. + - name: basic_constraints + type: group + fields: + - name: certificate_authority + type: boolean + description: | + CA flag set or not. + - name: path_length + type: integer + description: | + Maximum path length. + - name: log_cert + type: boolean + description: | + Present if policy/protocols/ssl/log-hostcerts-only.bro is loaded + Logging of certificate is suppressed if set to F. diff --git a/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/package-fields.yml b/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/package-fields.yml new file mode 100644 index 00000000000..b837cafbdac --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/x509/fields/package-fields.yml @@ -0,0 +1,7 @@ +- name: zeek + type: group + fields: + - name: session_id + type: keyword + description: | + A unique identifier of the session diff --git a/dev/packages/beats/zeek/0.0.1/dataset/x509/manifest.yml b/dev/packages/beats/zeek/0.0.1/dataset/x509/manifest.yml new file mode 100644 index 00000000000..386ebcdc93f --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/dataset/x509/manifest.yml @@ -0,0 +1,29 @@ +title: Zeek x509 logs +release: experimental +type: logs +streams: +- input: logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - /var/log/bro/current/x509.log + os: + darwin: + default: + - /usr/local/var/logs/current/x509.log + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - zeek.x509 + template_path: log.yml.hbs + title: Zeek x509 logs (log) + description: Collect Zeek x509 logs using log input diff --git a/dev/packages/beats/zeek/0.0.1/docs/README.md b/dev/packages/beats/zeek/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/img/kibana-zeek.png b/dev/packages/beats/zeek/0.0.1/img/kibana-zeek.png new file mode 100644 index 00000000000..20aea6164f7 Binary files /dev/null and b/dev/packages/beats/zeek/0.0.1/img/kibana-zeek.png differ diff --git a/dev/packages/beats/zeek/0.0.1/img/zeek.svg b/dev/packages/beats/zeek/0.0.1/img/zeek.svg new file mode 100644 index 00000000000..0e346f98c72 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/img/zeek.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/dashboard/7cbb5410-3700-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/dashboard/7cbb5410-3700-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..5582627a6e2 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/dashboard/7cbb5410-3700-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,172 @@ +{ + "attributes": { + "description": "Overview of Zeek", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "6", + "w": 16, + "x": 16, + "y": 32 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.0.0-beta1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "version": "7.0.0-beta1" + } + ], + "timeRestore": false, + "title": "[Logs Zeek] Overview", + "version": 1 + }, + "id": "7cbb5410-3700-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "f469f230-370c-11e9-aa6d-ff445a78330c", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "1df7ea80-370d-11e9-aa6d-ff445a78330c", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "466e5850-370d-11e9-aa6d-ff445a78330c", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "649acd40-370d-11e9-aa6d-ff445a78330c", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "9436c270-370d-11e9-aa6d-ff445a78330c", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bec2f0e0-370d-11e9-aa6d-ff445a78330c", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "e042fda0-370d-11e9-aa6d-ff445a78330c", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "f8c40810-370d-11e9-aa6d-ff445a78330c", + "name": "panel_7", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/1df7ea80-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/1df7ea80-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..8b2a6ee7c74 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/1df7ea80-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Transport [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Transport [Logs Zeek]", + "type": "pie" + } + }, + "id": "1df7ea80-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/466e5850-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/466e5850-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..20761db1692 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/466e5850-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Application [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Application [Logs Zeek]", + "type": "pie" + } + }, + "id": "466e5850-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/649acd40-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/649acd40-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..acd4e57af74 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/649acd40-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Network Traffic Direction [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Traffic Direction [Logs Zeek]", + "type": "pie" + } + }, + "id": "649acd40-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/9436c270-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/9436c270-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..fb5cef60969 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/9436c270-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top DNS Domains [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.dns.query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top DNS Domains [Logs Zeek]", + "type": "pie" + } + }, + "id": "9436c270-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/bec2f0e0-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/bec2f0e0-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..e6b02eb7c89 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/bec2f0e0-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top URL Domains [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URL Domains [Logs Zeek]", + "type": "pie" + } + }, + "id": "bec2f0e0-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/e042fda0-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/e042fda0-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..ac9dc16be4a --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/e042fda0-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top SSL Servers [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.ssl.server_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top SSL Servers [Logs Zeek]", + "type": "pie" + } + }, + "id": "e042fda0-370d-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/f469f230-370c-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/f469f230-370c-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..0061f64ba83 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/f469f230-370c-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Destination Geo [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "dimensions": { + "geocentroid": null, + "geohash": null, + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Destination Geo [Logs Zeek]", + "type": "tile_map" + } + }, + "id": "f469f230-370c-11e9-aa6d-ff445a78330c", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/kibana/visualization/f8c40810-370d-11e9-aa6d-ff445a78330c.json b/dev/packages/beats/zeek/0.0.1/kibana/visualization/f8c40810-370d-11e9-aa6d-ff445a78330c.json new file mode 100644 index 00000000000..529993cdd76 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/kibana/visualization/f8c40810-370d-11e9-aa6d-ff445a78330c.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Number of Sessions Overtime [Logs Zeek]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Number of Sessions Overtime [Logs Zeek]", + "type": "metrics" + } + }, + "id": "f8c40810-370d-11e9-aa6d-ff445a78330c", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zeek/0.0.1/manifest.yml b/dev/packages/beats/zeek/0.0.1/manifest.yml new file mode 100644 index 00000000000..a3b857544b3 --- /dev/null +++ b/dev/packages/beats/zeek/0.0.1/manifest.yml @@ -0,0 +1,37 @@ +format_version: 1.0.0 +name: zeek +title: Zeek +version: 0.0.1 +license: basic +description: Zeek Integration +type: integration +categories: +- logs +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-beta1 <8.0.0' + elasticsearch: + versions: '>7.0.1' +screenshots: +- src: /img/kibana-zeek.png + title: kibana zeek + size: 3530x2414 + type: image/png +icons: +- src: /img/zeek.svg + title: zeek + size: 214x203 + type: image/svg+xml +datasources: +- name: zeek + title: Zeek logs + description: Collect logs from Zeek instances + inputs: + - type: logs + title: Collect logs from Zeek instances + description: Collecting Zeek capture_loss, connection, dce_rpc, dhcp, dnp3, dns, + dpd, files, ftp, http, intel, irc, kerberos, modbus, mysql, notice, ntlm, ocsp, + pe, radius, rdp, rfb, sip, smb_cmd, smb_files, smb_mapping, smtp, snmp, socks, + ssh, ssl, stats, syslog, traceroute, tunnel, weird and x509 logs diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/connection/agent/stream/stream.yml.hbs b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..732a231327a --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/agent/stream/stream.yml.hbs @@ -0,0 +1 @@ +metricsets: ["connection"] diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 00000000000..06a2dd25b4a --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,20 @@ +- name: zookeeper.connection + type: group + release: ga + fields: + - name: interest_ops + type: long + description: | + Interest ops + - name: queued + type: long + description: | + Queued connections + - name: received + type: long + description: | + Received connections + - name: sent + type: long + description: | + Connections sent diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/package-fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/package-fields.yml new file mode 100644 index 00000000000..0268554bd49 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: zookeeper + type: group diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/connection/manifest.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/manifest.yml new file mode 100644 index 00000000000..cd798f22700 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/connection/manifest.yml @@ -0,0 +1,7 @@ +title: ZooKeeper connection metrics +release: experimental +type: metrics +streams: +- input: zookeeper/metrics + title: ZooKeeper connection metrics + description: Collect ZooKeeper connection metrics diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/agent/stream/stream.yml.hbs b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..dbd864ee9d5 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["mntr"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/ecs.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/ecs.yml new file mode 100644 index 00000000000..bd86afd5d24 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/ecs.yml @@ -0,0 +1,12 @@ +- name: service + title: Service + group: 2 + type: group + fields: + - name: version + level: core + type: keyword + description: |- + Version of the service the data was collected from. + This allows to look at a data set only for a specific version of a service. + ignore_above: 1024 diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/fields.yml new file mode 100644 index 00000000000..181d298dc33 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/fields.yml @@ -0,0 +1,76 @@ +- name: zookeeper.mntr + type: group + release: ga + fields: + - name: hostname + type: keyword + description: | + ZooKeeper hostname. + - name: approximate_data_size + type: long + description: | + Approximate size of ZooKeeper data. + - name: latency.avg + type: long + description: | + Average latency between ensemble hosts in milliseconds. + - name: ephemerals_count + type: long + description: | + Number of ephemeral znodes. + - name: followers + type: long + description: | + Number of followers seen by the current host. + - name: max_file_descriptor_count + type: long + description: | + Maximum number of file descriptors allowed for the ZooKeeper process. + - name: latency.max + type: long + description: | + Maximum latency in milliseconds. + - name: latency.min + type: long + description: | + Minimum latency in milliseconds. + - name: num_alive_connections + type: long + description: | + Number of connections to ZooKeeper that are currently alive. + - name: open_file_descriptor_count + type: long + description: | + Number of file descriptors open by the ZooKeeper process. + - name: outstanding_requests + type: long + description: | + Number of outstanding requests that need to be processed by the cluster. + - name: packets.received + type: long + description: | + Number of ZooKeeper network packets received. + - name: packets.sent + type: long + description: | + Number of ZooKeeper network packets sent. + - name: pending_syncs + type: long + description: | + Number of pending syncs to carry out to ZooKeeper ensemble followers. + - name: server_state + type: keyword + description: | + Role in the ZooKeeper ensemble. + - name: synced_followers + type: long + description: | + Number of synced followers reported when a node server_state is leader. + - name: watch_count + type: long + description: | + Number of watches currently set on the local ZooKeeper process. + - name: znode_count + type: long + description: | + Number of znodes reported by the local ZooKeeper process. diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/package-fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/package-fields.yml new file mode 100644 index 00000000000..0268554bd49 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: zookeeper + type: group diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/manifest.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/manifest.yml new file mode 100644 index 00000000000..ae9429c75bb --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/mntr/manifest.yml @@ -0,0 +1,23 @@ +title: ZooKeeper mntr metrics +release: experimental +type: metrics +streams: +- input: zookeeper/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:2181 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: ZooKeeper mntr metrics + description: Collect ZooKeeper mntr metrics diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/server/agent/stream/stream.yml.hbs b/dev/packages/beats/zookeeper/0.0.1/dataset/server/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..5d7188e3802 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/server/agent/stream/stream.yml.hbs @@ -0,0 +1,6 @@ +metricsets: ["server"] +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +period: {{period}} diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 00000000000..a7cc9c7ec7b --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,54 @@ +- name: zookeeper.server + type: group + release: ga + fields: + - name: connections + type: long + description: Number of clients currently connected to the server + - name: latency + type: group + fields: + - name: avg + type: long + description: Average amount of time taken for the server to respond to a client + request + - name: max + type: long + description: Maximum amount of time taken for the server to respond to a client + request + - name: min + type: long + description: Minimum amount of time taken for the server to respond to a client + request + - name: mode + type: keyword + description: Mode of the server. In an ensemble, this may either be leader or + follower. Otherwise, it is standalone + - name: node_count + type: long + description: Total number of nodes + - name: outstanding + type: long + description: Number of requests queued at the server. This exceeds zero when the + server receives more requests than it is able to process + - name: received + type: long + description: Number of requests received by the server + - name: sent + type: long + description: Number of requests sent by the server + - name: version_date + type: date + description: Date of the Zookeeper release currently in use + - name: zxid + type: keyword + description: Unique value of the Zookeeper transaction ID. The zxid consists of + an epoch and a counter. It is established by the leader and is used to determine + the temporal ordering of changes + - name: count + type: long + description: Total transactions of the leader in epoch + - name: epoch + type: long + description: Epoch value of the Zookeeper transaction ID. An epoch signifies the + period in which a server is a leader diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/package-fields.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/package-fields.yml new file mode 100644 index 00000000000..0268554bd49 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/server/fields/package-fields.yml @@ -0,0 +1,2 @@ +- name: zookeeper + type: group diff --git a/dev/packages/beats/zookeeper/0.0.1/dataset/server/manifest.yml b/dev/packages/beats/zookeeper/0.0.1/dataset/server/manifest.yml new file mode 100644 index 00000000000..84bf954a471 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/dataset/server/manifest.yml @@ -0,0 +1,23 @@ +title: ZooKeeper server metrics +release: experimental +type: metrics +streams: +- input: zookeeper/metrics + vars: + - name: hosts + type: text + title: Hosts + multi: true + required: true + show_user: true + default: + - localhost:2181 + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 10s + title: ZooKeeper server metrics + description: Collect ZooKeeper server metrics diff --git a/dev/packages/beats/zookeeper/0.0.1/docs/README.md b/dev/packages/beats/zookeeper/0.0.1/docs/README.md new file mode 100644 index 00000000000..30404ce4c54 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/docs/README.md @@ -0,0 +1 @@ +TODO \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/img/metricbeat-zookeeper.png b/dev/packages/beats/zookeeper/0.0.1/img/metricbeat-zookeeper.png new file mode 100644 index 00000000000..b0c57e76608 Binary files /dev/null and b/dev/packages/beats/zookeeper/0.0.1/img/metricbeat-zookeeper.png differ diff --git a/dev/packages/beats/zookeeper/0.0.1/img/zookeeper.svg b/dev/packages/beats/zookeeper/0.0.1/img/zookeeper.svg new file mode 100644 index 00000000000..80db65f670d --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/img/zookeeper.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/dashboard/467207a0-231e-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/dashboard/467207a0-231e-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..71e5ca5dcd1 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/dashboard/467207a0-231e-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "Overview of Zookeeper", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 15, + "x": 0, + "y": 15 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Approximate data size", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 17, + "x": 15, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Latency", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Alive Connections", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "4", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Used file descriptors", + "version": "7.0.0-alpha2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Packets received / sent", + "version": "7.0.0-alpha2" + } + ], + "timeRestore": false, + "title": "[Metrics Zookeeper] Overview ECS", + "version": 1 + }, + "id": "467207a0-231e-11e9-bb66-8baac426dfd4-ecs", + "references": [ + { + "id": "8d3b7770-2319-11e9-bb66-8baac426dfd4-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c0be43c0-2319-11e9-bb66-8baac426dfd4-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "1c2f8930-231a-11e9-bb66-8baac426dfd4-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "ddb13c60-231b-11e9-bb66-8baac426dfd4-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "d2f52b50-231c-11e9-bb66-8baac426dfd4-ecs", + "name": "panel_4", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/1c2f8930-231a-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/1c2f8930-231a-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..ebd3a7da085 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/1c2f8930-231a-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Alive Connections [Metrics Zookeeper] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0,0.[00]", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Alive connections", + "line_width": 1, + "metrics": [ + { + "field": "zookeeper.mntr.num_alive_connections", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Alive Connections [Metrics Zookeeper] ECS", + "type": "metrics" + } + }, + "id": "1c2f8930-231a-11e9-bb66-8baac426dfd4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/8d3b7770-2319-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/8d3b7770-2319-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..bdb9ed4373b --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/8d3b7770-2319-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Approximate data size [Metrics Zookeeper] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Approximate data size", + "line_width": 1, + "metrics": [ + { + "field": "zookeeper.mntr.approximate_data_size", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Approximate data size [Metrics Zookeeper] ECS", + "type": "metrics" + } + }, + "id": "8d3b7770-2319-11e9-bb66-8baac426dfd4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/c0be43c0-2319-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/c0be43c0-2319-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..6b86874b074 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/c0be43c0-2319-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,62 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Latency [Metrics Zookeeper] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "ms,ms,2", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Latency", + "line_width": 1, + "metrics": [ + { + "field": "zookeeper.mntr.latency.avg", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Latency [Metrics Zookeeper] ECS", + "type": "metrics" + } + }, + "id": "c0be43c0-2319-11e9-bb66-8baac426dfd4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/d2f52b50-231c-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/d2f52b50-231c-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..bac548382c0 --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/d2f52b50-231c-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,102 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Packets received / sent [Metrics Zookeeper] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": "0", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "0,0.[00]", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Packets received", + "line_width": "2", + "metrics": [ + { + "field": "zookeeper.mntr.packets.received", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + }, + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "34949540-231c-11e9-9707-f128cdaa3bf2", + "type": "derivative", + "unit": "" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "5811d190-231c-11e9-9707-f128cdaa3bf2" + } + ], + "split_mode": "terms", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(115,216,255,1)", + "fill": "0", + "formatter": "0,0.[00]", + "id": "753b2e60-231c-11e9-9707-f128cdaa3bf2", + "label": "Packets sent", + "line_width": "2", + "metrics": [ + { + "field": "zookeeper.mntr.packets.sent", + "id": "753b2e61-231c-11e9-9707-f128cdaa3bf2", + "type": "avg" + }, + { + "field": "753b2e61-231c-11e9-9707-f128cdaa3bf2", + "id": "7ed33c60-231c-11e9-9707-f128cdaa3bf2", + "type": "derivative", + "unit": "" + } + ], + "point_size": "0", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Packets received / sent [Metrics Zookeeper] ECS", + "type": "metrics" + } + }, + "id": "d2f52b50-231c-11e9-bb66-8baac426dfd4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/ddb13c60-231b-11e9-bb66-8baac426dfd4-ecs.json b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/ddb13c60-231b-11e9-bb66-8baac426dfd4-ecs.json new file mode 100644 index 00000000000..a4a09107aec --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/kibana/visualization/ddb13c60-231b-11e9-bb66-8baac426dfd4-ecs.json @@ -0,0 +1,109 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Used file descriptors [Metrics Zookeeper] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "auto", + "series": [ + { + "axis_min": "0", + "axis_position": "left", + "chart_type": "line", + "color": "#68BC00", + "fill": "0.1", + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Used file descriptors", + "line_width": 1, + "metrics": [ + { + "field": "zookeeper.mntr.open_file_descriptor_count", + "id": "b92e4550-231a-11e9-9e57-679640dc0c7c", + "metric_agg": "avg", + "type": "avg" + }, + { + "field": "zookeeper.mntr.max_file_descriptor_count", + "id": "918d0c60-231b-11e9-9e57-679640dc0c7c", + "type": "avg" + }, + { + "id": "7e4d11e0-231b-11e9-9e57-679640dc0c7c", + "script": "params.a/params.b", + "type": "math", + "variables": [ + { + "field": "b92e4550-231a-11e9-9e57-679640dc0c7c", + "id": "81c03fa0-231b-11e9-9e57-679640dc0c7c", + "name": "a" + }, + { + "field": "918d0c60-231b-11e9-9e57-679640dc0c7c", + "id": "8a3af6c0-231b-11e9-9e57-679640dc0c7c", + "name": "b" + } + ] + } + ], + "point_size": 1, + "separate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}" + }, + { + "axis_min": "0", + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,98,177,1)", + "fill": "0", + "formatter": "0,0.[00]", + "id": "dffaffe0-23cc-11e9-b1ff-37c851471450", + "label": "Open file descriptors", + "line_width": "1", + "metrics": [ + { + "field": "zookeeper.mntr.open_file_descriptor_count", + "id": "dffaffe1-23cc-11e9-b1ff-37c851471450", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Used file descriptors [Metrics Zookeeper] ECS", + "type": "metrics" + } + }, + "id": "ddb13c60-231b-11e9-bb66-8baac426dfd4-ecs", + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/dev/packages/beats/zookeeper/0.0.1/manifest.yml b/dev/packages/beats/zookeeper/0.0.1/manifest.yml new file mode 100644 index 00000000000..f36860b765c --- /dev/null +++ b/dev/packages/beats/zookeeper/0.0.1/manifest.yml @@ -0,0 +1,33 @@ +format_version: 1.0.0 +name: zookeeper +title: ZooKeeper +version: 0.0.1 +license: basic +description: ZooKeeper Integration +type: integration +categories: +- metrics +release: experimental +removable: true +requirement: + kibana: + versions: '>=7.0.0-alpha2 <8.0.0' + elasticsearch: {} +screenshots: +- src: /img/metricbeat-zookeeper.png + title: metricbeat zookeeper + size: 3808x2018 + type: image/png +icons: +- src: /img/zookeeper.svg + title: zookeeper + size: 754x754 + type: image/svg+xml +datasources: +- name: zookeeper + title: ZooKeeper metrics + description: Collect metrics from ZooKeeper instances + inputs: + - type: zookeeper/metrics + title: Collect metrics from ZooKeeper instances + description: Collecting ZooKeeper connection, mntr and server metrics diff --git a/go.mod b/go.mod new file mode 100644 index 00000000000..93c251d9395 --- /dev/null +++ b/go.mod @@ -0,0 +1,11 @@ +module github.com/elastic/integrations + +go 1.12 + +require ( + github.com/blang/semver v3.5.1+incompatible + github.com/elastic/package-registry v0.2.1-0.20200505085109-20f433bd57ec + github.com/magefile/mage v1.9.0 + github.com/pkg/errors v0.9.1 + gopkg.in/yaml.v2 v2.2.8 +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000000..0ad16805e0c --- /dev/null +++ b/go.sum @@ -0,0 +1,26 @@ +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/elastic/go-ucfg v0.8.4-0.20200415140258-1232bd4774a6 h1:Ehbr7du4rSSEypR8zePr0XRbMhO4PJgcHC9f8fDbgAg= +github.com/elastic/go-ucfg v0.8.4-0.20200415140258-1232bd4774a6/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+FX0JKxzo= +github.com/elastic/package-registry v0.2.1-0.20200505085109-20f433bd57ec h1:hzQad3csxKcdp62jHNPCTrc0EFqIMS4/cljzlMzkV8Q= +github.com/elastic/package-registry v0.2.1-0.20200505085109-20f433bd57ec/go.mod h1:GixuT1hgq1gT2wXmbe4ENyXmzzgu5SAdpYEpiYZZMmc= +github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= +github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/magefile/mage v1.9.0 h1:t3AU2wNwehMCW97vuqQLtw6puppWXHO+O2MHo5a50XE= +github.com/magefile/mage v1.9.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/magefile.go b/magefile.go new file mode 100644 index 00000000000..67081372bd3 --- /dev/null +++ b/magefile.go @@ -0,0 +1,233 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build mage + +package main + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + + "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" +) + +var ( + // GoImportsImportPath controls the import path used to install goimports. + GoImportsImportPath = "golang.org/x/tools/cmd/goimports" + + // GoImportsLocalPrefix is a string prefix matching imports that should be + // grouped after third-party packages. + GoImportsLocalPrefix = "github.com/elastic" + + // GoLicenserImportPath controls the import path used to install go-licenser. + GoLicenserImportPath = "github.com/elastic/go-licenser" + + publicDir = "./public" + buildDir = "./build" + packagePaths = []string{"./dev/packages/alpha/", "./dev/packages/example/", "./dev/packages/beats/"} + tarGz = true +) + +func Build() error { + + err := os.RemoveAll(publicDir) + if err != nil { + return err + } + + err = os.MkdirAll(publicDir, 0755) + if err != nil { + return err + } + + for _, p := range packagePaths { + err := sh.Run("go", "run", "github.com/elastic/package-registry/dev/generator/", "-sourceDir="+p, "-publicDir="+publicDir, "-tarGz="+strconv.FormatBool(tarGz)) + if err != nil { + return err + } + } + + err = BuildRootFile() + if err != nil { + return err + } + return nil +} + +func ImportBeats() error { + args := []string{"run", "./dev/import-beats/"} + if os.Getenv("SKIP_KIBANA") == "true" { + args = append(args, "-skipKibana") + } + if os.Getenv("PACKAGES") != "" { + args = append(args, "-packages", os.Getenv("PACKAGES")) + } + args = append(args, "*.go") + return sh.Run("go", args...) +} + +// Creates the `index.json` file +// For now only containing the version. +func BuildRootFile() error { + rootData := map[string]string{ + "version": "0.3.0", + "service.name": "package-registry", + } + + return writeJsonFile(rootData, publicDir+"/index.json") +} + +func writeJsonFile(v interface{}, path string) error { + data, err := json.MarshalIndent(v, "", " ") + if err != nil { + return err + } + + return ioutil.WriteFile(path, data, 0644) +} + +func Check() error { + Format() + + // Setup the variables for the tests and not create tarGz files + publicDir = "./testdata/public" + packagePaths = []string{"testdata/package"} + tarGz = false + + err := Build() + if err != nil { + return err + } + + err = Vendor() + if err != nil { + return err + } + + err = PrepareTest() + if err != nil { + return err + } + + // Check if no changes are shown + err = sh.RunV("git", "update-index", "--refresh") + if err != nil { + return err + } + return sh.RunV("git", "diff-index", "--exit-code", "HEAD", "--") +} + +func PrepareTest() error { + return sh.RunV("go", "get", "-v", "-u", "github.com/jstemmer/go-junit-report") +} + +func Test() error { + err := PrepareTest() + if err != nil { + return err + } + return sh.RunV("go", "test", "./...", "-v", "2>&1", "|", "go-junit-report", ">", "junit-report.xml") +} + +// Format adds license headers, formats .go files with goimports, and formats +// .py files with autopep8. +func Format() { + // Don't run AddLicenseHeaders and GoImports concurrently because they + // both can modify the same files. + mg.Deps(AddLicenseHeaders) + mg.Deps(GoImports) +} + +// GoImports executes goimports against all .go files in and below the CWD. It +// ignores vendor/ directories. +func GoImports() error { + goFiles, err := FindFilesRecursive(func(path string, _ os.FileInfo) bool { + return filepath.Ext(path) == ".go" && !strings.Contains(path, "vendor/") + }) + if err != nil { + return err + } + if len(goFiles) == 0 { + return nil + } + + fmt.Println(">> fmt - goimports: Formatting Go code") + args := append( + []string{"-local", GoImportsLocalPrefix, "-l", "-w"}, + goFiles..., + ) + + return sh.RunV("goimports", args...) +} + +// AddLicenseHeaders adds license headers to .go files. It applies the +// appropriate license header based on the value of mage.BeatLicense. +func AddLicenseHeaders() error { + fmt.Println(">> fmt - go-licenser: Adding missing headers") + return sh.RunV("go-licenser", "-license", "Elastic") +} + +// FindFilesRecursive recursively traverses from the CWD and invokes the given +// match function on each regular file to determine if the given path should be +// returned as a match. +func FindFilesRecursive(match func(path string, info os.FileInfo) bool) ([]string, error) { + var matches []string + err := filepath.Walk(".", func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + if !info.Mode().IsRegular() { + // continue + return nil + } + + if match(filepath.ToSlash(path), info) { + matches = append(matches, path) + } + return nil + }) + return matches, err +} + +func Clean() error { + err := os.RemoveAll(buildDir) + if err != nil { + return err + } + + err = os.RemoveAll(publicDir) + if err != nil { + return err + } + + return os.Remove("package-registry") +} + +func Vendor() error { + fmt.Println(">> mod - updating vendor directory") + + err := sh.RunV("go", "mod", "tidy") + if err != nil { + return err + } + + sh.RunV("go", "mod", "vendor") + if err != nil { + return err + } + + sh.RunV("go", "mod", "verify") + if err != nil { + return err + } + return nil +} diff --git a/testing/environments/README.md b/testing/environments/README.md new file mode 100644 index 00000000000..aea2dd344ca --- /dev/null +++ b/testing/environments/README.md @@ -0,0 +1,11 @@ +Firstly, refresh docker images: + +```bash +$ docker-compose -f snapshot.yml pull +``` + +Run docker containers: + +```bash +$ docker-compose -f snapshot.yml -f local.yml up --force-recreate +``` diff --git a/testing/environments/kibana.config.yml b/testing/environments/kibana.config.yml new file mode 100644 index 00000000000..8498c164b5d --- /dev/null +++ b/testing/environments/kibana.config.yml @@ -0,0 +1,12 @@ +server.name: kibana +server.host: "0" + +elasticsearch.hosts: [ "http://elasticsearch:9200" ] +elasticsearch.username: elastic +elasticsearch.password: changeme +xpack.monitoring.ui.container.elasticsearch.enabled: true + +xpack.ingestManager.enabled: true +xpack.ingestManager.epm.enabled: true +xpack.ingestManager.fleet.enabled: true +xpack.ingestManager.epm.registryUrl: "http://integrations-registry:8080" diff --git a/testing/environments/local.yml b/testing/environments/local.yml new file mode 100644 index 00000000000..2bbf7b92ea1 --- /dev/null +++ b/testing/environments/local.yml @@ -0,0 +1,21 @@ +# Defines if ports should be exported. +# This is useful for testing locally with a full elastic stack setup. +# All services can be reached through localhost like localhost:5601 for Kibana +# This is not used for CI as otherwise ports conflicts could happen. +version: '2.3' +services: + kibana: + ports: + - "127.0.0.1:5601:5601" + depends_on: + elasticsearch: + condition: service_healthy + + elasticsearch: + ports: + - "127.0.0.1:9200:9200" + + integrations-registry: + ports: + - "127.0.0.1:8080:8080" + diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml new file mode 100644 index 00000000000..1f768b3e7a5 --- /dev/null +++ b/testing/environments/snapshot.yml @@ -0,0 +1,36 @@ +# This should start the environment with the latest snapshots. + +version: '2.3' +services: + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-SNAPSHOT + healthcheck: + test: ["CMD", "curl", "-f", "-u", "elastic:changeme", "http://127.0.0.1:9200/"] + retries: 300 + interval: 1s + environment: + - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + - "network.host=" + - "transport.host=127.0.0.1" + - "http.host=0.0.0.0" + - "indices.id_field_data.enabled=true" + - "xpack.license.self_generated.type=trial" + - "xpack.security.enabled=true" + - "xpack.security.authc.api_key.enabled=true" + - "ELASTIC_PASSWORD=changeme" + + kibana: + image: docker.elastic.co/kibana/kibana:8.0.0-SNAPSHOT + healthcheck: + test: "curl -f http://localhost:5601/login | grep kbn-injected-metadata 2>&1 >/dev/null" + retries: 600 + interval: 1s + volumes: + - ./kibana.config.yml:/usr/share/kibana/config/kibana.yml + + integrations-registry: + image: docker.elastic.co/package-registry/package-registry:master + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080"] + retries: 300 + interval: 1s diff --git a/vendor/github.com/blang/semver/.travis.yml b/vendor/github.com/blang/semver/.travis.yml new file mode 100644 index 00000000000..102fb9a691b --- /dev/null +++ b/vendor/github.com/blang/semver/.travis.yml @@ -0,0 +1,21 @@ +language: go +matrix: + include: + - go: 1.4.3 + - go: 1.5.4 + - go: 1.6.3 + - go: 1.7 + - go: tip + allow_failures: + - go: tip +install: +- go get golang.org/x/tools/cmd/cover +- go get github.com/mattn/goveralls +script: +- echo "Test and track coverage" ; $HOME/gopath/bin/goveralls -package "." -service=travis-ci + -repotoken $COVERALLS_TOKEN +- echo "Build examples" ; cd examples && go build +- echo "Check if gofmt'd" ; diff -u <(echo -n) <(gofmt -d -s .) +env: + global: + secure: HroGEAUQpVq9zX1b1VIkraLiywhGbzvNnTZq2TMxgK7JHP8xqNplAeF1izrR2i4QLL9nsY+9WtYss4QuPvEtZcVHUobw6XnL6radF7jS1LgfYZ9Y7oF+zogZ2I5QUMRLGA7rcxQ05s7mKq3XZQfeqaNts4bms/eZRefWuaFZbkw= diff --git a/vendor/github.com/blang/semver/LICENSE b/vendor/github.com/blang/semver/LICENSE new file mode 100644 index 00000000000..5ba5c86fcb0 --- /dev/null +++ b/vendor/github.com/blang/semver/LICENSE @@ -0,0 +1,22 @@ +The MIT License + +Copyright (c) 2014 Benedikt Lang + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/vendor/github.com/blang/semver/README.md b/vendor/github.com/blang/semver/README.md new file mode 100644 index 00000000000..08b2e4a3d76 --- /dev/null +++ b/vendor/github.com/blang/semver/README.md @@ -0,0 +1,194 @@ +semver for golang [![Build Status](https://travis-ci.org/blang/semver.svg?branch=master)](https://travis-ci.org/blang/semver) [![GoDoc](https://godoc.org/github.com/blang/semver?status.png)](https://godoc.org/github.com/blang/semver) [![Coverage Status](https://img.shields.io/coveralls/blang/semver.svg)](https://coveralls.io/r/blang/semver?branch=master) +====== + +semver is a [Semantic Versioning](http://semver.org/) library written in golang. It fully covers spec version `2.0.0`. + +Usage +----- +```bash +$ go get github.com/blang/semver +``` +Note: Always vendor your dependencies or fix on a specific version tag. + +```go +import github.com/blang/semver +v1, err := semver.Make("1.0.0-beta") +v2, err := semver.Make("2.0.0-beta") +v1.Compare(v2) +``` + +Also check the [GoDocs](http://godoc.org/github.com/blang/semver). + +Why should I use this lib? +----- + +- Fully spec compatible +- No reflection +- No regex +- Fully tested (Coverage >99%) +- Readable parsing/validation errors +- Fast (See [Benchmarks](#benchmarks)) +- Only Stdlib +- Uses values instead of pointers +- Many features, see below + + +Features +----- + +- Parsing and validation at all levels +- Comparator-like comparisons +- Compare Helper Methods +- InPlace manipulation +- Ranges `>=1.0.0 <2.0.0 || >=3.0.0 !3.0.1-beta.1` +- Wildcards `>=1.x`, `<=2.5.x` +- Sortable (implements sort.Interface) +- database/sql compatible (sql.Scanner/Valuer) +- encoding/json compatible (json.Marshaler/Unmarshaler) + +Ranges +------ + +A `Range` is a set of conditions which specify which versions satisfy the range. + +A condition is composed of an operator and a version. The supported operators are: + +- `<1.0.0` Less than `1.0.0` +- `<=1.0.0` Less than or equal to `1.0.0` +- `>1.0.0` Greater than `1.0.0` +- `>=1.0.0` Greater than or equal to `1.0.0` +- `1.0.0`, `=1.0.0`, `==1.0.0` Equal to `1.0.0` +- `!1.0.0`, `!=1.0.0` Not equal to `1.0.0`. Excludes version `1.0.0`. + +Note that spaces between the operator and the version will be gracefully tolerated. + +A `Range` can link multiple `Ranges` separated by space: + +Ranges can be linked by logical AND: + + - `>1.0.0 <2.0.0` would match between both ranges, so `1.1.1` and `1.8.7` but not `1.0.0` or `2.0.0` + - `>1.0.0 <3.0.0 !2.0.3-beta.2` would match every version between `1.0.0` and `3.0.0` except `2.0.3-beta.2` + +Ranges can also be linked by logical OR: + + - `<2.0.0 || >=3.0.0` would match `1.x.x` and `3.x.x` but not `2.x.x` + +AND has a higher precedence than OR. It's not possible to use brackets. + +Ranges can be combined by both AND and OR + + - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` + +Range usage: + +``` +v, err := semver.Parse("1.2.3") +range, err := semver.ParseRange(">1.0.0 <2.0.0 || >=3.0.0") +if range(v) { + //valid +} + +``` + +Example +----- + +Have a look at full examples in [examples/main.go](examples/main.go) + +```go +import github.com/blang/semver + +v, err := semver.Make("0.0.1-alpha.preview+123.github") +fmt.Printf("Major: %d\n", v.Major) +fmt.Printf("Minor: %d\n", v.Minor) +fmt.Printf("Patch: %d\n", v.Patch) +fmt.Printf("Pre: %s\n", v.Pre) +fmt.Printf("Build: %s\n", v.Build) + +// Prerelease versions array +if len(v.Pre) > 0 { + fmt.Println("Prerelease versions:") + for i, pre := range v.Pre { + fmt.Printf("%d: %q\n", i, pre) + } +} + +// Build meta data array +if len(v.Build) > 0 { + fmt.Println("Build meta data:") + for i, build := range v.Build { + fmt.Printf("%d: %q\n", i, build) + } +} + +v001, err := semver.Make("0.0.1") +// Compare using helpers: v.GT(v2), v.LT, v.GTE, v.LTE +v001.GT(v) == true +v.LT(v001) == true +v.GTE(v) == true +v.LTE(v) == true + +// Or use v.Compare(v2) for comparisons (-1, 0, 1): +v001.Compare(v) == 1 +v.Compare(v001) == -1 +v.Compare(v) == 0 + +// Manipulate Version in place: +v.Pre[0], err = semver.NewPRVersion("beta") +if err != nil { + fmt.Printf("Error parsing pre release version: %q", err) +} + +fmt.Println("\nValidate versions:") +v.Build[0] = "?" + +err = v.Validate() +if err != nil { + fmt.Printf("Validation failed: %s\n", err) +} +``` + + +Benchmarks +----- + + BenchmarkParseSimple-4 5000000 390 ns/op 48 B/op 1 allocs/op + BenchmarkParseComplex-4 1000000 1813 ns/op 256 B/op 7 allocs/op + BenchmarkParseAverage-4 1000000 1171 ns/op 163 B/op 4 allocs/op + BenchmarkStringSimple-4 20000000 119 ns/op 16 B/op 1 allocs/op + BenchmarkStringLarger-4 10000000 206 ns/op 32 B/op 2 allocs/op + BenchmarkStringComplex-4 5000000 324 ns/op 80 B/op 3 allocs/op + BenchmarkStringAverage-4 5000000 273 ns/op 53 B/op 2 allocs/op + BenchmarkValidateSimple-4 200000000 9.33 ns/op 0 B/op 0 allocs/op + BenchmarkValidateComplex-4 3000000 469 ns/op 0 B/op 0 allocs/op + BenchmarkValidateAverage-4 5000000 256 ns/op 0 B/op 0 allocs/op + BenchmarkCompareSimple-4 100000000 11.8 ns/op 0 B/op 0 allocs/op + BenchmarkCompareComplex-4 50000000 30.8 ns/op 0 B/op 0 allocs/op + BenchmarkCompareAverage-4 30000000 41.5 ns/op 0 B/op 0 allocs/op + BenchmarkSort-4 3000000 419 ns/op 256 B/op 2 allocs/op + BenchmarkRangeParseSimple-4 2000000 850 ns/op 192 B/op 5 allocs/op + BenchmarkRangeParseAverage-4 1000000 1677 ns/op 400 B/op 10 allocs/op + BenchmarkRangeParseComplex-4 300000 5214 ns/op 1440 B/op 30 allocs/op + BenchmarkRangeMatchSimple-4 50000000 25.6 ns/op 0 B/op 0 allocs/op + BenchmarkRangeMatchAverage-4 30000000 56.4 ns/op 0 B/op 0 allocs/op + BenchmarkRangeMatchComplex-4 10000000 153 ns/op 0 B/op 0 allocs/op + +See benchmark cases at [semver_test.go](semver_test.go) + + +Motivation +----- + +I simply couldn't find any lib supporting the full spec. Others were just wrong or used reflection and regex which i don't like. + + +Contribution +----- + +Feel free to make a pull request. For bigger changes create a issue first to discuss about it. + + +License +----- + +See [LICENSE](LICENSE) file. diff --git a/vendor/github.com/blang/semver/json.go b/vendor/github.com/blang/semver/json.go new file mode 100644 index 00000000000..a74bf7c4494 --- /dev/null +++ b/vendor/github.com/blang/semver/json.go @@ -0,0 +1,23 @@ +package semver + +import ( + "encoding/json" +) + +// MarshalJSON implements the encoding/json.Marshaler interface. +func (v Version) MarshalJSON() ([]byte, error) { + return json.Marshal(v.String()) +} + +// UnmarshalJSON implements the encoding/json.Unmarshaler interface. +func (v *Version) UnmarshalJSON(data []byte) (err error) { + var versionString string + + if err = json.Unmarshal(data, &versionString); err != nil { + return + } + + *v, err = Parse(versionString) + + return +} diff --git a/vendor/github.com/blang/semver/package.json b/vendor/github.com/blang/semver/package.json new file mode 100644 index 00000000000..1cf8ebdd9c1 --- /dev/null +++ b/vendor/github.com/blang/semver/package.json @@ -0,0 +1,17 @@ +{ + "author": "blang", + "bugs": { + "URL": "https://github.com/blang/semver/issues", + "url": "https://github.com/blang/semver/issues" + }, + "gx": { + "dvcsimport": "github.com/blang/semver" + }, + "gxVersion": "0.10.0", + "language": "go", + "license": "MIT", + "name": "semver", + "releaseCmd": "git commit -a -m \"gx publish $VERSION\"", + "version": "3.5.1" +} + diff --git a/vendor/github.com/blang/semver/range.go b/vendor/github.com/blang/semver/range.go new file mode 100644 index 00000000000..fca406d4793 --- /dev/null +++ b/vendor/github.com/blang/semver/range.go @@ -0,0 +1,416 @@ +package semver + +import ( + "fmt" + "strconv" + "strings" + "unicode" +) + +type wildcardType int + +const ( + noneWildcard wildcardType = iota + majorWildcard wildcardType = 1 + minorWildcard wildcardType = 2 + patchWildcard wildcardType = 3 +) + +func wildcardTypefromInt(i int) wildcardType { + switch i { + case 1: + return majorWildcard + case 2: + return minorWildcard + case 3: + return patchWildcard + default: + return noneWildcard + } +} + +type comparator func(Version, Version) bool + +var ( + compEQ comparator = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == 0 + } + compNE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) != 0 + } + compGT = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == 1 + } + compGE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) >= 0 + } + compLT = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == -1 + } + compLE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) <= 0 + } +) + +type versionRange struct { + v Version + c comparator +} + +// rangeFunc creates a Range from the given versionRange. +func (vr *versionRange) rangeFunc() Range { + return Range(func(v Version) bool { + return vr.c(v, vr.v) + }) +} + +// Range represents a range of versions. +// A Range can be used to check if a Version satisfies it: +// +// range, err := semver.ParseRange(">1.0.0 <2.0.0") +// range(semver.MustParse("1.1.1") // returns true +type Range func(Version) bool + +// OR combines the existing Range with another Range using logical OR. +func (rf Range) OR(f Range) Range { + return Range(func(v Version) bool { + return rf(v) || f(v) + }) +} + +// AND combines the existing Range with another Range using logical AND. +func (rf Range) AND(f Range) Range { + return Range(func(v Version) bool { + return rf(v) && f(v) + }) +} + +// ParseRange parses a range and returns a Range. +// If the range could not be parsed an error is returned. +// +// Valid ranges are: +// - "<1.0.0" +// - "<=1.0.0" +// - ">1.0.0" +// - ">=1.0.0" +// - "1.0.0", "=1.0.0", "==1.0.0" +// - "!1.0.0", "!=1.0.0" +// +// A Range can consist of multiple ranges separated by space: +// Ranges can be linked by logical AND: +// - ">1.0.0 <2.0.0" would match between both ranges, so "1.1.1" and "1.8.7" but not "1.0.0" or "2.0.0" +// - ">1.0.0 <3.0.0 !2.0.3-beta.2" would match every version between 1.0.0 and 3.0.0 except 2.0.3-beta.2 +// +// Ranges can also be linked by logical OR: +// - "<2.0.0 || >=3.0.0" would match "1.x.x" and "3.x.x" but not "2.x.x" +// +// AND has a higher precedence than OR. It's not possible to use brackets. +// +// Ranges can be combined by both AND and OR +// +// - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` +func ParseRange(s string) (Range, error) { + parts := splitAndTrim(s) + orParts, err := splitORParts(parts) + if err != nil { + return nil, err + } + expandedParts, err := expandWildcardVersion(orParts) + if err != nil { + return nil, err + } + var orFn Range + for _, p := range expandedParts { + var andFn Range + for _, ap := range p { + opStr, vStr, err := splitComparatorVersion(ap) + if err != nil { + return nil, err + } + vr, err := buildVersionRange(opStr, vStr) + if err != nil { + return nil, fmt.Errorf("Could not parse Range %q: %s", ap, err) + } + rf := vr.rangeFunc() + + // Set function + if andFn == nil { + andFn = rf + } else { // Combine with existing function + andFn = andFn.AND(rf) + } + } + if orFn == nil { + orFn = andFn + } else { + orFn = orFn.OR(andFn) + } + + } + return orFn, nil +} + +// splitORParts splits the already cleaned parts by '||'. +// Checks for invalid positions of the operator and returns an +// error if found. +func splitORParts(parts []string) ([][]string, error) { + var ORparts [][]string + last := 0 + for i, p := range parts { + if p == "||" { + if i == 0 { + return nil, fmt.Errorf("First element in range is '||'") + } + ORparts = append(ORparts, parts[last:i]) + last = i + 1 + } + } + if last == len(parts) { + return nil, fmt.Errorf("Last element in range is '||'") + } + ORparts = append(ORparts, parts[last:]) + return ORparts, nil +} + +// buildVersionRange takes a slice of 2: operator and version +// and builds a versionRange, otherwise an error. +func buildVersionRange(opStr, vStr string) (*versionRange, error) { + c := parseComparator(opStr) + if c == nil { + return nil, fmt.Errorf("Could not parse comparator %q in %q", opStr, strings.Join([]string{opStr, vStr}, "")) + } + v, err := Parse(vStr) + if err != nil { + return nil, fmt.Errorf("Could not parse version %q in %q: %s", vStr, strings.Join([]string{opStr, vStr}, ""), err) + } + + return &versionRange{ + v: v, + c: c, + }, nil + +} + +// inArray checks if a byte is contained in an array of bytes +func inArray(s byte, list []byte) bool { + for _, el := range list { + if el == s { + return true + } + } + return false +} + +// splitAndTrim splits a range string by spaces and cleans whitespaces +func splitAndTrim(s string) (result []string) { + last := 0 + var lastChar byte + excludeFromSplit := []byte{'>', '<', '='} + for i := 0; i < len(s); i++ { + if s[i] == ' ' && !inArray(lastChar, excludeFromSplit) { + if last < i-1 { + result = append(result, s[last:i]) + } + last = i + 1 + } else if s[i] != ' ' { + lastChar = s[i] + } + } + if last < len(s)-1 { + result = append(result, s[last:]) + } + + for i, v := range result { + result[i] = strings.Replace(v, " ", "", -1) + } + + // parts := strings.Split(s, " ") + // for _, x := range parts { + // if s := strings.TrimSpace(x); len(s) != 0 { + // result = append(result, s) + // } + // } + return +} + +// splitComparatorVersion splits the comparator from the version. +// Input must be free of leading or trailing spaces. +func splitComparatorVersion(s string) (string, string, error) { + i := strings.IndexFunc(s, unicode.IsDigit) + if i == -1 { + return "", "", fmt.Errorf("Could not get version from string: %q", s) + } + return strings.TrimSpace(s[0:i]), s[i:], nil +} + +// getWildcardType will return the type of wildcard that the +// passed version contains +func getWildcardType(vStr string) wildcardType { + parts := strings.Split(vStr, ".") + nparts := len(parts) + wildcard := parts[nparts-1] + + possibleWildcardType := wildcardTypefromInt(nparts) + if wildcard == "x" { + return possibleWildcardType + } + + return noneWildcard +} + +// createVersionFromWildcard will convert a wildcard version +// into a regular version, replacing 'x's with '0's, handling +// special cases like '1.x.x' and '1.x' +func createVersionFromWildcard(vStr string) string { + // handle 1.x.x + vStr2 := strings.Replace(vStr, ".x.x", ".x", 1) + vStr2 = strings.Replace(vStr2, ".x", ".0", 1) + parts := strings.Split(vStr2, ".") + + // handle 1.x + if len(parts) == 2 { + return vStr2 + ".0" + } + + return vStr2 +} + +// incrementMajorVersion will increment the major version +// of the passed version +func incrementMajorVersion(vStr string) (string, error) { + parts := strings.Split(vStr, ".") + i, err := strconv.Atoi(parts[0]) + if err != nil { + return "", err + } + parts[0] = strconv.Itoa(i + 1) + + return strings.Join(parts, "."), nil +} + +// incrementMajorVersion will increment the minor version +// of the passed version +func incrementMinorVersion(vStr string) (string, error) { + parts := strings.Split(vStr, ".") + i, err := strconv.Atoi(parts[1]) + if err != nil { + return "", err + } + parts[1] = strconv.Itoa(i + 1) + + return strings.Join(parts, "."), nil +} + +// expandWildcardVersion will expand wildcards inside versions +// following these rules: +// +// * when dealing with patch wildcards: +// >= 1.2.x will become >= 1.2.0 +// <= 1.2.x will become < 1.3.0 +// > 1.2.x will become >= 1.3.0 +// < 1.2.x will become < 1.2.0 +// != 1.2.x will become < 1.2.0 >= 1.3.0 +// +// * when dealing with minor wildcards: +// >= 1.x will become >= 1.0.0 +// <= 1.x will become < 2.0.0 +// > 1.x will become >= 2.0.0 +// < 1.0 will become < 1.0.0 +// != 1.x will become < 1.0.0 >= 2.0.0 +// +// * when dealing with wildcards without +// version operator: +// 1.2.x will become >= 1.2.0 < 1.3.0 +// 1.x will become >= 1.0.0 < 2.0.0 +func expandWildcardVersion(parts [][]string) ([][]string, error) { + var expandedParts [][]string + for _, p := range parts { + var newParts []string + for _, ap := range p { + if strings.Index(ap, "x") != -1 { + opStr, vStr, err := splitComparatorVersion(ap) + if err != nil { + return nil, err + } + + versionWildcardType := getWildcardType(vStr) + flatVersion := createVersionFromWildcard(vStr) + + var resultOperator string + var shouldIncrementVersion bool + switch opStr { + case ">": + resultOperator = ">=" + shouldIncrementVersion = true + case ">=": + resultOperator = ">=" + case "<": + resultOperator = "<" + case "<=": + resultOperator = "<" + shouldIncrementVersion = true + case "", "=", "==": + newParts = append(newParts, ">="+flatVersion) + resultOperator = "<" + shouldIncrementVersion = true + case "!=", "!": + newParts = append(newParts, "<"+flatVersion) + resultOperator = ">=" + shouldIncrementVersion = true + } + + var resultVersion string + if shouldIncrementVersion { + switch versionWildcardType { + case patchWildcard: + resultVersion, _ = incrementMinorVersion(flatVersion) + case minorWildcard: + resultVersion, _ = incrementMajorVersion(flatVersion) + } + } else { + resultVersion = flatVersion + } + + ap = resultOperator + resultVersion + } + newParts = append(newParts, ap) + } + expandedParts = append(expandedParts, newParts) + } + + return expandedParts, nil +} + +func parseComparator(s string) comparator { + switch s { + case "==": + fallthrough + case "": + fallthrough + case "=": + return compEQ + case ">": + return compGT + case ">=": + return compGE + case "<": + return compLT + case "<=": + return compLE + case "!": + fallthrough + case "!=": + return compNE + } + + return nil +} + +// MustParseRange is like ParseRange but panics if the range cannot be parsed. +func MustParseRange(s string) Range { + r, err := ParseRange(s) + if err != nil { + panic(`semver: ParseRange(` + s + `): ` + err.Error()) + } + return r +} diff --git a/vendor/github.com/blang/semver/semver.go b/vendor/github.com/blang/semver/semver.go new file mode 100644 index 00000000000..8ee0842e6ac --- /dev/null +++ b/vendor/github.com/blang/semver/semver.go @@ -0,0 +1,418 @@ +package semver + +import ( + "errors" + "fmt" + "strconv" + "strings" +) + +const ( + numbers string = "0123456789" + alphas = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-" + alphanum = alphas + numbers +) + +// SpecVersion is the latest fully supported spec version of semver +var SpecVersion = Version{ + Major: 2, + Minor: 0, + Patch: 0, +} + +// Version represents a semver compatible version +type Version struct { + Major uint64 + Minor uint64 + Patch uint64 + Pre []PRVersion + Build []string //No Precendence +} + +// Version to string +func (v Version) String() string { + b := make([]byte, 0, 5) + b = strconv.AppendUint(b, v.Major, 10) + b = append(b, '.') + b = strconv.AppendUint(b, v.Minor, 10) + b = append(b, '.') + b = strconv.AppendUint(b, v.Patch, 10) + + if len(v.Pre) > 0 { + b = append(b, '-') + b = append(b, v.Pre[0].String()...) + + for _, pre := range v.Pre[1:] { + b = append(b, '.') + b = append(b, pre.String()...) + } + } + + if len(v.Build) > 0 { + b = append(b, '+') + b = append(b, v.Build[0]...) + + for _, build := range v.Build[1:] { + b = append(b, '.') + b = append(b, build...) + } + } + + return string(b) +} + +// Equals checks if v is equal to o. +func (v Version) Equals(o Version) bool { + return (v.Compare(o) == 0) +} + +// EQ checks if v is equal to o. +func (v Version) EQ(o Version) bool { + return (v.Compare(o) == 0) +} + +// NE checks if v is not equal to o. +func (v Version) NE(o Version) bool { + return (v.Compare(o) != 0) +} + +// GT checks if v is greater than o. +func (v Version) GT(o Version) bool { + return (v.Compare(o) == 1) +} + +// GTE checks if v is greater than or equal to o. +func (v Version) GTE(o Version) bool { + return (v.Compare(o) >= 0) +} + +// GE checks if v is greater than or equal to o. +func (v Version) GE(o Version) bool { + return (v.Compare(o) >= 0) +} + +// LT checks if v is less than o. +func (v Version) LT(o Version) bool { + return (v.Compare(o) == -1) +} + +// LTE checks if v is less than or equal to o. +func (v Version) LTE(o Version) bool { + return (v.Compare(o) <= 0) +} + +// LE checks if v is less than or equal to o. +func (v Version) LE(o Version) bool { + return (v.Compare(o) <= 0) +} + +// Compare compares Versions v to o: +// -1 == v is less than o +// 0 == v is equal to o +// 1 == v is greater than o +func (v Version) Compare(o Version) int { + if v.Major != o.Major { + if v.Major > o.Major { + return 1 + } + return -1 + } + if v.Minor != o.Minor { + if v.Minor > o.Minor { + return 1 + } + return -1 + } + if v.Patch != o.Patch { + if v.Patch > o.Patch { + return 1 + } + return -1 + } + + // Quick comparison if a version has no prerelease versions + if len(v.Pre) == 0 && len(o.Pre) == 0 { + return 0 + } else if len(v.Pre) == 0 && len(o.Pre) > 0 { + return 1 + } else if len(v.Pre) > 0 && len(o.Pre) == 0 { + return -1 + } + + i := 0 + for ; i < len(v.Pre) && i < len(o.Pre); i++ { + if comp := v.Pre[i].Compare(o.Pre[i]); comp == 0 { + continue + } else if comp == 1 { + return 1 + } else { + return -1 + } + } + + // If all pr versions are the equal but one has further prversion, this one greater + if i == len(v.Pre) && i == len(o.Pre) { + return 0 + } else if i == len(v.Pre) && i < len(o.Pre) { + return -1 + } else { + return 1 + } + +} + +// Validate validates v and returns error in case +func (v Version) Validate() error { + // Major, Minor, Patch already validated using uint64 + + for _, pre := range v.Pre { + if !pre.IsNum { //Numeric prerelease versions already uint64 + if len(pre.VersionStr) == 0 { + return fmt.Errorf("Prerelease can not be empty %q", pre.VersionStr) + } + if !containsOnly(pre.VersionStr, alphanum) { + return fmt.Errorf("Invalid character(s) found in prerelease %q", pre.VersionStr) + } + } + } + + for _, build := range v.Build { + if len(build) == 0 { + return fmt.Errorf("Build meta data can not be empty %q", build) + } + if !containsOnly(build, alphanum) { + return fmt.Errorf("Invalid character(s) found in build meta data %q", build) + } + } + + return nil +} + +// New is an alias for Parse and returns a pointer, parses version string and returns a validated Version or error +func New(s string) (vp *Version, err error) { + v, err := Parse(s) + vp = &v + return +} + +// Make is an alias for Parse, parses version string and returns a validated Version or error +func Make(s string) (Version, error) { + return Parse(s) +} + +// ParseTolerant allows for certain version specifications that do not strictly adhere to semver +// specs to be parsed by this library. It does so by normalizing versions before passing them to +// Parse(). It currently trims spaces, removes a "v" prefix, and adds a 0 patch number to versions +// with only major and minor components specified +func ParseTolerant(s string) (Version, error) { + s = strings.TrimSpace(s) + s = strings.TrimPrefix(s, "v") + + // Split into major.minor.(patch+pr+meta) + parts := strings.SplitN(s, ".", 3) + if len(parts) < 3 { + if strings.ContainsAny(parts[len(parts)-1], "+-") { + return Version{}, errors.New("Short version cannot contain PreRelease/Build meta data") + } + for len(parts) < 3 { + parts = append(parts, "0") + } + s = strings.Join(parts, ".") + } + + return Parse(s) +} + +// Parse parses version string and returns a validated Version or error +func Parse(s string) (Version, error) { + if len(s) == 0 { + return Version{}, errors.New("Version string empty") + } + + // Split into major.minor.(patch+pr+meta) + parts := strings.SplitN(s, ".", 3) + if len(parts) != 3 { + return Version{}, errors.New("No Major.Minor.Patch elements found") + } + + // Major + if !containsOnly(parts[0], numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in major number %q", parts[0]) + } + if hasLeadingZeroes(parts[0]) { + return Version{}, fmt.Errorf("Major number must not contain leading zeroes %q", parts[0]) + } + major, err := strconv.ParseUint(parts[0], 10, 64) + if err != nil { + return Version{}, err + } + + // Minor + if !containsOnly(parts[1], numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in minor number %q", parts[1]) + } + if hasLeadingZeroes(parts[1]) { + return Version{}, fmt.Errorf("Minor number must not contain leading zeroes %q", parts[1]) + } + minor, err := strconv.ParseUint(parts[1], 10, 64) + if err != nil { + return Version{}, err + } + + v := Version{} + v.Major = major + v.Minor = minor + + var build, prerelease []string + patchStr := parts[2] + + if buildIndex := strings.IndexRune(patchStr, '+'); buildIndex != -1 { + build = strings.Split(patchStr[buildIndex+1:], ".") + patchStr = patchStr[:buildIndex] + } + + if preIndex := strings.IndexRune(patchStr, '-'); preIndex != -1 { + prerelease = strings.Split(patchStr[preIndex+1:], ".") + patchStr = patchStr[:preIndex] + } + + if !containsOnly(patchStr, numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in patch number %q", patchStr) + } + if hasLeadingZeroes(patchStr) { + return Version{}, fmt.Errorf("Patch number must not contain leading zeroes %q", patchStr) + } + patch, err := strconv.ParseUint(patchStr, 10, 64) + if err != nil { + return Version{}, err + } + + v.Patch = patch + + // Prerelease + for _, prstr := range prerelease { + parsedPR, err := NewPRVersion(prstr) + if err != nil { + return Version{}, err + } + v.Pre = append(v.Pre, parsedPR) + } + + // Build meta data + for _, str := range build { + if len(str) == 0 { + return Version{}, errors.New("Build meta data is empty") + } + if !containsOnly(str, alphanum) { + return Version{}, fmt.Errorf("Invalid character(s) found in build meta data %q", str) + } + v.Build = append(v.Build, str) + } + + return v, nil +} + +// MustParse is like Parse but panics if the version cannot be parsed. +func MustParse(s string) Version { + v, err := Parse(s) + if err != nil { + panic(`semver: Parse(` + s + `): ` + err.Error()) + } + return v +} + +// PRVersion represents a PreRelease Version +type PRVersion struct { + VersionStr string + VersionNum uint64 + IsNum bool +} + +// NewPRVersion creates a new valid prerelease version +func NewPRVersion(s string) (PRVersion, error) { + if len(s) == 0 { + return PRVersion{}, errors.New("Prerelease is empty") + } + v := PRVersion{} + if containsOnly(s, numbers) { + if hasLeadingZeroes(s) { + return PRVersion{}, fmt.Errorf("Numeric PreRelease version must not contain leading zeroes %q", s) + } + num, err := strconv.ParseUint(s, 10, 64) + + // Might never be hit, but just in case + if err != nil { + return PRVersion{}, err + } + v.VersionNum = num + v.IsNum = true + } else if containsOnly(s, alphanum) { + v.VersionStr = s + v.IsNum = false + } else { + return PRVersion{}, fmt.Errorf("Invalid character(s) found in prerelease %q", s) + } + return v, nil +} + +// IsNumeric checks if prerelease-version is numeric +func (v PRVersion) IsNumeric() bool { + return v.IsNum +} + +// Compare compares two PreRelease Versions v and o: +// -1 == v is less than o +// 0 == v is equal to o +// 1 == v is greater than o +func (v PRVersion) Compare(o PRVersion) int { + if v.IsNum && !o.IsNum { + return -1 + } else if !v.IsNum && o.IsNum { + return 1 + } else if v.IsNum && o.IsNum { + if v.VersionNum == o.VersionNum { + return 0 + } else if v.VersionNum > o.VersionNum { + return 1 + } else { + return -1 + } + } else { // both are Alphas + if v.VersionStr == o.VersionStr { + return 0 + } else if v.VersionStr > o.VersionStr { + return 1 + } else { + return -1 + } + } +} + +// PreRelease version to string +func (v PRVersion) String() string { + if v.IsNum { + return strconv.FormatUint(v.VersionNum, 10) + } + return v.VersionStr +} + +func containsOnly(s string, set string) bool { + return strings.IndexFunc(s, func(r rune) bool { + return !strings.ContainsRune(set, r) + }) == -1 +} + +func hasLeadingZeroes(s string) bool { + return len(s) > 1 && s[0] == '0' +} + +// NewBuildVersion creates a new valid build version +func NewBuildVersion(s string) (string, error) { + if len(s) == 0 { + return "", errors.New("Buildversion is empty") + } + if !containsOnly(s, alphanum) { + return "", fmt.Errorf("Invalid character(s) found in build meta data %q", s) + } + return s, nil +} diff --git a/vendor/github.com/blang/semver/sort.go b/vendor/github.com/blang/semver/sort.go new file mode 100644 index 00000000000..e18f880826a --- /dev/null +++ b/vendor/github.com/blang/semver/sort.go @@ -0,0 +1,28 @@ +package semver + +import ( + "sort" +) + +// Versions represents multiple versions. +type Versions []Version + +// Len returns length of version collection +func (s Versions) Len() int { + return len(s) +} + +// Swap swaps two versions inside the collection by its indices +func (s Versions) Swap(i, j int) { + s[i], s[j] = s[j], s[i] +} + +// Less checks if version at index i is less than version at index j +func (s Versions) Less(i, j int) bool { + return s[i].LT(s[j]) +} + +// Sort sorts a slice of versions +func Sort(versions []Version) { + sort.Sort(Versions(versions)) +} diff --git a/vendor/github.com/blang/semver/sql.go b/vendor/github.com/blang/semver/sql.go new file mode 100644 index 00000000000..eb4d802666e --- /dev/null +++ b/vendor/github.com/blang/semver/sql.go @@ -0,0 +1,30 @@ +package semver + +import ( + "database/sql/driver" + "fmt" +) + +// Scan implements the database/sql.Scanner interface. +func (v *Version) Scan(src interface{}) (err error) { + var str string + switch src := src.(type) { + case string: + str = src + case []byte: + str = string(src) + default: + return fmt.Errorf("Version.Scan: cannot convert %T to string.", src) + } + + if t, err := Parse(str); err == nil { + *v = t + } + + return +} + +// Value implements the database/sql/driver.Valuer interface. +func (v Version) Value() (driver.Value, error) { + return v.String(), nil +} diff --git a/vendor/github.com/elastic/go-ucfg/.editorconfig b/vendor/github.com/elastic/go-ucfg/.editorconfig new file mode 100644 index 00000000000..a92dc2185bd --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/.editorconfig @@ -0,0 +1,27 @@ +# See: http://editorconfig.org +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.json] +indent_size = 4 +indent_style = space + +[*.py] +indent_style = space +indent_size = 4 + +[*.yml] +indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab + +[Vagrantfile] +indent_size = 2 +indent_style = space diff --git a/vendor/github.com/elastic/go-ucfg/.gitignore b/vendor/github.com/elastic/go-ucfg/.gitignore new file mode 100644 index 00000000000..485dee64bcf --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/vendor/github.com/elastic/go-ucfg/.travis.yml b/vendor/github.com/elastic/go-ucfg/.travis.yml new file mode 100644 index 00000000000..bff3d3c08ed --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/.travis.yml @@ -0,0 +1,14 @@ +language: go + +go: + - '1.10' + - '1.11' + - '1.12' + - '1.13' + - 'tip' + +script: + - go test -race -coverprofile=coverage.txt -covermode=atomic ./... + +after_success: + - bash <(curl -s https://codecov.io/bash) diff --git a/vendor/github.com/elastic/go-ucfg/CHANGELOG.md b/vendor/github.com/elastic/go-ucfg/CHANGELOG.md new file mode 100644 index 00000000000..9c3af53784e --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/CHANGELOG.md @@ -0,0 +1,304 @@ +# Change Log +All notable changes to this project will be documented in this file. +This project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] + +### Added + +### Changed + +### Deprecated + +### Removed + +### Fixed +- Fixed panic on zero Value while processing a collection of interfaces. #159 + +## [0.8.3] + +### Added +- Added ability to adjust merging behavior based on field names in configuration. Using `ucfg.FieldMergeValues`, `ucfg.FieldReplaceValues`, `ucfg.FieldAppendValues`, and `ucfg.FieldPrependValues`. #151 + +## [0.8.2] + +### Fixed +- Fixed nonzero validator to not fail on nil array or slice. #147 +- Fixed nonzero validator to validate maps. +- Fixed required validator to validate maps. + +## [0.8.1] + +### Fixed +- Prevent Validate from being called when value is a pointer or interface and is nil. #144 + +## [0.8.0] + +### Added +- Add support for HJSON. #131 +- Add new parse.Config to adjust parsing of varibles returned by a Resolve. #139 +- Add call to InitDefaults when map, primitives, or structs implement Initializer interface during Unpack. #104 + +### Changed +- Moved internal/parse to parse module. #139 +- Add parse.Config to resolvers return. #139 + +### Fixed +- Call Validate on custom slice types. #133 +- Call Validate on custom map types. #136 +- Disabled object parsing of environment variables. #139 +- Apply validation to defaults passed into Unpack when Config doesn't contain a value. #42 + +## [0.7.0] + +### Added +- Add (*Config).Has. #127 +- Add (*Config).Remove. #126 + +### Removed +- Remove CI and support for go versions <1.10. #128 + +## [0.6.5] + +### Added +- Added a NOOP Resolver that will return the key wrapped in the field reference syntax. #122 + +## [0.6.4] + +### Fixed +- Do not treat $ as escape char in plain strings/regexes #120 + +## [0.6.3] + +### Changed +- Remove UUID lib and use pseudo-random IDs instead. #118 + +## [0.6.2] + +### Changed +- New UUID lib: github.com/gofrs/uuid. #116 + +### Fixed +- Fix escape character not removed from escaped string #115 + +## [0.6.1] + +### Fixed +- Ignore flag keys with missing values. #111 + +## [0.6.0] + +### Added +- Add *Config merging options merge, append, prepend, replace. #107 + +### Fixed +- Fix: do not treat ucfg.Config (or castable type) as Unpacker. #106 + +## [0.5.1] + +### Fixed +- Fix: an issue with the Cyclic reference algorithm when a direct reference was pointing + to another reference. #100 + +## [0.5.0] + +### Added +- Detect cyclic reference and allow to search top level key with the other resolvers. #97 +- Allow to diff keys of two different configuration #93 + +## [0.4.6] + +### Added +- Introduce ,ignore struct tag option to optionally ignore exported fields. #89 +- Add support for custom Unpacker method with `*Config` being convertible to first parameter. The custom method must be compatible to `ConfigUnpacker`. #90 + +### Fixed +- Ignore private struct fields when merging a struct into a config. #89 + +## [0.4.5] + +### Changed +- merging sub-configs enforces strict variable expansion #85 + +### Fixed +- fix merging nil sub-configs #85 + +## [0.4.4] + +### Added +- Add support for pure array config files #82 + +### Changed +- Invalid top-level types return non-critical error (no stack-trace) on merge #82 + +### Fixed +- Fix panic when merging or creating a config from nil interface value #82 + +## [0.4.3] + +### Changed +- Add per element type stop set for handling unquoted strings (reduces need for quoting strings in environment variables) #80 + +### Fixed +- fix issue unpacking array from environment variable into struct array fields #80 +- fix unparsed values being used for unpacking #80 + +## [0.4.2] + +### Fixed +- Treat `,` character as only special character in non quoted top-level strings. #78 + +## [0.4.1] + +### Fixed +- Fix parsing empty string or nil objects from environment variables. #76 + +## [0.4.0] + +### Added +- Syntax for passing lists and dictionaries to flags. #72 +- Add Unpacker interface specializations for primitive types. #73 +- Variable expansion parsing lists and dictionaries with parser introduced in + #72. #74 + +### Fixed +- Fix Unpacker interface not applied if some 'old' value is already present on + target and is struct implementing Unpack. #73 + +## [0.3.7] + +### Fixed +- Fix int/uint to float type conversation. #68 +- Fix primitive type unpacking for variables expanded from environment variables + or strings read/created by config file parsers. #67 + +## [0.3.6] + +### Fixed +- Fix duplicate key error when normalizing tables. #63 + +## [0.3.5] + +### Fixed +- Fix merging array values. #59 +- Fix initializing empty array values. #58 + +## [0.3.4] + +### Fixed +- Fix error message if Unpack returns error. #56 + +## [0.3.3] + +### Fixed +- Fix `(*FlagValue).String` panic with go 1.7 #54 + +## [0.3.2] + +### Changed +- Turn '$' into universal escape character, so '}' in default values can be escaped with '$'. #52 + +### Fixed +- Fix parsing ':' in expansion default value. #51, #52 + +## [0.3.1] + +### Added +- Add `(*Config).IsArray` and `(*Config).IsDict`. #44 + +### Fixed +- Fix (*Config).CountField returning 1 for arrays of any size. #43 +- Fix unpacking into slice/array top-level or if `inline`-tag is used. #45 + +## [0.3.0] + +### Added +- Added CLI flag support. #15 +- Added variable expansion support. #14 + +### Changed +- Report error message from regexp.Compile if compilation fails #21 + +### Fixed +- Nil values become merge-able with concrete types. #26 +- Fix merging types `time.Duration` and `*regexp.Regexp`. #25 +- Fix Validate-method not being run for structs. #32 +- Fix field validation errors on structs fields does not contain missing or failed configuration variable. #31 + +## [0.2.1] + +### Changed +- Report error message from regexp.Compile if compilation fails #21 + +### Fixed +- Handle empty slices, strings, regular expression by nonzero,required validation tags #20, #23 + +## [0.2.0] + +### Added +- Support for validation via Validator interface. #16 +- Added direct support for uint values. #8, #16 +- Support for simple validators via struct tags (e.g. min, max, nonzero, required). #16 +- Add support for validating time.Duration. #9, #16 +- Added Unpacker interface for customer unpackers. #17 +- Support for numeric indices for accessing/writing array elements. #12 #19 + +### Changed +- Set/Get methods require index of -1 if value is not supposed to be in an array. #19 +- Configurations can be arrays and/or objects at the same time. #19 +- Access elements with empty path and index in array based Configuration nodes. #19 + +### Fixed +- Check for integer overflow when unpacking into int/uint. #8, #16 + +## [0.1.1] + +### Fixed +- Fixed unpacking *regexp.Regexp +- Fixed unpacking empty config as *Config object + +## [0.1.0] + +### Added +- add support for unpacking *regexp.Regexp via regexp.Compile +- Parse time.Duration from int/float values in seconds +- Improve error messages +- Add options and PathSep support to low level option setters/getters +- Added support for _rebranding_ `*ucfg.Config` via `type MyConfig ucfg.Config` using + casts between pointer types in Unpack and Merge. +- Introduced CHANGELOG.md for documenting changes to ucfg. + + +[Unreleased]: https://github.com/elastic/go-ucfg/compare/v0.8.3...HEAD +[0.8.3]: https://github.com/elastic/go-ucfg/compare/v0.8.2...v0.8.3 +[0.8.2]: https://github.com/elastic/go-ucfg/compare/v0.8.1...v0.8.2 +[0.8.1]: https://github.com/elastic/go-ucfg/compare/v0.8.0...v0.8.1 +[0.8.0]: https://github.com/elastic/go-ucfg/compare/v0.7.0...v0.8.0 +[0.7.0]: https://github.com/elastic/go-ucfg/compare/v0.6.5...v0.7.0 +[0.6.5]: https://github.com/elastic/go-ucfg/compare/v0.6.4...v0.6.5 +[0.6.4]: https://github.com/elastic/go-ucfg/compare/v0.6.3...v0.6.4 +[0.6.3]: https://github.com/elastic/go-ucfg/compare/v0.6.2...v0.6.3 +[0.6.2]: https://github.com/elastic/go-ucfg/compare/v0.6.1...v0.6.2 +[0.6.1]: https://github.com/elastic/go-ucfg/compare/v0.6.0...v0.6.1 +[0.6.0]: https://github.com/elastic/go-ucfg/compare/v0.5.1...v0.6.0 +[0.5.1]: https://github.com/elastic/go-ucfg/compare/v0.5.0...v0.5.1 +[0.5.0]: https://github.com/elastic/go-ucfg/compare/v0.4.6...v0.5.0 +[0.4.6]: https://github.com/elastic/go-ucfg/compare/v0.4.5...v0.4.6 +[0.4.5]: https://github.com/elastic/go-ucfg/compare/v0.4.4...v0.4.5 +[0.4.4]: https://github.com/elastic/go-ucfg/compare/v0.4.3...v0.4.4 +[0.4.3]: https://github.com/elastic/go-ucfg/compare/v0.4.2...v0.4.3 +[0.4.2]: https://github.com/elastic/go-ucfg/compare/v0.4.1...v0.4.2 +[0.4.1]: https://github.com/elastic/go-ucfg/compare/v0.4.0...v0.4.1 +[0.4.0]: https://github.com/elastic/go-ucfg/compare/v0.3.7...v0.4.0 +[0.3.7]: https://github.com/elastic/go-ucfg/compare/v0.3.6...v0.3.7 +[0.3.6]: https://github.com/elastic/go-ucfg/compare/v0.3.5...v0.3.6 +[0.3.5]: https://github.com/elastic/go-ucfg/compare/v0.3.4...v0.3.5 +[0.3.4]: https://github.com/elastic/go-ucfg/compare/v0.3.3...v0.3.4 +[0.3.3]: https://github.com/elastic/go-ucfg/compare/v0.3.2...v0.3.3 +[0.3.2]: https://github.com/elastic/go-ucfg/compare/v0.3.1...v0.3.2 +[0.3.1]: https://github.com/elastic/go-ucfg/compare/v0.3.0...v0.3.1 +[0.3.0]: https://github.com/elastic/go-ucfg/compare/v0.2.1...v0.3.0 +[0.2.1]: https://github.com/elastic/go-ucfg/compare/v0.2.0...v0.2.1 +[0.2.0]: https://github.com/elastic/go-ucfg/compare/v0.1.1...v0.2.0 +[0.1.1]: https://github.com/elastic/go-ucfg/compare/v0.1.0...v0.1.1 +[0.1.0]: https://github.com/elastic/go-ucfg/compare/v0.0.0...v0.1.0 diff --git a/vendor/github.com/elastic/go-ucfg/LICENSE b/vendor/github.com/elastic/go-ucfg/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/elastic/go-ucfg/README.md b/vendor/github.com/elastic/go-ucfg/README.md new file mode 100644 index 00000000000..1042f426339 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/README.md @@ -0,0 +1,93 @@ +[![Build +Status](https://travis-ci.org/elastic/go-ucfg.svg?branch=master)](https://travis-ci.org/elastic/go-ucfg) +[![Go Report +Card](https://goreportcard.com/badge/github.com/elastic/go-ucfg)](https://goreportcard.com/report/github.com/elastic/go-ucfg) +[![codecov](https://codecov.io/gh/elastic/go-ucfg/branch/master/graph/badge.svg)](https://codecov.io/gh/elastic/go-ucfg) + + +# ucfg - Universal Configuration + +`ucfg` is a Golang library to handle hjson, json, and yaml configuration files in your Golang project. It was developed for the [libbeat framework](https://github.com/elastic/beats/tree/master/libbeat) and used by all [beats](https://github.com/elastic/beats). + + +## API Documentation + +The full API Documentation can be found [here](https://godoc.org/github.com/elastic/go-ucfg). + +## Examples + +A few examples on how ucfg can be used. All examples below assume, that the following packages are imported: + +```golang +import ( + "github.com/elastic/go-ucfg" + "github.com/elastic/go-ucfg/yaml" +) +``` + +### Dot notations + +ufcg allows you to load yaml configuration files using dots instead of indentation. For example instead of having: + +```yaml +config: + user: name +``` + +with ucfg you can write: + +```yaml +config.user: name +``` + +This makes configurations easier and simpler. + +To load such a config file in Golang, use the following command: + +```golang +config, err := yaml.NewConfigWithFile(path, ucfg.PathSep(".")) +``` + + + +### Validation and Defaults + +ucfg allows to automatically validate fields and set defaults for fields in case they are not defined. + + +```golang +// Defines struct to read config from +type ExampleConfig struct { + Counter int `config:"counter" validate:"min=0, max=9"` +} + +// Defines default config option +var ( + defaultConfig = ExampleConfig{ + Counter: 4, + } +) + +func main() { + appConfig := defaultConfig // copy default config so it's not overwritten + config, err := yaml.NewConfigWithFile(path, ucfg.PathSep(".")) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + err = config.Unpack(&appConfig) + if err != nil { + fmt.Println(err) + os.Exit(1) + } +} +``` + +The above uses `Counter` as the config variable. ucfg assures that the value is between 0 and 9 and will return an error if this is not the case. In addition, if the value is not set, it will default to 4. + + +## Requirements + +ucfg has the following requirements: + +* Golang 1.10+ diff --git a/vendor/github.com/elastic/go-ucfg/doc.go b/vendor/github.com/elastic/go-ucfg/doc.go new file mode 100644 index 00000000000..7d549876bef --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/doc.go @@ -0,0 +1,27 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package ucfg provides a common representation for hierarchical configurations. +// +// The common representation provided by the Config type can be used with different +// configuration file formats like XML, JSON, HSJSON, YAML, or TOML. +// +// Config provides a low level and a high level interface for reading settings +// with additional features like custom unpackers, validation and capturing +// sub-configurations for deferred interpretation, lazy intra-configuration +// variable expansion, and OS environment variable expansion. +package ucfg diff --git a/vendor/github.com/elastic/go-ucfg/error.go b/vendor/github.com/elastic/go-ucfg/error.go new file mode 100644 index 00000000000..d944bac66d9 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/error.go @@ -0,0 +1,349 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "errors" + "fmt" + "reflect" + "runtime/debug" +) + +// Error type returned by all public functions in go-ucfg. +type Error interface { + error + + // error class, one of ErrConfig, ErrImplementation, ErrUnknown + Class() error + + // The internal reason error code like ErrMissing, ErrRequired, + // ErrTypeMismatch and others. + Reason() error + + // The error message. + Message() string + + // [optional] path of config element error occurred for + Path() string + + // [optional] stack trace + Trace() string +} + +type baseError struct { + reason error + class error + message string + path string +} + +type criticalError struct { + baseError + trace string +} + +// Error Reasons +var ( + ErrMissing = errors.New("missing field") + + ErrNoParse = errors.New("parsing dynamic configs is disabled") + + ErrCyclicReference = errors.New("cyclic reference detected") + + ErrDuplicateValidator = errors.New("validator already registered") + + ErrTypeNoArray = errors.New("field is no array") + + ErrTypeMismatch = errors.New("type mismatch") + + ErrKeyTypeNotString = errors.New("key must be a string") + + ErrIndexOutOfRange = errors.New("out of range index") + + ErrPointerRequired = errors.New("pointer required for unpacking configurations") + + ErrArraySizeMistach = errors.New("Array size mismatch") + + ErrExpectedObject = errors.New("expected object") + + ErrNilConfig = errors.New("config is nil") + + ErrNilValue = errors.New("nil value is invalid") + + ErrTODO = errors.New("TODO - implement me") + + ErrDuplicateKey = errors.New("duplicate key") + + ErrOverflow = errors.New("integer overflow") + + ErrNegative = errors.New("negative value") + + ErrZeroValue = errors.New("zero value") + + ErrRequired = errors.New("missing required field") + + ErrEmpty = errors.New("empty field") + + ErrArrayEmpty = errors.New("empty array") + + ErrMapEmpty = errors.New("empty map") + + ErrRegexEmpty = errors.New("regex value is not set") + + ErrStringEmpty = errors.New("string value is not set") +) + +// Error Classes +var ( + ErrConfig = errors.New("Configuration error") + ErrImplementation = errors.New("Implementation error") + ErrUnknown = errors.New("Unspecified") +) + +func (e baseError) Error() string { return e.Message() } +func (e baseError) Reason() error { return e.reason } +func (e baseError) Class() error { return e.class } +func (e baseError) Trace() string { return "" } +func (e baseError) Path() string { return e.path } + +func (e baseError) Message() string { + if e.message == "" { + return e.reason.Error() + } + return e.message +} + +func (e criticalError) Trace() string { return e.trace } + +func (e criticalError) Error() string { + return fmt.Sprintf("%s\nTrace:%v\n", e.baseError.Message(), e.trace) +} + +func raiseErr(reason error, message string) Error { + return baseError{ + reason: reason, + message: message, + class: ErrConfig, + } +} + +func raiseImplErr(reason error) Error { + return baseError{ + reason: reason, + class: ErrImplementation, + } +} + +func raiseCritical(reason error, message string) Error { + if message == "" { + message = reason.Error() + } + if message != "" { + message = fmt.Sprintf("(assert) %v", message) + } + return criticalError{ + baseError{reason, ErrImplementation, message, ""}, + string(debug.Stack()), + } +} + +func raisePathErr(reason error, meta *Meta, message, path string) Error { + message = messagePath(reason, meta, message, path) + return baseError{reason, ErrConfig, message, path} +} + +func messageMeta(message string, meta *Meta) string { + if meta == nil || meta.Source == "" { + return message + } + return fmt.Sprintf("%v (source:'%v')", message, meta.Source) +} + +func messagePath(reason error, meta *Meta, message, path string) string { + if path == "" { + path = "config" + } else { + path = fmt.Sprintf("'%v'", path) + } + + if message == "" { + message = reason.Error() + } + + message = fmt.Sprintf("%v accessing %v", message, path) + return messageMeta(message, meta) +} + +func raiseDuplicateKey(cfg *Config, name string) Error { + return raisePathErr(ErrDuplicateKey, cfg.metadata, "", cfg.PathOf(name, ".")) +} + +func raiseCyclicErr(field string) Error { + message := fmt.Sprintf("cyclic reference detected for key: '%s'", field) + + return baseError{ + reason: ErrCyclicReference, + class: ErrConfig, + message: message, + } +} + +func raiseMissing(c *Config, field string) Error { + // error reading field from config, as missing in c + return raiseMissingMsg(c, field, "") +} + +func raiseMissingMsg(c *Config, field string, message string) Error { + return raisePathErr(ErrMissing, c.metadata, message, c.PathOf(field, ".")) +} + +func raiseMissingArr(ctx context, meta *Meta, idx int) Error { + message := fmt.Sprintf("no value in array at %v", idx) + return raisePathErr(ErrMissing, meta, message, ctx.path(".")) +} + +func raiseIndexOutOfBounds(opts *options, value value, idx int) Error { + reason := ErrIndexOutOfRange + ctx := value.Context() + len, _ := value.Len(opts) + message := fmt.Sprintf("index '%v' out of range (length=%v)", idx, len) + return raisePathErr(reason, value.meta(), message, ctx.path(".")) +} + +func raiseInvalidTopLevelType(v interface{}, meta *Meta) Error { + // could be developers or user fault + t := chaseTypePointers(chaseValue(reflect.ValueOf(v)).Type()) + message := fmt.Sprintf("type '%v' is not supported on top level of config, only dictionary or list", t) + return raiseErr(ErrTypeMismatch, messageMeta(message, meta)) +} + +func raiseKeyInvalidTypeUnpack(t reflect.Type, from *Config) Error { + // most likely developers fault + ctx := from.ctx + reason := ErrKeyTypeNotString + message := fmt.Sprintf("string key required when unpacking into '%v'", t) + return raiseCritical(reason, messagePath(reason, from.metadata, message, ctx.path("."))) +} + +func raiseKeyInvalidTypeMerge(cfg *Config, t reflect.Type) Error { + ctx := cfg.ctx + reason := ErrKeyTypeNotString + message := fmt.Sprintf("string key required when merging into '%v'", t) + return raiseCritical(reason, messagePath(reason, cfg.metadata, message, ctx.path("."))) +} + +func raiseSquashNeedsObject(cfg *Config, opts *options, f string, t reflect.Type) Error { + reason := ErrTypeMismatch + message := fmt.Sprintf("require map or struct when squash merging '%v' (%v)", f, t) + + return raiseCritical(reason, messagePath(reason, opts.meta, message, cfg.Path("."))) +} + +func raiseInlineNeedsObject(cfg *Config, f string, t reflect.Type) Error { + reason := ErrTypeMismatch + message := fmt.Sprintf("require map or struct when inling '%v' (%v)", f, t) + return raiseCritical(reason, + messagePath(reason, cfg.metadata, message, cfg.Path("."))) +} + +func raiseUnsupportedInputType(ctx context, meta *Meta, v reflect.Value) Error { + reason := ErrTypeMismatch + message := fmt.Sprintf("unspported input type (%v) with value '%#v'", + v.Type(), v) + + return raiseCritical(reason, messagePath(reason, meta, message, ctx.path("."))) +} + +func raiseNoParse(ctx context, meta *Meta) Error { + reason := ErrNoParse + return raisePathErr(reason, meta, "", ctx.path(".")) +} + +func raiseNil(reason error) Error { + // programmers error (passed unexpected nil pointer) + return raiseCritical(reason, "") +} + +func raisePointerRequired(v reflect.Value) Error { + // developer did not pass pointer, unpack target is not settable + return raiseCritical(ErrPointerRequired, "") +} + +func raiseToTypeNotSupported(opts *options, v value, goT reflect.Type) Error { + reason := ErrTypeMismatch + t, _ := v.typ(opts) + message := fmt.Sprintf("value of type '%v' not convertible into unsupported go type '%v'", + t.name, goT) + ctx := v.Context() + + return raiseCritical(reason, messagePath(reason, v.meta(), message, ctx.path("."))) +} + +func raiseArraySize(ctx context, meta *Meta, n int, to int) Error { + reason := ErrArraySizeMistach + message := fmt.Sprintf("array of length %v does not meet required length %v", + n, to) + + return raisePathErr(reason, meta, message, ctx.path(".")) +} + +func raiseConversion(opts *options, v value, err error, to string) Error { + ctx := v.Context() + path := ctx.path(".") + t, _ := v.typ(opts) + message := fmt.Sprintf("can not convert '%v' into '%v'", t.name, to) + return raisePathErr(err, v.meta(), message, path) +} + +func raiseExpectedObject(opts *options, v value) Error { + ctx := v.Context() + path := ctx.path(".") + t, _ := v.typ(opts) + message := fmt.Sprintf("required 'object', but found '%v' in field '%v'", + t.name, path) + + return raiseErr(ErrExpectedObject, messageMeta(message, v.meta())) +} + +func raiseInvalidDuration(v value, err error) Error { + ctx := v.Context() + path := ctx.path(".") + return raisePathErr(err, v.meta(), "", path) +} + +func raiseValidation(ctx context, meta *Meta, field string, err error) Error { + path := "" + if field == "" { + path = ctx.path(".") + } else { + path = ctx.pathOf(field, ".") + } + return raiseErr(err, messagePath(err, meta, err.Error(), path)) +} + +func raiseInvalidRegexp(v value, err error) Error { + ctx := v.Context() + path := ctx.path(".") + message := fmt.Sprintf("Failed to compile regular expression with '%v'", err) + return raisePathErr(err, v.meta(), message, path) +} + +func raiseParseSplice(ctx context, meta *Meta, err error) Error { + message := fmt.Sprintf("%v parsing splice", err) + return raisePathErr(err, meta, message, ctx.path(".")) +} diff --git a/vendor/github.com/elastic/go-ucfg/errpred.go b/vendor/github.com/elastic/go-ucfg/errpred.go new file mode 100644 index 00000000000..e849e6c9fd1 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/errpred.go @@ -0,0 +1,41 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +func isCyclicError(err error) bool { + switch v := err.(type) { + case Error: + return v.Reason() == ErrCyclicReference + } + return false +} + +func isMissingError(err error) bool { + switch v := err.(type) { + case Error: + return v.Reason() == ErrMissing + } + return false +} + +func criticalResolveError(err error) bool { + if err == nil { + return false + } + return !(isCyclicError(err) || isMissingError(err)) +} diff --git a/vendor/github.com/elastic/go-ucfg/fieldset.go b/vendor/github.com/elastic/go-ucfg/fieldset.go new file mode 100644 index 00000000000..e797f18417d --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/fieldset.go @@ -0,0 +1,60 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +type fieldSet struct { + fields map[string]struct{} + parent *fieldSet +} + +func newFieldSet(parent *fieldSet) *fieldSet { + return &fieldSet{ + fields: map[string]struct{}{}, + parent: parent, + } +} + +func (s *fieldSet) Has(name string) (exists bool) { + if _, exists = s.fields[name]; !exists && s.parent != nil { + exists = s.parent.Has(name) + } + return +} + +func (s *fieldSet) Add(name string) { + s.fields[name] = struct{}{} +} + +func (s *fieldSet) AddNew(name string) (ok bool) { + if ok = !s.Has(name); ok { + s.Add(name) + } + return +} + +func (s *fieldSet) Names() []string { + var names []string + for k := range s.fields { + names = append(names, k) + } + + if s.parent != nil { + names = append(names, s.parent.Names()...) + } + return names +} diff --git a/vendor/github.com/elastic/go-ucfg/getset.go b/vendor/github.com/elastic/go-ucfg/getset.go new file mode 100644 index 00000000000..a0a71f99bf9 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/getset.go @@ -0,0 +1,281 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +// ****************************************************************************** +// Low level getters and setters +// ****************************************************************************** + +func convertErr(opts *options, v value, err error, to string) Error { + if err == nil { + return nil + } + return raiseConversion(opts, v, err, to) +} + +// CountField returns number of entries in a table or 1 if entry is a primitive value. +// Primitives settings can be handled like a list with 1 entry. +// +// If name is empty, the total number of top-level settings is returned. +// +// CountField supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) CountField(name string, opts ...Option) (int, error) { + if name == "" { + return len(c.fields.array()) + len(c.fields.dict()), nil + } + + if v, ok := c.fields.get(name); ok { + return v.Len(makeOptions(opts)) + } + return -1, raiseMissing(c, name) +} + +// Bool reads a boolean setting returning an error if the setting has no +// boolean value. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// Bool supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) Bool(name string, idx int, opts ...Option) (bool, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return false, err + } + b, fail := v.toBool(O) + return b, convertErr(O, v, fail, "bool") +} + +// Strings reads a string setting returning an error if the setting has +// no string or primitive value convertible to string. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// String supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) String(name string, idx int, opts ...Option) (string, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return "", err + } + s, fail := v.toString(O) + return s, convertErr(O, v, fail, "string") +} + +// Int reads an int64 value returning an error if the setting is +// not integer value, the primitive value is not convertible to int or a conversion +// would create an integer overflow. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// Int supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) Int(name string, idx int, opts ...Option) (int64, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return 0, err + } + + i, fail := v.toInt(O) + return i, convertErr(O, v, fail, "int") +} + +// Uint reads an uint64 value returning an error if the setting is +// not unsigned value, the primitive value is not convertible to uint64 or a conversion +// would create an integer overflow. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// Uint supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) Uint(name string, idx int, opts ...Option) (uint64, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return 0, err + } + u, fail := v.toUint(O) + return u, convertErr(O, v, fail, "uint") +} + +// Float reads a float64 value returning an error if the setting is +// not a float value or the primitive value is not convertible to float. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// Float supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) Float(name string, idx int, opts ...Option) (float64, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return 0, err + } + f, fail := v.toFloat(O) + return f, convertErr(O, v, fail, "float") +} + +// Child returns a child configuration or an error if the setting requested is a +// primitive value only. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// Child supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) Child(name string, idx int, opts ...Option) (*Config, error) { + O := makeOptions(opts) + v, err := c.getField(name, idx, O) + if err != nil { + return nil, err + } + c, fail := v.toConfig(O) + return c, convertErr(O, v, fail, "object") +} + +// SetBool sets a boolean primitive value. An error is returned if the new name +// is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetBool supports the options: PathSep, MetaData +func (c *Config) SetBool(name string, idx int, value bool, opts ...Option) error { + return c.setField(name, idx, &cfgBool{b: value}, opts) +} + +// SetInt sets an integer primitive value. An error is returned if the new +// name is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetInt supports the options: PathSep, MetaData +func (c *Config) SetInt(name string, idx int, value int64, opts ...Option) error { + return c.setField(name, idx, &cfgInt{i: value}, opts) +} + +// SetUint sets an unsigned integer primitive value. An error is returned if +// the name is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetUint supports the options: PathSep, MetaData +func (c *Config) SetUint(name string, idx int, value uint64, opts ...Option) error { + return c.setField(name, idx, &cfgUint{u: value}, opts) +} + +// SetFloat sets an floating point primitive value. An error is returned if +// the name is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetFloat supports the options: PathSep, MetaData +func (c *Config) SetFloat(name string, idx int, value float64, opts ...Option) error { + return c.setField(name, idx, &cfgFloat{f: value}, opts) +} + +// SetString sets string value. An error is returned if the name is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetString supports the options: PathSep, MetaData +func (c *Config) SetString(name string, idx int, value string, opts ...Option) error { + return c.setField(name, idx, &cfgString{s: value}, opts) +} + +// SetChild adds a sub-configuration. An error is returned if the name is invalid. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. The number of entries in a named list can be read +// using CountField. +// +// SetChild supports the options: PathSep, MetaData +func (c *Config) SetChild(name string, idx int, value *Config, opts ...Option) error { + return c.setField(name, idx, cfgSub{c: value}, opts) +} + +// getField supports the options: PathSep, Env, Resolve, ResolveEnv +func (c *Config) getField(name string, idx int, opts *options) (value, Error) { + p := parsePathIdx(name, opts.pathSep, idx) + v, err := p.GetValue(c, opts) + if err != nil { + return v, err + } + + if v == nil { + return nil, raiseMissing(c, p.String()) + } + return v, nil +} + +// setField supports the options: PathSep, MetaData +func (c *Config) setField(name string, idx int, v value, options []Option) Error { + opts := makeOptions(options) + p := parsePathIdx(name, opts.pathSep, idx) + + err := p.SetValue(c, opts, v) + if err != nil { + return err + } + + if opts.meta != nil { + v.setMeta(opts.meta) + } + return nil +} diff --git a/vendor/github.com/elastic/go-ucfg/initializer.go b/vendor/github.com/elastic/go-ucfg/initializer.go new file mode 100644 index 00000000000..3614f3fd90c --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/initializer.go @@ -0,0 +1,59 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "reflect" +) + +// Initializer interface provides initialization of default values support to Unpack. +// The InitDefaults method will be executed for any type passed directly or indirectly to +// Unpack. +type Initializer interface { + InitDefaults() +} + +func tryInitDefaults(val reflect.Value) reflect.Value { + t := val.Type() + + var initializer Initializer + if t.Implements(iInitializer) { + initializer = val.Interface().(Initializer) + initializer.InitDefaults() + return val + } else if reflect.PtrTo(t).Implements(iInitializer) { + tmp := pointerize(reflect.PtrTo(t), t, val) + initializer = tmp.Interface().(Initializer) + initializer.InitDefaults() + + // Return the element in the pointer so the value is set into the + // field and not a pointer to the value. + return tmp.Elem() + } + return val +} + +func hasInitDefaults(t reflect.Type) bool { + if t.Implements(iInitializer) { + return true + } + if reflect.PtrTo(t).Implements(iInitializer) { + return true + } + return false +} diff --git a/vendor/github.com/elastic/go-ucfg/merge.go b/vendor/github.com/elastic/go-ucfg/merge.go new file mode 100644 index 00000000000..ff07a97c8f7 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/merge.go @@ -0,0 +1,585 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "reflect" + "regexp" + "time" + "unicode" + "unicode/utf8" +) + +// Merge a map, a slice, a struct or another Config object into c. +// +// Merge traverses the value from recursively copying all values into a hierarchy +// of Config objects plus primitives into c. +// +// Merge supports the options: PathSep, MetaData, StructTag, VarExp, ReplaceValues, AppendValues, PrependValues +// +// Merge uses the type-dependent default encodings: +// - Boolean values are encoded as booleans. +// - Integer are encoded as int64 values, unsigned integer values as uint64 and +// floats as float64 values. +// - Strings are copied into string values. +// If the VarExp is set, string fields will be parsed into +// variable expansion expressions. The expression can reference any +// other setting by absolute name. +// - Array and slices are copied into new Config objects with index accessors only. +// - Struct values and maps with key type string are encoded as Config objects with +// named field accessors. +// - Config objects will be copied and added to the current hierarchy. +// +// The `config` struct tag (configurable via StructTag option) can be used to +// set the field name and enable additional merging settings per field: +// +// // field appears in Config as key "myName" +// Field int `config:"myName"` +// +// // field appears in sub-Config "mySub" as key "myName" (requires PathSep(".")) +// Field int `config:"mySub.myName"` +// +// // field is processed as if keys are part of outer struct (type can be a +// // struct, a slice, an array, a map or of type *Config) +// Field map[string]interface{} `config:",inline"` +// +// // field is ignored by Merge +// Field string `config:",ignore"` +// +// +// Returns an error if merging fails to normalize and validate the from value. +// If duplicate setting names are detected in the input, merging fails as well. +// +// Config cannot represent cyclic structures and Merge does not handle them +// well. Passing cyclic structures to Merge will result in an infinite recursive +// loop. +func (c *Config) Merge(from interface{}, options ...Option) error { + // from is empty in case of empty config file + if from == nil { + return nil + } + + opts := makeOptions(options) + other, err := normalize(opts, from) + + if err != nil { + return err + } + return mergeConfig(opts, c, other) +} + +func mergeConfig(opts *options, to, from *Config) Error { + if err := mergeConfigDict(opts, to, from); err != nil { + return err + } + return mergeConfigArr(opts, to, from) +} + +func mergeConfigDict(opts *options, to, from *Config) Error { + dict := from.fields.dict() + if len(dict) == 0 { + return nil + } + + ok := false + if opts.configValueHandling == cfgReplaceValue { + old := to.fields.dict() + to.fields.d = nil + defer func() { + if !ok { + to.fields.d = old + } + }() + } + + for k, v := range dict { + ctx := context{ + parent: cfgSub{to}, + field: k, + } + + old, _ := to.fields.get(k) + opts, err := fieldOptsOverride(opts, k, -1) + if err != nil { + return err + } + merged, err := mergeValues(opts, old, v) + if err != nil { + return err + } + + to.fields.set(k, merged.cpy(ctx)) + } + + ok = true + return nil +} + +func mergeConfigArr(opts *options, to, from *Config) Error { + currHandling := opts.configValueHandling + opts, err := fieldOptsOverride(opts, "*", -1) + if err != nil { + return err + } + switch currHandling { + case cfgReplaceValue: + return mergeConfigReplaceArr(opts, to, from) + + case cfgArrPrepend: + return mergeConfigPrependArr(opts, to, from) + + case cfgArrAppend: + return mergeConfigAppendArr(opts, to, from) + + case cfgDefaultHandling, cfgMergeValues: + return mergeConfigMergeArr(opts, to, from) + default: + return mergeConfigMergeArr(opts, to, from) + } +} + +func mergeConfigReplaceArr(opts *options, to, from *Config) Error { + a := from.fields.array() + if len(a) == 0 { + return nil + } + + var parent value = cfgSub{to} + var fields = fields{ + d: to.fields.d, + a: make([]value, 0, len(a)), + } + fields.append(parent, a) + *to.fields = fields + return nil +} + +func mergeConfigMergeArr(opts *options, to, from *Config) Error { + l := len(to.fields.array()) + arr := from.fields.array() + if l > len(arr) { + l = len(arr) + } + + var parent value = cfgSub{to} + + // merge array indexes available in to and from + for i := 0; i < l; i++ { + ctx := context{ + parent: parent, + field: fmt.Sprintf("%v", i), + } + + // possible for individual index to be replaced + idxOpts, err := fieldOptsOverride(opts, "", i) + if err != nil { + return err + } + old := to.fields.array()[i] + merged, err := mergeValues(idxOpts, old, arr[i]) + if err != nil { + return err + } + to.fields.setAt(i, parent, merged.cpy(ctx)) + } + + if len(arr) > l { + // add additional array entries not yet in 'to' + to.fields.append(parent, arr[l:]) + } + return nil +} + +func mergeConfigPrependArr(opts *options, to, from *Config) Error { + a1 := to.fields.array() + a2 := from.fields.array() + if len(a2) == 0 { + return nil + } + + var parent value = cfgSub{to} + var fields = fields{ + d: to.fields.d, + a: make([]value, 0, len(a1)+len(a2)), + } + fields.append(parent, a2) + fields.append(parent, a1) + *to.fields = fields + return nil +} + +func mergeConfigAppendArr(opts *options, to, from *Config) Error { + to.fields.append(cfgSub{to}, from.fields.array()) + return nil +} + +func mergeValues(opts *options, old, v value) (value, Error) { + if old == nil { + return v, nil + } + + // check if new and old value evaluate to sub-configurations. If one is no + // sub-configuration, use new value only. + subOld, err := old.toConfig(opts) + if err != nil { + return v, nil + } + subV, err := v.toConfig(opts) + if err != nil { + return v, nil + } + + // merge new and old evaluated sub-configurations and return subOld for + // reassigning to old key in case of subOld being generated dynamically + if err := mergeConfig(opts, subOld, subV); err != nil { + return nil, err + } + return cfgSub{subOld}, nil +} + +// convert from into normalized *Config checking for errors +// before merging generated(normalized) config with current config +func normalize(opts *options, from interface{}) (*Config, Error) { + vFrom := chaseValue(reflect.ValueOf(from)) + + switch vFrom.Type() { + case tConfig: + return vFrom.Addr().Interface().(*Config), nil + case tConfigMap: + return normalizeMap(opts, vFrom) + default: + // try to convert vFrom into Config (rebranding) + if v, ok := tryTConfig(vFrom); ok { + return v.Addr().Interface().(*Config), nil + } + + // normalize given map/struct value + switch vFrom.Kind() { + case reflect.Struct: + return normalizeStruct(opts, vFrom) + case reflect.Map: + return normalizeMap(opts, vFrom) + case reflect.Array, reflect.Slice: + tmp, err := normalizeArray(opts, tagOptions{}, context{}, vFrom) + if err != nil { + return nil, err + } + c, _ := tmp.toConfig(opts) + return c, nil + } + + } + + return nil, raiseInvalidTopLevelType(from, opts.meta) +} + +func normalizeMap(opts *options, from reflect.Value) (*Config, Error) { + cfg := New() + cfg.metadata = opts.meta + if err := normalizeMapInto(cfg, opts, from); err != nil { + return nil, err + } + return cfg, nil +} + +func normalizeMapInto(cfg *Config, opts *options, from reflect.Value) Error { + k := from.Type().Key().Kind() + if k != reflect.String && k != reflect.Interface { + return raiseKeyInvalidTypeMerge(cfg, from.Type()) + } + + for _, k := range from.MapKeys() { + k = chaseValueInterfaces(k) + if k.Kind() != reflect.String { + return raiseKeyInvalidTypeMerge(cfg, from.Type()) + } + + err := normalizeSetField(cfg, opts, noTagOpts, k.String(), from.MapIndex(k)) + if err != nil { + return err + } + } + return nil +} + +func normalizeStruct(opts *options, from reflect.Value) (*Config, Error) { + cfg := New() + cfg.metadata = opts.meta + if err := normalizeStructInto(cfg, opts, from); err != nil { + return nil, err + } + return cfg, nil +} + +func normalizeStructInto(cfg *Config, opts *options, from reflect.Value) Error { + v := chaseValue(from) + numField := v.NumField() + + for i := 0; i < numField; i++ { + var err Error + stField := v.Type().Field(i) + + // ignore non exported fields + if rune, _ := utf8.DecodeRuneInString(stField.Name); !unicode.IsUpper(rune) { + continue + } + + name, tagOpts := parseTags(stField.Tag.Get(opts.tag)) + if tagOpts.ignore { + continue + } + + if tagOpts.squash { + vField := chaseValue(v.Field(i)) + switch vField.Kind() { + case reflect.Struct: + err = normalizeStructInto(cfg, opts, vField) + case reflect.Map: + err = normalizeMapInto(cfg, opts, vField) + default: + return raiseSquashNeedsObject(cfg, opts, stField.Name, vField.Type()) + } + } else { + name = fieldName(name, stField.Name) + err = normalizeSetField(cfg, opts, tagOpts, name, v.Field(i)) + } + + if err != nil { + return err + } + } + return nil +} + +func normalizeSetField( + cfg *Config, + opts *options, + tagOpts tagOptions, + name string, + v reflect.Value, +) Error { + val, err := normalizeValue(opts, tagOpts, context{}, v) + if err != nil { + return err + } + + p := parsePath(name, opts.pathSep) + old, err := p.GetValue(cfg, opts) + if err != nil { + if err.Reason() != ErrMissing { + return err + } + old = nil + } + + switch { + case !isNil(old) && isNil(val): + return nil + case isNil(old): + return p.SetValue(cfg, opts, val) + case isSub(old) && isSub(val): + cfgOld, _ := old.toConfig(opts) + cfgVal, _ := val.toConfig(opts) + return mergeConfig(opts, cfgOld, cfgVal) + default: + return raiseDuplicateKey(cfg, name) + } +} + +func normalizeStructValue(opts *options, ctx context, from reflect.Value) (value, Error) { + sub, err := normalizeStruct(opts, from) + if err != nil { + return nil, err + } + v := cfgSub{sub} + v.SetContext(ctx) + return v, nil +} + +func normalizeMapValue(opts *options, ctx context, from reflect.Value) (value, Error) { + sub, err := normalizeMap(opts, from) + if err != nil { + return nil, err + } + v := cfgSub{sub} + v.SetContext(ctx) + return v, nil +} + +func normalizeArray( + opts *options, + tagOpts tagOptions, + ctx context, + v reflect.Value, +) (value, Error) { + l := v.Len() + out := make([]value, 0, l) + + cfg := New() + cfg.metadata = opts.meta + cfg.ctx = ctx + val := cfgSub{cfg} + + for i := 0; i < l; i++ { + idx := fmt.Sprintf("%v", i) + ctx := context{ + parent: val, + field: idx, + } + tmp, err := normalizeValue(opts, tagOpts, ctx, v.Index(i)) + if err != nil { + return nil, err + } + out = append(out, tmp) + } + + cfg.fields.a = out + return val, nil +} + +func normalizeValue( + opts *options, + tagOpts tagOptions, + ctx context, + v reflect.Value, +) (value, Error) { + v = chaseValue(v) + + switch v.Type() { + case tDuration: + d := v.Interface().(time.Duration) + return newString(ctx, opts.meta, d.String()), nil + case tRegexp: + r := v.Addr().Interface().(*regexp.Regexp) + return newString(ctx, opts.meta, r.String()), nil + } + + // handle primitives + switch v.Kind() { + case reflect.Bool: + return newBool(ctx, opts.meta, v.Bool()), nil + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + i := v.Int() + if i > 0 { + return newUint(ctx, opts.meta, uint64(i)), nil + } + return newInt(ctx, opts.meta, i), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + return newUint(ctx, opts.meta, v.Uint()), nil + case reflect.Float32, reflect.Float64: + f := v.Float() + return newFloat(ctx, opts.meta, f), nil + case reflect.String: + return normalizeString(ctx, opts, v.String()) + case reflect.Array, reflect.Slice: + return normalizeArray(opts, tagOpts, ctx, v) + case reflect.Map: + return normalizeMapValue(opts, ctx, v) + case reflect.Struct: + if v, ok := tryTConfig(v); ok { + c := v.Addr().Interface().(*Config) + ret := cfgSub{c} + if ret.Context().parent != ctx.parent { + ret.SetContext(ctx) + } + return ret, nil + } + + return normalizeStructValue(opts, ctx, v) + default: + if v.IsNil() { + return &cfgNil{cfgPrimitive{ctx, opts.meta}}, nil + } + return nil, raiseUnsupportedInputType(ctx, opts.meta, v) + } +} + +func normalizeString(ctx context, opts *options, str string) (value, Error) { + if !opts.varexp { + return newString(ctx, opts.meta, str), nil + } + + varexp, err := parseSplice(str, opts.pathSep) + if err != nil { + return nil, raiseParseSplice(ctx, opts.meta, err) + } + + switch p := varexp.(type) { + case constExp: + return newString(ctx, opts.meta, string(p)), nil + case *reference: + return newRef(ctx, opts.meta, p), nil + } + + return newSplice(ctx, opts.meta, varexp), nil +} + +func fieldOptsOverride(opts *options, fieldName string, idx int) (*options, Error) { + if opts.fieldHandlingTree == nil { + return opts, nil + } + cfgHandling, child, ok := opts.fieldHandlingTree.fieldHandling(fieldName, idx) + child, err := includeWildcard(child, opts.fieldHandlingTree) + if err != nil { + return nil, err + } + if !ok { + // Only return a new `options` when arriving at new nested child. This + // combined with optimizations in `includeWildcard` will ensure that only + // a new opts will be created and returned when absolutely required. + if child != nil && opts.fieldHandlingTree != child { + newOpts := *opts + newOpts.fieldHandlingTree = child + opts = &newOpts + } + return opts, nil + } + // Only return a new `options` if absolutely required. + if opts.configValueHandling != cfgHandling || opts.fieldHandlingTree != child { + newOpts := *opts + newOpts.configValueHandling = cfgHandling + newOpts.fieldHandlingTree = child + opts = &newOpts + } + return opts, nil +} + +func includeWildcard(child *fieldHandlingTree, parent *fieldHandlingTree) (*fieldHandlingTree, Error) { + if parent == nil { + return child, nil + } + wildcard, err := parent.wildcard() + if err != nil { + return child, nil + } + if child == nil && len(parent.fields.dict()) == 1 { + // parent is already config with just wildcard + return parent, nil + } + sub := newFieldHandlingTree() + if child != nil { + if err := sub.merge(child); err != nil { + return nil, err.(Error) + } + } + if err := sub.setWildcard(wildcard); err != nil { + return nil, err.(Error) + } + return sub, nil +} diff --git a/vendor/github.com/elastic/go-ucfg/opts.go b/vendor/github.com/elastic/go-ucfg/opts.go new file mode 100644 index 00000000000..68c23e562c9 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/opts.go @@ -0,0 +1,315 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "os" + "strings" + + "github.com/elastic/go-ucfg/parse" +) + +// Option type implementing additional options to be passed +// to go-ucfg library functions. +type Option func(*options) + +type options struct { + tag string + validatorTag string + pathSep string + meta *Meta + env []*Config + resolvers []func(name string) (string, parse.Config, error) + varexp bool + noParse bool + + configValueHandling configHandling + fieldHandlingTree *fieldHandlingTree + + // temporary cache of parsed splice values for lifetime of call to + // Unpack/Pack/Get/... + parsed valueCache + + activeFields *fieldSet +} + +type valueCache map[string]spliceValue + +// specific API on top of Config to handle adjusting merging behavior per fields +type fieldHandlingTree Config + +// id used to store intermediate parse results in current execution context. +// As parsing results might differ between multiple calls due to: +// splice being shared between multiple configurations, or environment +// changing between calls + lazy nature of cfgSplice, parsing results cannot +// be stored in cfgSplice itself. +type cacheID string + +type spliceValue struct { + err error + value value +} + +// StructTag option sets the struct tag name to use for looking up +// field names and options in `Unpack` and `Merge`. +// The default struct tag in `config`. +func StructTag(tag string) Option { + return func(o *options) { + o.tag = tag + } +} + +// ValidatorTag option sets the struct tag name used to set validators +// on struct fields in `Unpack`. +// The default struct tag in `validate`. +func ValidatorTag(tag string) Option { + return func(o *options) { + o.validatorTag = tag + } +} + +// PathSep sets the path separator used to split up names into a tree like hierarchy. +// If PathSep is not set, field names will not be split. +func PathSep(sep string) Option { + return func(o *options) { + o.pathSep = sep + } +} + +// MetaData option passes additional metadata (currently only source of the +// configuration) to be stored internally (e.g. for error reporting). +func MetaData(meta Meta) Option { + return func(o *options) { + o.meta = &meta + } +} + +// Env option adds another configuration for variable expansion to be used, if +// the path to look up does not exist in the actual configuration. Env can be used +// multiple times in order to add more lookup environments. +func Env(e *Config) Option { + return func(o *options) { + o.env = append(o.env, e) + } +} + +// Resolve option adds a callback used by variable name expansion. The callback +// will be called if a variable can not be resolved from within the actual configuration +// or any of its environments. +func Resolve(fn func(name string) (string, parse.Config, error)) Option { + return func(o *options) { + o.resolvers = append(o.resolvers, fn) + } +} + +// ResolveEnv option adds a look up callback looking up values in the available +// OS environment variables. +var ResolveEnv Option = doResolveEnv + +func doResolveEnv(o *options) { + o.resolvers = append(o.resolvers, func(name string) (string, parse.Config, error) { + value := os.Getenv(name) + if value == "" { + return "", parse.EnvConfig, ErrMissing + } + return value, parse.EnvConfig, nil + }) +} + +// ResolveNOOP option add a resolver that will not search the value but instead will return the +// provided key wrap with the field reference syntax. This is useful if you don't to expose values +// from envionment variable or other resolvers. +// +// Example: "mysecret" => ${mysecret}" +var ResolveNOOP Option = doResolveNOOP + +func doResolveNOOP(o *options) { + o.resolvers = append(o.resolvers, func(name string) (string, parse.Config, error) { + return "${" + name + "}", parse.NoopConfig, nil + }) +} + +var ( + // ReplaceValues option configures all merging and unpacking operations to + // replace old dictionaries and arrays while merging. Value merging can be + // overwritten in unpack by using struct tags. + ReplaceValues = makeOptValueHandling(cfgReplaceValue) + + // AppendValues option configures all merging and unpacking operations to + // merge dictionaries and append arrays to existing arrays while merging. + // Value merging can be overwritten in unpack by using struct tags. + AppendValues = makeOptValueHandling(cfgArrAppend) + + // PrependValues option configures all merging and unpacking operations to + // merge dictionaries and prepend arrays to existing arrays while merging. + // Value merging can be overwritten in unpack by using struct tags. + PrependValues = makeOptValueHandling(cfgArrPrepend) +) + +func makeOptValueHandling(h configHandling) Option { + return func(o *options) { + o.configValueHandling = h + } +} + +var ( + // FieldMergeValues option configures all merging and unpacking operations to use + // the default merging behavior for the specified field. This overrides the any struct + // tags during unpack for the field. Nested field names can be defined using dot + // notation. + FieldMergeValues = makeFieldOptValueHandling(cfgMergeValues) + + // FieldReplaceValues option configures all merging and unpacking operations to + // replace old dictionaries and arrays while merging for the specified field. This + // overrides the any struct tags during unpack for the field. Nested field names + // can be defined using dot notation. + FieldReplaceValues = makeFieldOptValueHandling(cfgReplaceValue) + + // FieldAppendValues option configures all merging and unpacking operations to + // merge dictionaries and append arrays to existing arrays while merging for the + // specified field. This overrides the any struct tags during unpack for the field. + // Nested field names can be defined using dot notation. + FieldAppendValues = makeFieldOptValueHandling(cfgArrAppend) + + // FieldPrependValues option configures all merging and unpacking operations to + // merge dictionaries and prepend arrays to existing arrays while merging for the + // specified field. This overrides the any struct tags during unpack for the field. + // Nested field names can be defined using dot notation. + FieldPrependValues = makeFieldOptValueHandling(cfgArrPrepend) +) + +func makeFieldOptValueHandling(h configHandling) func(...string) Option { + return func(fieldName ...string) Option { + if len(fieldName) == 0 { + return func(_ *options) {} + } + + table := make(map[string]configHandling) + for _, name := range fieldName { + // field value config options are rendered into a Config; the '*' represents the handling method + // for everything nested under this field. + if !strings.HasSuffix(name, ".*") { + name = fmt.Sprintf("%s.*", name) + } + table[name] = h + } + + return func(o *options) { + if o.fieldHandlingTree == nil { + o.fieldHandlingTree = newFieldHandlingTree() + } + o.fieldHandlingTree.merge(table, PathSep(o.pathSep)) + } + } +} + +// VarExp option enables support for variable expansion. Resolve and Env options will only be effective if VarExp is set. +var VarExp Option = doVarExp + +func doVarExp(o *options) { o.varexp = true } + +func makeOptions(opts []Option) *options { + o := options{ + tag: "config", + validatorTag: "validate", + pathSep: "", // no separator by default + parsed: map[string]spliceValue{}, + activeFields: newFieldSet(nil), + } + for _, opt := range opts { + opt(&o) + } + return &o +} + +func (cache valueCache) cachedValue( + id cacheID, + f func() (value, error), +) (value, error) { + if v, ok := cache[string(id)]; ok { + if v.err != nil { + return nil, v.err + } + return v.value, nil + } + + v, err := f() + + // Only primitives can be cached, allowing us to get out of infinite loop + if v != nil && v.canCache() { + cache[string(id)] = spliceValue{err, v} + } + return v, err +} + +func newFieldHandlingTree() *fieldHandlingTree { + return (*fieldHandlingTree)(New()) +} + +func (t *fieldHandlingTree) merge(other interface{}, opts ...Option) error { + cfg := (*Config)(t) + return cfg.Merge(other, opts...) +} + +func (t *fieldHandlingTree) child(fieldName string, idx int) (*fieldHandlingTree, error) { + cfg := (*Config)(t) + child, err := cfg.Child(fieldName, idx) + if err != nil { + return nil, err + } + return (*fieldHandlingTree)(child), nil +} + +func (t *fieldHandlingTree) configHandling(fieldName string, idx int) (configHandling, error) { + cfg := (*Config)(t) + handling, err := cfg.Uint(fieldName, idx) + if err != nil { + return cfgDefaultHandling, err + } + return configHandling(handling), nil +} + +func (t *fieldHandlingTree) wildcard() (*fieldHandlingTree, error) { + return t.child("**", -1) +} + +func (t *fieldHandlingTree) setWildcard(wildcard *fieldHandlingTree) error { + cfg := (*Config)(t) + return cfg.SetChild("**", -1, (*Config)(wildcard)) +} + +func (t *fieldHandlingTree) fieldHandling(fieldName string, idx int) (configHandling, *fieldHandlingTree, bool) { + child, err := t.child(fieldName, idx) + if err == nil { + cfgHandling, err := child.configHandling("*", -1) + if err == nil { + return cfgHandling, child, true + } + } + // try wildcard match + wildcard, err := t.wildcard() + if err != nil { + return cfgDefaultHandling, child, false + } + cfgHandling, cfg, ok := wildcard.fieldHandling(fieldName, idx) + if ok { + return cfgHandling, cfg, ok + } + return cfgDefaultHandling, child, ok +} diff --git a/vendor/github.com/elastic/go-ucfg/parse/parse.go b/vendor/github.com/elastic/go-ucfg/parse/parse.go new file mode 100644 index 00000000000..5fafefd9a30 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/parse/parse.go @@ -0,0 +1,395 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package parse + +import ( + "errors" + "fmt" + "strconv" + "strings" + "unicode" +) + +// Config allows enabling and disabling parser features. +type Config struct { + Array bool + Object bool + StringDQuote bool + StringSQuote bool +} + +// DefaultConfig is the default config with all parser features enabled. +var DefaultConfig = Config{ + Array: true, + Object: true, + StringDQuote: true, + StringSQuote: true, +} + +// EnvConfig is configuration for parser when the value comes from environmental variable. +var EnvConfig = Config{ + Array: true, + Object: false, + StringDQuote: true, + StringSQuote: true, +} + +// NoopConfig is configuration for parser that disables all options. +var NoopConfig = Config{ + Array: false, + Object: false, + StringDQuote: false, + StringSQuote: false, +} + +type flagParser struct { + input string + cfg Config +} + +// stopSet definitions for handling unquoted strings +const ( + toplevelStopSet = "," + arrayElemStopSet = ",]" + objKeyStopSet = ":" + objValueStopSet = ",}" +) + +// Value parses command line arguments, supporting +// boolean, numbers, strings, arrays, objects. +// +// The parser implements a superset of JSON, but only a subset of YAML by +// allowing for arrays and objects having a trailing comma. In addition 3 +// string types are supported: +// +// 1. single quoted string (no unescaping of any characters) +// 2. double quoted strings (characters are escaped) +// 3. strings without quotes. String parsing stops at +// special characters like '[]{},:' +// +// In addition, top-level values can be separated by ',' to build arrays +// without having to use []. +func Value(content string) (interface{}, error) { + return ValueWithConfig(content, DefaultConfig) +} + +// ValueWithConfig parses command line arguments, supporting +// boolean, numbers, strings, arrays, objects when enabled. +// +// The parser implements a superset of JSON, but only a subset of YAML by +// allowing for arrays and objects having a trailing comma. In addition 3 +// string types are supported: +// +// 1. single quoted string (no unescaping of any characters) +// 2. double quoted strings (characters are escaped) +// 3. strings without quotes. String parsing stops at +// special characters like '[]{},:' +// +// In addition, top-level values can be separated by ',' to build arrays +// without having to use []. +func ValueWithConfig(content string, cfg Config) (interface{}, error) { + p := &flagParser{strings.TrimSpace(content), cfg} + if err := p.validateConfig(); err != nil { + return nil, err + } + v, err := p.parse() + if err != nil { + return nil, fmt.Errorf("%v when parsing '%v'", err.Error(), content) + } + return v, nil +} + +func (p *flagParser) validateConfig() error { + if !p.cfg.Array && p.cfg.Object { + return fmt.Errorf("cfg.Array cannot be disabled when cfg.Object is enabled") + } + return nil +} + +func (p *flagParser) parse() (interface{}, error) { + var values []interface{} + + for { + v, err := p.parseValue(toplevelStopSet) + if err != nil { + return nil, err + } + values = append(values, v) + + p.ignoreWhitespace() + if p.input == "" { + break + } + + if err := p.expectChar(','); err != nil { + return nil, err + } + } + + switch len(values) { + case 0: + return nil, nil + case 1: + return values[0], nil + } + return values, nil +} + +func (p *flagParser) parseValue(stopSet string) (interface{}, error) { + p.ignoreWhitespace() + in := p.input + + if in == "" { + return nil, nil + } + + switch in[0] { + case '[': + if p.cfg.Array { + return p.parseArray() + } + return p.parsePrimitive(stopSet) + case '{': + if p.cfg.Object { + return p.parseObj() + } + return p.parsePrimitive(stopSet) + case '"': + if p.cfg.StringDQuote { + return p.parseStringDQuote() + } + return p.parsePrimitive(stopSet) + case '\'': + if p.cfg.StringSQuote { + return p.parseStringSQuote() + } + return p.parsePrimitive(stopSet) + default: + return p.parsePrimitive(stopSet) + } +} + +func (p *flagParser) ignoreWhitespace() { + p.input = strings.TrimLeftFunc(p.input, unicode.IsSpace) +} + +func (p *flagParser) parseArray() (interface{}, error) { + p.input = p.input[1:] + + var values []interface{} +loop: + for { + p.ignoreWhitespace() + if p.input[0] == ']' { + p.input = p.input[1:] + break + } + + v, err := p.parseValue(arrayElemStopSet) + if err != nil { + return nil, err + } + values = append(values, v) + + p.ignoreWhitespace() + if p.input == "" { + return nil, errors.New("array closing ']' missing") + } + + next := p.input[0] + p.input = p.input[1:] + + switch next { + case ']': + break loop + case ',': + continue + default: + return nil, errors.New("array expected ',' or ']'") + } + + } + + if len(values) == 0 { + return nil, nil + } + + return values, nil +} + +func (p *flagParser) parseObj() (interface{}, error) { + p.input = p.input[1:] + + O := map[string]interface{}{} + +loop: + for { + p.ignoreWhitespace() + if p.input[0] == '}' { + p.input = p.input[1:] + break + } + + k, err := p.parseKey() + if err != nil { + return nil, err + } + + p.ignoreWhitespace() + if err := p.expectChar(':'); err != nil { + return nil, err + } + + v, err := p.parseValue(objValueStopSet) + if err != nil { + return nil, err + } + + if p.input == "" { + return nil, errors.New("dictionary expected ',' or '}'") + } + + O[k] = v + next := p.input[0] + p.input = p.input[1:] + + switch next { + case '}': + break loop + case ',': + continue + default: + return nil, errors.New("dictionary expected ',' or '}'") + } + } + + // empty object + if len(O) == 0 { + return nil, nil + } + + return O, nil +} + +func (p *flagParser) parseKey() (string, error) { + in := p.input + if in == "" { + return "", errors.New("expected key") + } + + switch in[0] { + case '"': + return p.parseStringDQuote() + case '\'': + return p.parseStringSQuote() + default: + return p.parseNonQuotedString(objKeyStopSet) + } +} + +func (p *flagParser) parseStringDQuote() (string, error) { + in := p.input + off := 1 + var i int + for { + i = strings.IndexByte(in[off:], '"') + if i < 0 { + return "", errors.New("Missing \" to close string ") + } + + i += off + if in[i-1] != '\\' { + break + } + off = i + 1 + } + + p.input = in[i+1:] + return strconv.Unquote(in[:i+1]) +} + +func (p *flagParser) parseStringSQuote() (string, error) { + in := p.input + i := strings.IndexByte(in[1:], '\'') + if i < 0 { + return "", errors.New("missing ' to close string") + } + + p.input = in[i+2:] + return in[1 : 1+i], nil +} + +func (p *flagParser) parseNonQuotedString(stopSet string) (string, error) { + in := p.input + idx := strings.IndexAny(in, stopSet) + if idx == 0 { + return "", fmt.Errorf("unexpected '%v'", string(in[idx])) + } + + content, in := in, "" + if idx > 0 { + content, in = content[:idx], content[idx:] + } + p.input = in + + return strings.TrimSpace(content), nil +} + +func (p *flagParser) parsePrimitive(stopSet string) (interface{}, error) { + content, err := p.parseNonQuotedString(stopSet) + if err != nil { + return nil, err + } + + if content == "null" { + return nil, nil + } + if b, ok := parseBoolValue(content); ok { + return b, nil + } + if n, err := strconv.ParseUint(content, 0, 64); err == nil { + return n, nil + } + if n, err := strconv.ParseInt(content, 0, 64); err == nil { + return n, nil + } + if n, err := strconv.ParseFloat(content, 64); err == nil { + return n, nil + } + + return content, nil +} + +func (p *flagParser) expectChar(c byte) error { + if p.input == "" || p.input[0] != c { + return fmt.Errorf("expected '%v'", string(c)) + } + + p.input = p.input[1:] + return nil +} + +func parseBoolValue(str string) (value bool, ok bool) { + switch str { + case "t", "T", "true", "TRUE", "True", "on", "ON": + return true, true + case "f", "F", "false", "FALSE", "False", "off", "OFF": + return false, true + } + return false, false +} diff --git a/vendor/github.com/elastic/go-ucfg/path.go b/vendor/github.com/elastic/go-ucfg/path.go new file mode 100644 index 00000000000..ff7e6301423 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/path.go @@ -0,0 +1,309 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "strconv" + "strings" +) + +type cfgPath struct { + fields []field + sep string +} + +type field interface { + String() string + SetValue(opt *options, elem value, v value) Error + GetValue(opt *options, elem value) (value, Error) + Remove(opt *options, elem value) (bool, Error) +} + +type namedField struct { + name string +} + +type idxField struct { + i int +} + +func parsePathIdx(in, sep string, idx int) cfgPath { + if in == "" { + return cfgPath{ + sep: sep, + fields: []field{idxField{idx}}, + } + } + + p := parsePath(in, sep) + if idx >= 0 { + p.fields = append(p.fields, idxField{idx}) + } + + return p +} + +func parsePath(in, sep string) cfgPath { + if sep == "" { + return cfgPath{ + sep: sep, + fields: []field{parseField(in)}, + } + } + + elems := strings.Split(in, sep) + fields := make([]field, 0, len(elems)) + for _, elem := range elems { + fields = append(fields, parseField(elem)) + } + return cfgPath{fields: fields, sep: sep} +} + +func parseField(in string) field { + if idx, err := strconv.ParseInt(in, 0, 64); err == nil { + return idxField{int(idx)} + } + return namedField{in} +} + +func (p cfgPath) String() string { + if len(p.fields) == 0 { + return "" + } + + if len(p.fields) == 1 { + return p.fields[0].String() + } + + s := make([]string, 0, len(p.fields)) + for _, f := range p.fields { + s = append(s, f.String()) + } + + sep := p.sep + if sep == "" { + sep = "." + } + return strings.Join(s, sep) +} + +func (n namedField) String() string { + return n.name +} + +func (i idxField) String() string { + return fmt.Sprintf("%d", i.i) +} + +func (p cfgPath) Has(cfg *Config, opt *options) (bool, Error) { + fields := p.fields + + cur := value(cfgSub{cfg}) + for ; len(fields) > 0; fields = fields[1:] { + field := fields[0] + next, err := field.GetValue(opt, cur) + if err != nil { + // has checks if a value is missing -> ErrMissing is no error but a valid + // outcome + if err.Reason() == ErrMissing { + err = nil + } + return false, err + } + + if next == nil { + return false, nil + } + + cur = next + } + + return true, nil +} + +func (p cfgPath) GetValue(cfg *Config, opt *options) (value, Error) { + fields := p.fields + + cur := value(cfgSub{cfg}) + for ; len(fields) > 1; fields = fields[1:] { + field := fields[0] + next, err := field.GetValue(opt, cur) + if err != nil { + return nil, err + } + + if next == nil { + return nil, raiseMissing(cfg, field.String()) + } + + cur = next + } + + field := fields[0] + v, err := field.GetValue(opt, cur) + if err != nil { + return nil, raiseMissing(cfg, field.String()) + } + return v, nil +} + +func (n namedField) GetValue(opts *options, elem value) (value, Error) { + cfg, err := elem.toConfig(opts) + if err != nil { + return nil, raiseExpectedObject(opts, elem) + } + + v, _ := cfg.fields.get(n.name) + return v, nil +} + +func (i idxField) GetValue(opts *options, elem value) (value, Error) { + cfg, err := elem.toConfig(opts) + if err != nil { + if i.i == 0 { + return elem, nil + } + + return nil, raiseExpectedObject(opts, elem) + } + + arr := cfg.fields.array() + if i.i >= len(arr) { + return nil, raiseMissing(cfg, i.String()) + } + return arr[i.i], nil +} + +func (p cfgPath) SetValue(cfg *Config, opt *options, val value) Error { + fields := p.fields + node := value(cfgSub{cfg}) + + // 1. iterate until intermediate node not having some required child node + for ; len(fields) > 1; fields = fields[1:] { + field := fields[0] + v, err := field.GetValue(opt, node) + if err != nil { + if err.Reason() == ErrMissing { + break + } + return err + } + + if isNil(v) { + break + } + node = v + } + + // 2. build intermediate nodes from bottom up + + for ; len(fields) > 1; fields = fields[:len(fields)-1] { + field := fields[len(fields)-1] + + next := New() + next.metadata = val.meta() + v := cfgSub{next} + if err := field.SetValue(opt, v, val); err != nil { + return err + } + val = v + } + + // 3. insert new sub-tree into config + return fields[0].SetValue(opt, node, val) +} + +func (n namedField) SetValue(opts *options, elem value, v value) Error { + sub, ok := elem.(cfgSub) + if !ok { + return raiseExpectedObject(opts, elem) + } + + sub.c.fields.set(n.name, v) + v.SetContext(context{parent: elem, field: n.name}) + return nil +} + +func (i idxField) SetValue(opts *options, elem value, v value) Error { + sub, ok := elem.(cfgSub) + if !ok { + return raiseExpectedObject(opts, elem) + } + + sub.c.fields.setAt(i.i, elem, v) + v.SetContext(context{parent: elem, field: i.String()}) + return nil +} + +func (p cfgPath) Remove(cfg *Config, opt *options) (bool, error) { + fields := p.fields + + // Loop over intermediate objects. Returns an error if any intermediate is + // actually no object. + cur := value(cfgSub{cfg}) + for ; len(fields) > 1; fields = fields[1:] { + field := fields[0] + next, err := field.GetValue(opt, cur) + if err != nil { + // Ignore ErrMissing when walking down a config tree. If intermediary is + // missing we can't remove our setting. + if err.Reason() == ErrMissing { + err = nil + } + + return false, err + } + + if next == nil { + return false, err + } + + cur = next + } + + // resolve config object in case we deal with references + tmp, err := cur.toConfig(opt) + if err != nil { + return false, err + } + cur = cfgSub{tmp} + + field := fields[0] + return field.Remove(opt, cur) +} + +func (n namedField) Remove(opts *options, elem value) (bool, Error) { + sub, ok := elem.(cfgSub) + if !ok { + return false, raiseExpectedObject(opts, elem) + } + + removed := sub.c.fields.del(n.name) + return removed, nil +} + +func (i idxField) Remove(opts *options, elem value) (bool, Error) { + sub, ok := elem.(cfgSub) + if !ok { + return false, raiseExpectedObject(opts, elem) + } + + removed := sub.c.fields.delAt(i.i) + return removed, nil +} diff --git a/vendor/github.com/elastic/go-ucfg/reify.go b/vendor/github.com/elastic/go-ucfg/reify.go new file mode 100644 index 00000000000..29c0e5dd5fe --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/reify.go @@ -0,0 +1,888 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "reflect" + "regexp" + "time" +) + +// Unpack unpacks c into a struct, a map, or a slice allocating maps, slices, +// and pointers as necessary. +// +// Unpack supports the options: PathSep, StructTag, ValidatorTag, Env, Resolve, +// ResolveEnv, ReplaceValues, AppendValues, PrependValues. +// +// When unpacking into a value, Unpack first will try to call Unpack if the +// value implements the Unpacker interface. Otherwise, Unpack tries to convert +// the internal value into the target type: +// +// # Primitive types +// +// bool: requires setting of type bool or string which parses into a +// boolean value (true, false, on, off) +// int(8, 16, 32, 64): requires any number type convertible to int or a string +// parsing to int. Fails if the target value would overflow. +// uint(8, 16, 32, 64): requires any number type convertible to int or a string +// parsing to int. Fails if the target value is negative or would overflow. +// float(32, 64): requires any number type convertible to float or a string +// parsing to float. Fails if the target value is negative or would overflow. +// string: requires any primitive value which is serialized into a string. +// +// # Special types: +// +// time.Duration: requires a number setting converted to seconds or a string +// parsed into time.Duration via time.ParseDuration. +// *regexp.Regexp: requires a string being compiled into a regular expression +// using regexp.Compile. +// *Config: requires a Config object to be stored by pointer into the target +// value. Can be used to capture a sub-Config without interpreting +// the settings yet. +// +// # Arrays/Slices: +// +// Requires a Config object with indexed entries. Named entries will not be +// unpacked into the Array/Slice. Primitive values will be handled like arrays +// of length 1. +// +// # Map +// +// Requires a Config object with all named top-level entries being unpacked into +// the map. +// +// # Struct +// +// Requires a Config object. All named values in the Config object will be unpacked +// into the struct its fields, if the name is available in the struct. +// A field its name is set using the `config` struct tag (configured by StructTag) +// If tag is missing or no field name is configured in the tag, the field name +// itself will be used. +// If the tag sets the `,ignore` flag, the field will not be overwritten. +// If the tag sets the `,inline` or `,squash` flag, Unpack will apply the current +// configuration namespace to the fields. +// If the tag option `replace` is configured, arrays and *ucfg.Config +// convertible fields are replaced by the new values. +// If the tag options `append` or `prepend` is used, arrays will be merged by +// appending/prepending the new array contents. +// The struct tag options `replace`, `append`, and `prepend` overwrites the +// global value merging strategy (e.g. ReplaceValues, AppendValues, ...) for all sub-fields. +// +// When unpacking into a map, primitive, or struct Unpack will call InitDefaults if +// the type implements the Initializer interface. The Initializer interface is not supported +// on arrays or slices. InitDefaults is initialized top-down, meaning that if struct contains +// a map, struct, or primitive that also implements the Initializer interface the contained +// type will be initialized after the struct that contains it. (e.g. if we have +// type A struct { B B }, with both A, and B implementing InitDefaults, then A.InitDefaults +// is called before B.InitDefaults). In the case that a struct contains a pointer to +// a type that implements the Initializer interface and the configuration doesn't contain a +// value for that field then the pointer will not be initialized and InitDefaults will not +// be called. +// +// Fields available in a struct or a map, but not in the Config object, will not +// be touched by Unpack unless they are initialized from InitDefaults. Those values will +// be validated using the same rules below just as if the values came from the configuration. +// This gives the requirement that pre-filled in values or defaults must also validate. +// +// Type aliases like "type myTypeAlias T" are unpacked using Unpack if the alias +// implements the Unpacker interface. Otherwise unpacking rules for type T will be used. +// +// When unpacking a value, the Validate method will be called if the value +// implements the Validator interface. Unpacking a struct field the validator +// options will be applied to the unpacked value as well. +// +// Struct field validators are set using the `validate` tag (configurable by +// ValidatorTag). Default validators options are: +// +// required: check value is set and not empty +// nonzero: check numeric value != 0 or string/slice not being empty +// positive: check numeric value >= 0 +// min=: check numeric value >= . If target type is time.Duration, +// can be a duration. +// max=: check numeric value <= . If target type is time.Duration, +// can be a duration. +// +// If a config value is not the convertible to the target type, or overflows the +// target type, Unpack will abort immediately and return the appropriate error. +// +// If validator tags or validation provided by Validate or Unmarshal fails, +// Unpack will abort immediately and return the validate error. +// +// When unpacking into an interface{} value, Unpack will store a value of one of +// these types in the value: +// +// bool for boolean values +// int64 for signed integer values +// uint64 for unsigned integer values +// float64 for floating point values +// string for string values +// []interface{} for list-only Config objects +// map[string]interface{} for Config objects +// nil for pointers if key has a nil value +func (c *Config) Unpack(to interface{}, options ...Option) error { + opts := makeOptions(options) + + if c == nil { + return raiseNil(ErrNilConfig) + } + if to == nil { + return raiseNil(ErrNilValue) + } + + vTo := reflect.ValueOf(to) + + k := vTo.Kind() + isValid := k == reflect.Ptr || k == reflect.Map + if !isValid { + return raisePointerRequired(vTo) + } + + return reifyInto(opts, vTo, c) +} + +// UnpackWithoutOptions method calls the Unpack method without any options provided. +func (c *Config) UnpackWithoutOptions(to interface{}) error { + return c.Unpack(to) +} + +func reifyInto(opts *options, to reflect.Value, from *Config) Error { + to = chaseValuePointers(to) + + if to, ok := tryTConfig(to); ok { + return mergeConfig(opts, to.Addr().Interface().(*Config), from) + } + + tTo := chaseTypePointers(to.Type()) + k := tTo.Kind() + + switch k { + case reflect.Map: + return reifyMap(opts, to, from, nil) + case reflect.Struct: + return reifyStruct(opts, to, from) + case reflect.Slice, reflect.Array: + fopts := fieldOptions{opts: opts, tag: tagOptions{}, validators: nil} + v, err := reifyMergeValue(fopts, to, cfgSub{from}) + if err != nil { + return err + } + to.Set(v) + return nil + } + + return raiseInvalidTopLevelType(to.Interface(), opts.meta) +} + +func reifyMap(opts *options, to reflect.Value, from *Config, validators []validatorTag) Error { + parentFields := opts.activeFields + defer func() { opts.activeFields = parentFields }() + + if to.Type().Key().Kind() != reflect.String { + return raiseKeyInvalidTypeUnpack(to.Type(), from) + } + + if to.IsNil() { + to.Set(reflect.MakeMap(to.Type())) + } + tryInitDefaults(to) + + fields := from.fields.dict() + if len(fields) == 0 { + if err := tryRecursiveValidate(to, opts, validators); err != nil { + return raiseValidation(from.ctx, from.metadata, "", err) + } + return nil + } + + for k, value := range fields { + opts.activeFields = newFieldSet(parentFields) + key := reflect.ValueOf(k) + + old := to.MapIndex(key) + var v reflect.Value + var err Error + + if !old.IsValid() { + v, err = reifyValue(fieldOptions{opts: opts}, to.Type().Elem(), value) + } else { + v, err = reifyMergeValue(fieldOptions{opts: opts}, old, value) + } + + if err != nil { + return err + } + if v.IsValid() { + to.SetMapIndex(key, v) + } + } + + if err := runValidators(to.Interface(), validators); err != nil { + return raiseValidation(from.ctx, from.metadata, "", err) + } + if err := tryValidate(to); err != nil { + return raiseValidation(from.ctx, from.metadata, "", err) + } + + return nil +} + +func reifyStruct(opts *options, orig reflect.Value, cfg *Config) Error { + parentFields := opts.activeFields + defer func() { opts.activeFields = parentFields }() + + orig = chaseValuePointers(orig) + + to := chaseValuePointers(reflect.New(chaseTypePointers(orig.Type()))) + if orig.Kind() == reflect.Struct { // if orig is has been allocated copy into to + to.Set(orig) + } + + if v, ok := valueIsUnpacker(to); ok { + err := unpackWith(opts, v, cfgSub{cfg}) + if err != nil { + return err + } + } else { + tryInitDefaults(to) + numField := to.NumField() + for i := 0; i < numField; i++ { + fInfo, skip, err := accessField(to, i, opts) + if err != nil { + return err + } + if skip { + continue + } + + if fInfo.tagOptions.squash { + vField := chaseValue(fInfo.value) + switch vField.Kind() { + case reflect.Struct, reflect.Map: + if err := reifyInto(fInfo.options, fInfo.value, cfg); err != nil { + return err + } + case reflect.Slice, reflect.Array: + fopts := fieldOptions{opts: fInfo.options, tag: fInfo.tagOptions, validators: fInfo.validatorTags} + v, err := reifyMergeValue(fopts, fInfo.value, cfgSub{cfg}) + if err != nil { + return err + } + vField.Set(v) + + default: + return raiseInlineNeedsObject(cfg, fInfo.name, fInfo.value.Type()) + } + } else { + fopts := fieldOptions{opts: fInfo.options, tag: fInfo.tagOptions, validators: fInfo.validatorTags} + if err := reifyGetField(cfg, fopts, fInfo.name, fInfo.value, fInfo.ftype); err != nil { + return err + } + } + } + } + + if err := tryValidate(to); err != nil { + return raiseValidation(cfg.ctx, cfg.metadata, "", err) + } + + orig.Set(pointerize(orig.Type(), to.Type(), to)) + return nil +} + +func reifyGetField( + cfg *Config, + opts fieldOptions, + name string, + to reflect.Value, + fieldType reflect.Type, +) Error { + p := parsePath(name, opts.opts.pathSep) + value, err := p.GetValue(cfg, opts.opts) + if err != nil { + if err.Reason() != ErrMissing { + return err + } + value = nil + } + + if isNil(value) { + // When fieldType is a pointer and the value is nil, return nil as the + // underlying type should not be allocated. + if fieldType.Kind() == reflect.Ptr { + if err := tryRecursiveValidate(to, opts.opts, opts.validators); err != nil { + return raiseValidation(cfg.ctx, cfg.metadata, name, err) + } + return nil + } + + // Primitive types return early when it doesn't implement the Initializer interface. + if fieldType.Kind() != reflect.Struct && !hasInitDefaults(fieldType) { + if err := tryRecursiveValidate(to, opts.opts, opts.validators); err != nil { + return raiseValidation(cfg.ctx, cfg.metadata, name, err) + } + return nil + } + + // None primitive types always get initialized even if it doesn't implement the + // Initializer interface, because nested types might implement the Initializer interface. + if value == nil { + value = &cfgNil{cfgPrimitive{cfg.ctx, cfg.metadata}} + } + } + + v, err := reifyMergeValue(opts, to, value) + if err != nil { + return err + } + + if v.IsValid() { + to.Set(pointerize(to.Type(), v.Type(), v)) + } + return nil +} + +func reifyValue( + opts fieldOptions, + t reflect.Type, + val value, +) (reflect.Value, Error) { + if t.Kind() == reflect.Interface && t.NumMethod() == 0 { + reified, err := val.reify(opts.opts) + if err != nil { + ctx := val.Context() + return reflect.Value{}, raisePathErr(err, val.meta(), "", ctx.path(".")) + } + return reflect.ValueOf(reified), nil + } + + baseType := chaseTypePointers(t) + if tConfig.ConvertibleTo(baseType) { + cfg, err := val.toConfig(opts.opts) + if err != nil { + return reflect.Value{}, raiseExpectedObject(opts.opts, val) + } + + v := reflect.ValueOf(cfg).Convert(reflect.PtrTo(baseType)) + if t == baseType { // copy config + v = v.Elem() + } else { + v = pointerize(t, baseType, v) + } + return v, nil + } + + if baseType.Kind() == reflect.Struct { + sub, err := val.toConfig(opts.opts) + if err != nil { + return reifyPrimitive(opts, val, t, baseType) + } + + newSt := reflect.New(baseType) + if err := reifyInto(opts.opts, newSt, sub); err != nil { + return reflect.Value{}, err + } + + if t.Kind() != reflect.Ptr { + return newSt.Elem(), nil + } + return pointerize(t, baseType, newSt), nil + } + + switch baseType.Kind() { + case reflect.Map: + sub, err := val.toConfig(opts.opts) + if err != nil { + return reflect.Value{}, raiseExpectedObject(opts.opts, val) + } + + if baseType.Key().Kind() != reflect.String { + return reflect.Value{}, raiseKeyInvalidTypeUnpack(baseType, sub) + } + + newMap := reflect.MakeMap(baseType) + if err := reifyInto(opts.opts, newMap, sub); err != nil { + return reflect.Value{}, err + } + return newMap, nil + + case reflect.Slice: + v, err := reifySlice(opts, baseType, val) + if err != nil { + return reflect.Value{}, err + } + return pointerize(t, baseType, v), nil + } + + return reifyPrimitive(opts, val, t, baseType) +} + +func reifyMergeValue( + opts fieldOptions, + oldValue reflect.Value, val value, +) (reflect.Value, Error) { + old := chaseValueInterfaces(oldValue) + t := old.Type() + old = chaseValuePointers(old) + if (old.Kind() == reflect.Ptr || old.Kind() == reflect.Interface) && old.IsNil() { + return reifyValue(opts, t, val) + } + + baseType := chaseTypePointers(old.Type()) + + if tConfig.ConvertibleTo(baseType) { + sub, err := val.toConfig(opts.opts) + if err != nil { + return reflect.Value{}, raiseExpectedObject(opts.opts, val) + } + + if t == baseType { + // no pointer -> return type mismatch + return reflect.Value{}, raisePointerRequired(oldValue) + } + + // check if old is nil -> copy reference only + if old.Kind() == reflect.Ptr && old.IsNil() { + v, err := val.reflect(opts.opts) + if err != nil { + ctx := val.Context() + return reflect.Value{}, raisePathErr(err, val.meta(), "", ctx.path(".")) + } + + v = v.Convert(reflect.PtrTo(baseType)) + return pointerize(t, baseType, v), nil + } + + // check if old == value + subOld := chaseValuePointers(old).Addr().Convert(tConfigPtr).Interface().(*Config) + if sub == subOld { + return oldValue, nil + } + + // old != value -> merge value into old + return oldValue, mergeFieldConfig(opts, subOld, sub) + } + + if v, ok := valueIsUnpacker(old); ok { + err := unpackWith(opts.opts, v, val) + if err != nil { + return reflect.Value{}, err + } + return old, nil + } + + switch baseType.Kind() { + case reflect.Map: + sub, err := val.toConfig(opts.opts) + if err != nil { + return reflect.Value{}, raiseExpectedObject(opts.opts, val) + } + return old, reifyMap(opts.opts, old, sub, opts.validators) + + case reflect.Struct: + sub, err := val.toConfig(opts.opts) + if err != nil { + return reflect.Value{}, raiseExpectedObject(opts.opts, val) + } + return oldValue, reifyStruct(opts.opts, old, sub) + + case reflect.Array: + return reifyArray(opts, old, baseType, val) + + case reflect.Slice: + return reifySliceMerge(opts, old, baseType, val) + } + + return reifyPrimitive(opts, val, t, baseType) +} + +func mergeFieldConfig(opts fieldOptions, to, from *Config) Error { + return mergeConfig(opts.opts, to, from) +} + +func reifyArray( + opts fieldOptions, + to reflect.Value, tTo reflect.Type, + val value, +) (reflect.Value, Error) { + arr, err := castArr(opts.opts, val) + if err != nil { + return reflect.Value{}, err + } + + if len(arr) != tTo.Len() { + ctx := val.Context() + return reflect.Value{}, raiseArraySize(ctx, val.meta(), len(arr), tTo.Len()) + } + return reifyDoArray(opts, to, tTo.Elem(), 0, val, arr) +} + +func reifySlice( + opts fieldOptions, + tTo reflect.Type, + val value, +) (reflect.Value, Error) { + return reifySliceMerge(opts, reflect.Value{}, tTo, val) +} + +func reifySliceMerge( + opts fieldOptions, + old reflect.Value, + tTo reflect.Type, + val value, +) (reflect.Value, Error) { + arr, err := castArr(opts.opts, val) + if err != nil { + return reflect.Value{}, err + } + + arrMergeCfg := opts.configHandling() + + l := len(arr) + start := 0 + cpyStart := 0 + + withOld := old.IsValid() && !old.IsNil() + if withOld { + ol := old.Len() + + switch arrMergeCfg { + case cfgReplaceValue: + // do nothing + + case cfgArrAppend: + l += ol + start = ol + + case cfgArrPrepend: + cpyStart = l + l += ol + + default: + if l < ol { + l = ol + } + } + } + tmp := reflect.MakeSlice(tTo, l, l) + + if withOld { + reflect.Copy(tmp.Slice(cpyStart, tmp.Len()), old) + } + return reifyDoArray(opts, tmp, tTo.Elem(), start, val, arr) +} + +func reifyDoArray( + opts fieldOptions, + to reflect.Value, elemT reflect.Type, + start int, + val value, + arr []value, +) (reflect.Value, Error) { + aLen := len(arr) + tLen := to.Len() + for idx := 0; idx < tLen; idx++ { + if idx >= start && idx < start+aLen { + v, err := reifyMergeValue(opts, to.Index(idx), arr[idx-start]) + if err != nil { + return reflect.Value{}, err + } + if v.IsValid() { + to.Index(idx).Set(v) + } + } else { + if err := tryRecursiveValidate(to.Index(idx), opts.opts, nil); err != nil { + return reflect.Value{}, raiseValidation(val.Context(), val.meta(), "", err) + } + } + } + + if err := runValidators(to.Interface(), opts.validators); err != nil { + ctx := val.Context() + return reflect.Value{}, raiseValidation(ctx, val.meta(), "", err) + } + + if err := tryValidate(to); err != nil { + ctx := val.Context() + return reflect.Value{}, raiseValidation(ctx, val.meta(), "", err) + } + + return to, nil +} + +func castArr(opts *options, v value) ([]value, Error) { + if sub, ok := v.(cfgSub); ok { + return sub.c.fields.array(), nil + } + if ref, ok := v.(*cfgDynamic); ok { + unrefed, err := ref.getValue(opts) + if err != nil { + return nil, raiseMissingMsg(ref.ctx.getParent(), ref.ctx.field, err.Error()) + } + + if sub, ok := unrefed.(cfgSub); ok { + return sub.c.fields.array(), nil + } + } + + l, err := v.Len(opts) + if err != nil { + ctx := v.Context() + return nil, raisePathErr(err, v.meta(), "", ctx.path(".")) + } + + if l == 0 { + return nil, nil + } + + return []value{v}, nil +} + +func reifyPrimitive( + opts fieldOptions, + val value, + t, baseType reflect.Type, +) (reflect.Value, Error) { + // zero initialize value if val==nil + if isNil(val) { + v := pointerize(t, baseType, reflect.Zero(baseType)) + return tryInitDefaults(v), nil + } + + var v reflect.Value + var err Error + var ok bool + + if v, ok = typeIsUnpacker(baseType); ok { + err := unpackWith(opts.opts, v, val) + if err != nil { + return reflect.Value{}, err + } + } else { + v, err = doReifyPrimitive(opts, val, baseType) + if err != nil { + return v, err + } + } + + if err := runValidators(v.Interface(), opts.validators); err != nil { + return reflect.Value{}, raiseValidation(val.Context(), val.meta(), "", err) + } + + if err := tryValidate(v); err != nil { + return reflect.Value{}, raiseValidation(val.Context(), val.meta(), "", err) + } + + return pointerize(t, baseType, chaseValuePointers(v)), nil +} + +func doReifyPrimitive( + opts fieldOptions, + val value, + baseType reflect.Type, +) (reflect.Value, Error) { + extras := map[reflect.Type]func(fieldOptions, value, reflect.Type) (reflect.Value, Error){ + tDuration: reifyDuration, + tRegexp: reifyRegexp, + } + + previous := opts.opts.activeFields + opts.opts.activeFields = newFieldSet(previous) + valT, err := val.typ(opts.opts) + if err != nil { + ctx := val.Context() + return reflect.Value{}, raisePathErr(err, val.meta(), "", ctx.path(".")) + } + opts.opts.activeFields = previous + + // try primitive conversion + kind := baseType.Kind() + switch { + case valT.gotype == baseType: + v, err := val.reflect(opts.opts) + if err != nil { + ctx := val.Context() + return reflect.Value{}, raisePathErr(err, val.meta(), "", ctx.path(".")) + } + return v, nil + + case kind == reflect.String: + s, err := val.toString(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "string") + } + return reflect.ValueOf(s), nil + + case extras[baseType] != nil: + v, err := extras[baseType](opts, val, baseType) + if err != nil { + return v, err + } + return v, nil + + case isInt(kind): + v, err := reifyInt(opts, val, baseType) + if err != nil { + return v, err + } + return v, nil + + case isUint(kind): + v, err := reifyUint(opts, val, baseType) + if err != nil { + return v, err + } + return v, nil + + case isFloat(kind): + v, err := reifyFloat(opts, val, baseType) + if err != nil { + return v, err + } + return v, nil + + case kind == reflect.Bool: + v, err := reifyBool(opts, val, baseType) + if err != nil { + return v, err + } + return v, nil + + case valT.gotype.ConvertibleTo(baseType): + v, err := val.reflect(opts.opts) + if err != nil { + ctx := val.Context() + return reflect.Value{}, raisePathErr(err, val.meta(), "", ctx.path(".")) + } + return v.Convert(baseType), nil + } + + return reflect.Value{}, raiseToTypeNotSupported(opts.opts, val, baseType) +} + +func reifyDuration( + opts fieldOptions, + val value, + _ reflect.Type, +) (reflect.Value, Error) { + var d time.Duration + var err error + + switch v := val.(type) { + case *cfgInt: + d = time.Duration(v.i) * time.Second + case *cfgUint: + d = time.Duration(v.u) * time.Second + case *cfgFloat: + d = time.Duration(v.f * float64(time.Second)) + case *cfgString: + d, err = time.ParseDuration(v.s) + default: + var s string + s, err = val.toString(opts.opts) + if err != nil { + return reflect.Value{}, raiseInvalidDuration(val, err) + } + + d, err = time.ParseDuration(s) + } + + if err != nil { + return reflect.Value{}, raiseInvalidDuration(val, err) + } + return reflect.ValueOf(d), nil +} + +func reifyRegexp( + opts fieldOptions, + val value, + _ reflect.Type, +) (reflect.Value, Error) { + s, err := val.toString(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "regex") + } + + r, err := regexp.Compile(s) + if err != nil { + return reflect.Value{}, raiseInvalidRegexp(val, err) + } + return reflect.ValueOf(r).Elem(), nil +} + +func reifyInt( + opts fieldOptions, + val value, + t reflect.Type, +) (reflect.Value, Error) { + i, err := val.toInt(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "int") + } + + tmp := reflect.Zero(t) + if tmp.OverflowInt(i) { + return reflect.Value{}, raiseConversion(opts.opts, val, ErrOverflow, "int") + } + return reflect.ValueOf(i).Convert(t), nil +} + +func reifyUint( + opts fieldOptions, + val value, + t reflect.Type, +) (reflect.Value, Error) { + u, err := val.toUint(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "uint") + } + + tmp := reflect.Zero(t) + if tmp.OverflowUint(u) { + return reflect.Value{}, raiseConversion(opts.opts, val, ErrOverflow, "uint") + } + return reflect.ValueOf(u).Convert(t), nil +} + +func reifyFloat( + opts fieldOptions, + val value, + t reflect.Type, +) (reflect.Value, Error) { + f, err := val.toFloat(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "float") + } + + tmp := reflect.Zero(t) + if tmp.OverflowFloat(f) { + return reflect.Value{}, raiseConversion(opts.opts, val, ErrOverflow, "float") + } + return reflect.ValueOf(f).Convert(t), nil +} + +func reifyBool( + opts fieldOptions, + val value, + t reflect.Type, +) (reflect.Value, Error) { + b, err := val.toBool(opts.opts) + if err != nil { + return reflect.Value{}, raiseConversion(opts.opts, val, err, "bool") + } + return reflect.ValueOf(b).Convert(t), nil +} diff --git a/vendor/github.com/elastic/go-ucfg/types.go b/vendor/github.com/elastic/go-ucfg/types.go new file mode 100644 index 00000000000..13d601c9d86 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/types.go @@ -0,0 +1,609 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "math" + "reflect" + "strconv" + "strings" + "sync/atomic" + "time" + + "github.com/elastic/go-ucfg/parse" +) + +type value interface { + typ(opts *options) (typeInfo, error) + + cpy(c context) value + + Context() context + SetContext(c context) + + meta() *Meta + setMeta(m *Meta) + + Len(opts *options) (int, error) + + reflect(opts *options) (reflect.Value, error) + reify(opts *options) (interface{}, error) + + toBool(opts *options) (bool, error) + toString(opts *options) (string, error) + toInt(opts *options) (int64, error) + toUint(opts *options) (uint64, error) + toFloat(opts *options) (float64, error) + toConfig(opts *options) (*Config, error) + canCache() bool +} + +type typeInfo struct { + name string + gotype reflect.Type +} + +type context struct { + parent value + field string +} + +type cfgBool struct { + cfgPrimitive + b bool +} + +type cfgInt struct { + cfgPrimitive + i int64 +} + +type cfgUint struct { + cfgPrimitive + u uint64 +} + +type cfgFloat struct { + cfgPrimitive + f float64 +} + +type cfgString struct { + cfgPrimitive + s string +} + +type cfgSub struct { + c *Config +} + +type cfgNil struct{ cfgPrimitive } + +type cfgPrimitive struct { + ctx context + metadata *Meta +} + +type cfgDynamic struct { + cfgPrimitive + id cacheID + dyn dynValue +} + +type dynValue interface { + getValue(p *cfgPrimitive, opts *options) (value, error) + String() string +} + +type refDynValue reference + +type spliceDynValue struct { + e varEvaler +} + +var spliceSeq int32 + +func (c *context) empty() bool { + return c.parent == nil +} + +func (c *context) getParent() *Config { + if c.parent == nil { + return nil + } + + if cfg, ok := c.parent.(cfgSub); ok { + return cfg.c + } + return nil +} + +func (c *context) path(sep string) string { + if c.field == "" { + return "" + } + + if c.parent != nil { + p := c.parent.Context() + if parent := p.path(sep); parent != "" { + return fmt.Sprintf("%v%v%v", parent, sep, c.field) + } + } + + return c.field +} + +func (c *context) pathOf(field, sep string) string { + if p := c.path(sep); p != "" { + return fmt.Sprintf("%v%v%v", p, sep, field) + } + return field +} + +func newBool(ctx context, m *Meta, b bool) *cfgBool { + return &cfgBool{cfgPrimitive{ctx, m}, b} +} + +func newInt(ctx context, m *Meta, i int64) *cfgInt { + return &cfgInt{cfgPrimitive{ctx, m}, i} +} + +func newUint(ctx context, m *Meta, u uint64) *cfgUint { + return &cfgUint{cfgPrimitive{ctx, m}, u} +} + +func newFloat(ctx context, m *Meta, f float64) *cfgFloat { + return &cfgFloat{cfgPrimitive{ctx, m}, f} +} + +func newString(ctx context, m *Meta, s string) *cfgString { + return &cfgString{cfgPrimitive{ctx, m}, s} +} + +func newRef(ctx context, m *Meta, ref *reference) *cfgDynamic { + return newDyn(ctx, m, (*refDynValue)(ref)) +} + +func newSplice(ctx context, m *Meta, s varEvaler) *cfgDynamic { + return newDyn(ctx, m, spliceDynValue{s}) +} + +func newDyn(ctx context, m *Meta, val dynValue) *cfgDynamic { + seq := atomic.AddInt32(&spliceSeq, 1) + dyn := &cfgDynamic{cfgPrimitive: cfgPrimitive{ctx, m}, dyn: val} + dyn.id = cacheID(fmt.Sprintf("%8X-%4X-%p", time.Now().Unix(), seq, dyn)) + return dyn +} + +func (p *cfgPrimitive) Context() context { return p.ctx } +func (p *cfgPrimitive) SetContext(c context) { p.ctx = c } +func (p *cfgPrimitive) meta() *Meta { return p.metadata } +func (p *cfgPrimitive) setMeta(m *Meta) { p.metadata = m } +func (cfgPrimitive) Len(*options) (int, error) { return 1, nil } +func (cfgPrimitive) toBool(*options) (bool, error) { return false, ErrTypeMismatch } +func (cfgPrimitive) toString(*options) (string, error) { return "", ErrTypeMismatch } +func (cfgPrimitive) toInt(*options) (int64, error) { return 0, ErrTypeMismatch } +func (cfgPrimitive) toUint(*options) (uint64, error) { return 0, ErrTypeMismatch } +func (cfgPrimitive) toFloat(*options) (float64, error) { return 0, ErrTypeMismatch } +func (cfgPrimitive) toConfig(*options) (*Config, error) { return nil, ErrTypeMismatch } +func (cfgPrimitive) canCache() bool { return true } + +func (c *cfgNil) cpy(ctx context) value { return &cfgNil{cfgPrimitive{ctx, c.metadata}} } +func (*cfgNil) Len(*options) (int, error) { return 0, nil } +func (*cfgNil) toString(*options) (string, error) { return "null", nil } +func (*cfgNil) toInt(*options) (int64, error) { return 0, ErrTypeMismatch } +func (*cfgNil) toUint(*options) (uint64, error) { return 0, ErrTypeMismatch } +func (*cfgNil) toFloat(*options) (float64, error) { return 0, ErrTypeMismatch } +func (*cfgNil) reify(*options) (interface{}, error) { return nil, nil } +func (*cfgNil) typ(*options) (typeInfo, error) { return typeInfo{"any", reflect.PtrTo(tConfig)}, nil } +func (c *cfgNil) meta() *Meta { return c.metadata } +func (c *cfgNil) setMeta(m *Meta) { c.metadata = m } + +func (c *cfgNil) reflect(opts *options) (reflect.Value, error) { + cfg, _ := c.toConfig(opts) + return reflect.ValueOf(cfg), nil +} + +func (c *cfgNil) toConfig(*options) (*Config, error) { + n := New() + n.ctx = c.ctx + return n, nil +} + +func (c *cfgBool) cpy(ctx context) value { return newBool(ctx, c.meta(), c.b) } +func (c *cfgBool) toBool(*options) (bool, error) { return c.b, nil } +func (c *cfgBool) reflect(*options) (reflect.Value, error) { return reflect.ValueOf(c.b), nil } +func (c *cfgBool) reify(*options) (interface{}, error) { return c.b, nil } +func (c *cfgBool) toString(*options) (string, error) { return fmt.Sprintf("%t", c.b), nil } +func (c *cfgBool) typ(*options) (typeInfo, error) { return typeInfo{"bool", tBool}, nil } + +func (c *cfgInt) cpy(ctx context) value { return newInt(ctx, c.meta(), c.i) } +func (c *cfgInt) toInt(*options) (int64, error) { return c.i, nil } +func (c *cfgInt) toFloat(*options) (float64, error) { return float64(c.i), nil } +func (c *cfgInt) reflect(*options) (reflect.Value, error) { return reflect.ValueOf(c.i), nil } +func (c *cfgInt) reify(*options) (interface{}, error) { return c.i, nil } +func (c *cfgInt) toString(*options) (string, error) { return fmt.Sprintf("%d", c.i), nil } +func (c *cfgInt) typ(*options) (typeInfo, error) { return typeInfo{"int", tInt64}, nil } +func (c *cfgInt) toUint(*options) (uint64, error) { + if c.i < 0 { + return 0, ErrNegative + } + return uint64(c.i), nil +} + +func (c *cfgUint) cpy(ctx context) value { return newUint(ctx, c.meta(), c.u) } +func (c *cfgUint) reflect(*options) (reflect.Value, error) { return reflect.ValueOf(c.u), nil } +func (c *cfgUint) reify(*options) (interface{}, error) { return c.u, nil } +func (c *cfgUint) toString(*options) (string, error) { return fmt.Sprintf("%d", c.u), nil } +func (c *cfgUint) typ(*options) (typeInfo, error) { return typeInfo{"uint", tUint64}, nil } +func (c *cfgUint) toUint(*options) (uint64, error) { return c.u, nil } +func (c *cfgUint) toFloat(*options) (float64, error) { return float64(c.u), nil } +func (c *cfgUint) toInt(*options) (int64, error) { + if c.u > math.MaxInt64 { + return 0, ErrOverflow + } + return int64(c.u), nil +} + +func (c *cfgFloat) cpy(ctx context) value { return newFloat(ctx, c.meta(), c.f) } +func (c *cfgFloat) toFloat(*options) (float64, error) { return c.f, nil } +func (c *cfgFloat) reflect(*options) (reflect.Value, error) { return reflect.ValueOf(c.f), nil } +func (c *cfgFloat) reify(*options) (interface{}, error) { return c.f, nil } +func (c *cfgFloat) toString(*options) (string, error) { return fmt.Sprintf("%v", c.f), nil } +func (c *cfgFloat) typ(*options) (typeInfo, error) { return typeInfo{"float", tFloat64}, nil } + +func (c *cfgFloat) toUint(*options) (uint64, error) { + if c.f < 0 { + return 0, ErrNegative + } + if c.f > math.MaxUint64 { + return 0, ErrOverflow + } + return uint64(c.f), nil +} + +func (c *cfgFloat) toInt(*options) (int64, error) { + if c.f < math.MinInt64 || math.MaxInt64 < c.f { + return 0, ErrOverflow + } + return int64(c.f), nil +} + +func (c *cfgString) cpy(ctx context) value { return newString(ctx, c.meta(), c.s) } +func (c *cfgString) reflect(*options) (reflect.Value, error) { + return reflect.ValueOf(c.s), nil +} +func (c *cfgString) reify(*options) (interface{}, error) { return c.s, nil } +func (c *cfgString) typ(*options) (typeInfo, error) { return typeInfo{"string", tString}, nil } +func (c *cfgString) toBool(*options) (bool, error) { return strconv.ParseBool(c.s) } +func (c *cfgString) toString(*options) (string, error) { return c.s, nil } +func (c *cfgString) toInt(*options) (int64, error) { return strconv.ParseInt(c.s, 0, 64) } +func (c *cfgString) toUint(*options) (uint64, error) { return strconv.ParseUint(c.s, 0, 64) } +func (c *cfgString) toFloat(*options) (float64, error) { return strconv.ParseFloat(c.s, 64) } + +func (c cfgSub) Context() context { return c.c.ctx } +func (cfgSub) toBool(*options) (bool, error) { return false, ErrTypeMismatch } +func (cfgSub) toString(*options) (string, error) { return "", ErrTypeMismatch } +func (cfgSub) toInt(*options) (int64, error) { return 0, ErrTypeMismatch } +func (cfgSub) toUint(*options) (uint64, error) { return 0, ErrTypeMismatch } +func (cfgSub) toFloat(*options) (float64, error) { return 0, ErrTypeMismatch } +func (c cfgSub) toConfig(*options) (*Config, error) { return c.c, nil } +func (c cfgSub) canCache() bool { return false } + +func (c cfgSub) Len(*options) (int, error) { + arr := c.c.fields.array() + if arr != nil { + + return len(arr), nil + } + + return 1, nil +} + +func (c cfgSub) typ(*options) (typeInfo, error) { + return typeInfo{"object", reflect.PtrTo(tConfig)}, nil +} + +// func (cfgSub) typ() (typeInfo, error) { return typeInfo{"object", reflect.PtrTo(tConfig)}, nil } +func (c cfgSub) reflect(*options) (reflect.Value, error) { return reflect.ValueOf(c.c), nil } +func (c cfgSub) meta() *Meta { return c.c.metadata } +func (c cfgSub) setMeta(m *Meta) { c.c.metadata = m } + +func (c cfgSub) cpy(ctx context) value { + newC := cfgSub{ + c: &Config{ctx: ctx, metadata: c.c.metadata}, + } + + dict := c.c.fields.dict() + arr := c.c.fields.array() + fields := &fields{} + + for name, f := range dict { + ctx := f.Context() + v := f.cpy(context{field: ctx.field, parent: newC}) + fields.set(name, v) + } + + if arr != nil { + fields.a = make([]value, len(arr)) + for i, f := range arr { + ctx := f.Context() + v := f.cpy(context{field: ctx.field, parent: newC}) + fields.setAt(i, newC, v) + } + } + + newC.c.fields = fields + return newC +} + +func (c cfgSub) SetContext(ctx context) { + if c.c.ctx.empty() { + c.c.ctx = ctx + } else { + c.c = &Config{ + ctx: ctx, + fields: c.c.fields, + } + } +} + +func (c cfgSub) reify(opts *options) (interface{}, error) { + parentFields := opts.activeFields + defer func() { opts.activeFields = parentFields }() + + fields := c.c.fields.dict() + arr := c.c.fields.array() + + switch { + case len(fields) == 0 && len(arr) == 0: + return nil, nil + case len(fields) > 0 && len(arr) == 0: + m := make(map[string]interface{}) + for k, v := range fields { + opts.activeFields = newFieldSet(parentFields) + var err error + if m[k], err = v.reify(opts); err != nil { + return nil, err + } + } + return m, nil + case len(fields) == 0 && len(arr) > 0: + m := make([]interface{}, len(arr)) + for i, v := range arr { + opts.activeFields = newFieldSet(parentFields) + var err error + if m[i], err = v.reify(opts); err != nil { + return nil, err + } + } + return m, nil + default: + m := make(map[string]interface{}) + for k, v := range fields { + opts.activeFields = newFieldSet(parentFields) + var err error + if m[k], err = v.reify(opts); err != nil { + return nil, err + } + } + for i, v := range arr { + opts.activeFields = newFieldSet(parentFields) + var err error + m[fmt.Sprintf("%d", i)], err = v.reify(opts) + if err != nil { + return nil, err + } + } + return m, nil + } +} + +func (d *cfgDynamic) typ(opts *options) (ti typeInfo, err error) { + d.withValue(&err, opts, func(v value) { + ti, err = v.typ(opts) + }) + return +} + +func (d *cfgDynamic) cpy(c context) value { + return newDyn(c, d.meta(), d.dyn) +} + +func (d *cfgDynamic) Len(opts *options) (l int, err error) { + d.withValue(&err, opts, func(v value) { + l, err = v.Len(opts) + }) + return +} + +func (d *cfgDynamic) reflect(opts *options) (rv reflect.Value, err error) { + d.withValue(&err, opts, func(v value) { + rv, err = v.reflect(opts) + }) + return +} + +func (d *cfgDynamic) reify(opts *options) (rv interface{}, err error) { + d.withValue(&err, opts, func(v value) { + rv, err = v.reify(opts) + }) + return +} + +func (d *cfgDynamic) toBool(opts *options) (b bool, err error) { + d.withValue(&err, opts, func(v value) { + b, err = v.toBool(opts) + }) + return +} + +func (d *cfgDynamic) toString(opts *options) (s string, err error) { + d.withValue(&err, opts, func(v value) { + s, err = v.toString(opts) + }) + return +} + +func (d *cfgDynamic) toInt(opts *options) (i int64, err error) { + d.withValue(&err, opts, func(v value) { + i, err = v.toInt(opts) + }) + return +} + +func (d *cfgDynamic) toUint(opts *options) (u uint64, err error) { + d.withValue(&err, opts, func(v value) { + u, err = v.toUint(opts) + }) + return +} + +func (d *cfgDynamic) toFloat(opts *options) (f float64, err error) { + d.withValue(&err, opts, func(v value) { + f, err = v.toFloat(opts) + }) + return +} + +func (d *cfgDynamic) toConfig(opts *options) (cfg *Config, err error) { + d.withValue(&err, opts, func(v value) { + cfg, err = v.toConfig(opts) + }) + return +} + +func (d *cfgDynamic) withValue(err *error, opts *options, fn func(value)) { + var v value + if v, *err = d.getValue(opts); *err == nil { + fn(v) + } +} + +func (d *cfgDynamic) getValue(opts *options) (value, error) { + return opts.parsed.cachedValue(d.id, func() (value, error) { + return d.dyn.getValue(&d.cfgPrimitive, opts) + }) +} + +func (d cfgDynamic) canCache() bool { + return false +} + +func (r *refDynValue) String() string { + ref := (*reference)(r) + return ref.String() +} + +func (r *refDynValue) getValue( + p *cfgPrimitive, + opts *options, +) (value, error) { + ref := (*reference)(r) + v, err := ref.resolveRef(p.ctx.getParent(), opts) + // If not found or we have a cyclic reference we try the environment resolvers + if v != nil || criticalResolveError(err) { + return v, err + } + previousErr := err + + str, parseCfg, err := ref.resolveEnv(p.ctx.getParent(), opts) + if err != nil { + // TODO(ph): Not everything is an Error, will do some cleanup in another PR. + if v, ok := previousErr.(Error); ok { + if v.Reason() == ErrCyclicReference { + return nil, previousErr + } + } + return nil, err + } + return parseValue(p, opts, str, parseCfg) +} + +func (s spliceDynValue) getValue( + p *cfgPrimitive, + opts *options, +) (value, error) { + splice := s.e + str, err := splice.eval(p.ctx.getParent(), opts) + if err != nil { + return nil, err + } + + return parseValue(p, opts, str, parse.DefaultConfig) +} + +func (s spliceDynValue) String() string { + return "" +} + +func parseValue(p *cfgPrimitive, opts *options, str string, parseCfg parse.Config) (value, error) { + if opts.noParse { + return nil, raiseNoParse(p.ctx, p.meta()) + } + + ifc, err := parse.ValueWithConfig(str, parseCfg) + if err != nil { + return nil, err + } + + if ifc == nil { + if strings.TrimSpace(str) == "" { + return newString(p.ctx, p.meta(), str), nil + } + return &cfgNil{cfgPrimitive{ctx: p.ctx, metadata: p.meta()}}, nil + } + + switch v := ifc.(type) { + case bool: + return newBool(p.ctx, p.meta(), v), nil + case int64: + return newInt(p.ctx, p.meta(), v), nil + case uint64: + return newUint(p.ctx, p.meta(), v), nil + case float64: + return newFloat(p.ctx, p.meta(), v), nil + case string: + return newString(p.ctx, p.meta(), v), nil + } + + sub, err := normalize(opts, ifc) + if err != nil { + return nil, err + } + sub.ctx = p.ctx + sub.metadata = p.metadata + return cfgSub{sub}, nil +} + +func isNil(v value) bool { + if v == nil { + return true + } + _, tst := v.(*cfgNil) + return tst +} + +func isSub(v value) bool { + if v == nil { + return false + } + _, tst := v.(cfgSub) + return tst +} diff --git a/vendor/github.com/elastic/go-ucfg/ucfg.go b/vendor/github.com/elastic/go-ucfg/ucfg.go new file mode 100644 index 00000000000..bddd42333f1 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/ucfg.go @@ -0,0 +1,331 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "reflect" + "regexp" + "sort" + "time" +) + +// Config object to store hierarchical configurations into. Config can be +// both a dictionary and a list holding primitive values. Primitive values +// can be booleans, integers, float point numbers and strings. +// +// Config provides a low level interface for setting and getting settings +// via SetBool, SetInt, SetUing, SetFloat, SetString, SetChild, Bool, Int, Uint, +// Float, String, and Child. +// +// A more user-friendly high level interface is provided via Unpack and Merge. +type Config struct { + ctx context + metadata *Meta + fields *fields +} + +type fieldOptions struct { + opts *options + tag tagOptions + validators []validatorTag +} + +type fields struct { + d map[string]value + a []value +} + +// Meta holds additional meta data per config value. +type Meta struct { + Source string +} + +var ( + tConfig = reflect.TypeOf(Config{}) + tConfigPtr = reflect.PtrTo(tConfig) + tConfigMap = reflect.TypeOf((map[string]interface{})(nil)) + tInterfaceArray = reflect.TypeOf([]interface{}(nil)) + + // interface types + tError = reflect.TypeOf((*error)(nil)).Elem() + iInitializer = reflect.TypeOf((*Initializer)(nil)).Elem() + tValidator = reflect.TypeOf((*Validator)(nil)).Elem() + + // primitives + tBool = reflect.TypeOf(true) + tInt64 = reflect.TypeOf(int64(0)) + tUint64 = reflect.TypeOf(uint64(0)) + tFloat64 = reflect.TypeOf(float64(0)) + tString = reflect.TypeOf("") + tDuration = reflect.TypeOf(time.Duration(0)) + tRegexp = reflect.TypeOf(regexp.Regexp{}) +) + +// New creates a new empty Config object. +func New() *Config { + return &Config{ + fields: &fields{nil, nil}, + } +} + +// MustNewFrom creates a new config object normalizing and copying from into the new +// Config object. MustNewFrom uses Merge to copy from. +// +// MustNewFrom supports the options: PathSep, MetaData, StructTag, VarExp +func MustNewFrom(from interface{}, opts ...Option) *Config { + c := New() + if err := c.Merge(from, opts...); err != nil { + panic(err) + } + return c +} + +// NewFrom creates a new config object normalizing and copying from into the new +// Config object. NewFrom uses Merge to copy from. +// +// NewFrom supports the options: PathSep, MetaData, StructTag, VarExp +func NewFrom(from interface{}, opts ...Option) (*Config, error) { + c := New() + if err := c.Merge(from, opts...); err != nil { + return nil, err + } + return c, nil +} + +// IsDict checks if c has named keys. +func (c *Config) IsDict() bool { + return c.fields.dict() != nil +} + +// IsArray checks if c has index only accessible settings. +func (c *Config) IsArray() bool { + return c.fields.array() != nil +} + +// GetFields returns a list of all top-level named keys in c. +func (c *Config) GetFields() []string { + var names []string + for k := range c.fields.dict() { + names = append(names, k) + } + return names +} + +// Has checks if a field by the given path+idx configuration exists. +// Has returns an error if the path can not be resolved because a primitive +// value is found in the middle of the traversal. +func (c *Config) Has(name string, idx int, options ...Option) (bool, error) { + opts := makeOptions(options) + p := parsePathIdx(name, opts.pathSep, idx) + return p.Has(c, opts) +} + +// HasField checks if c has a top-level named key name. +func (c *Config) HasField(name string) bool { + _, ok := c.fields.get(name) + return ok +} + +// Remove removes a setting from the config. If the configuration references +// another configuration namespace, then the setting will be removed from the +// linked reference. +// Remove returns true if the setting was removed. If the path can't be +// resolved (e.g. due to type mismatch) Remove will return an error. +// +// Settings can be created on Unpack via Env, Resolve, and ResolveEnv. Settings +// generated dynamically on Unpack can not be removed. Remove ignores any +// configured environments and will return an error if a value can not be +// removed for this reason. +// +// The setting path is constructed from name and idx. If name is set and idx is -1, +// only the name is used to access the setting by name. If name is empty, idx +// must be >= 0, assuming the Config is a list. If both name and idx are set, +// the name must point to a list. +// +// Remove supports the options: PathSep +func (c *Config) Remove(name string, idx int, options ...Option) (bool, error) { + opts := makeOptions(options) + + // ignore environments + opts.env = nil + opts.resolvers = nil + opts.noParse = true + + p := parsePathIdx(name, opts.pathSep, idx) + return p.Remove(c, opts) +} + +// Path gets the absolute path of c separated by sep. If c is a root-Config an +// empty string will be returned. +func (c *Config) Path(sep string) string { + return c.ctx.path(sep) +} + +// PathOf gets the absolute path of a potential setting field in c with name +// separated by sep. +func (c *Config) PathOf(field, sep string) string { + return c.ctx.pathOf(field, sep) +} + +// Parent returns the parent configuration or nil if c is already a root +// Configuration. +func (c *Config) Parent() *Config { + ctx := c.ctx + for { + if ctx.parent == nil { + return nil + } + + switch p := ctx.parent.(type) { + case cfgSub: + return p.c + default: + return nil + } + } +} + +// FlattenedKeys return a sorted flattened views of the set keys in the configuration +func (c *Config) FlattenedKeys(opts ...Option) []string { + var keys []string + normalizedOptions := makeOptions(opts) + + if normalizedOptions.pathSep == "" { + normalizedOptions.pathSep = "." + } + + if c.IsDict() { + for _, v := range c.fields.dict() { + + subcfg, err := v.toConfig(normalizedOptions) + if err != nil { + ctx := v.Context() + p := ctx.path(normalizedOptions.pathSep) + keys = append(keys, p) + } else { + newKeys := subcfg.FlattenedKeys(opts...) + keys = append(keys, newKeys...) + } + } + } else if c.IsArray() { + for _, a := range c.fields.array() { + scfg, err := a.toConfig(normalizedOptions) + + if err != nil { + ctx := a.Context() + p := ctx.path(normalizedOptions.pathSep) + keys = append(keys, p) + } else { + newKeys := scfg.FlattenedKeys(opts...) + keys = append(keys, newKeys...) + } + } + } + + sort.Strings(keys) + return keys +} + +func (f *fields) get(name string) (value, bool) { + if f.d == nil { + return nil, false + } + v, found := f.d[name] + return v, found +} + +func (f *fields) dict() map[string]value { + return f.d +} + +func (f *fields) array() []value { + return f.a +} + +func (f *fields) del(name string) bool { + _, exists := f.d[name] + if exists { + delete(f.d, name) + } + return exists +} + +func (f *fields) delAt(i int) bool { + a := f.a + if i < 0 || len(a) <= i { + return false + } + + copy(a[i:], a[i+1:]) + a[len(a)-1] = nil + f.a = a[:len(a)-1] + return true +} + +func (f *fields) set(name string, v value) { + if f.d == nil { + f.d = map[string]value{} + } + f.d[name] = v +} + +func (f *fields) add(v value) { + f.a = append(f.a, v) +} + +func (f *fields) setAt(idx int, parent, v value) { + l := len(f.a) + if idx >= l { + tmp := make([]value, idx+1) + copy(tmp, f.a) + + for i := l; i < idx; i++ { + ctx := context{parent: parent, field: fmt.Sprintf("%d", i)} + tmp[i] = &cfgNil{cfgPrimitive{ctx, nil}} + } + + f.a = tmp + } + + f.a[idx] = v +} + +func (f *fields) append(parent value, a []value) { + l := len(f.a) + count := len(a) + if count == 0 { + return + } + + for i := 0; i < count; i, l = i+1, l+1 { + ctx := context{ + parent: parent, + field: fmt.Sprintf("%v", l), + } + f.setAt(l, parent, a[i].cpy(ctx)) + } +} + +func (o *fieldOptions) configHandling() configHandling { + h := o.tag.cfgHandling + if h == cfgDefaultHandling { + h = o.opts.configValueHandling + } + return h +} diff --git a/vendor/github.com/elastic/go-ucfg/unpack.go b/vendor/github.com/elastic/go-ucfg/unpack.go new file mode 100644 index 00000000000..00fb92c9376 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/unpack.go @@ -0,0 +1,247 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import "reflect" + +// Unpacker type used by Unpack to allow types to implement custom configuration +// unpacking. +type Unpacker interface { + // Unpack is called if a setting of field has a type implementing Unpacker. + // + // The interface{} value passed to Unpack can be of type: bool, int64, uint64, + // float64, string, []interface{} or map[string]interface{}. + Unpack(interface{}) error +} + +// BoolUnpacker interface specializes the Unpacker interface +// by casting values to bool when calling Unpack. +type BoolUnpacker interface { + Unpack(b bool) error +} + +// IntUnpacker interface specializes the Unpacker interface +// by casting values to int64 when calling Unpack. +type IntUnpacker interface { + Unpack(i int64) error +} + +// UintUnpacker interface specializes the Unpacker interface +// by casting values to uint64 when calling Unpack. +type UintUnpacker interface { + Unpack(u uint64) error +} + +// FloatUnpacker interface specializes the Unpacker interface +// by casting values to float64 when calling Unpack. +type FloatUnpacker interface { + Unpack(f float64) error +} + +// StringUnpacker interface specializes the Unpacker interface +// by casting values to string when calling Unpack. +type StringUnpacker interface { + Unpack(s string) error +} + +// ConfigUnpacker interface specializes the Unpacker interface +// by passing the the *Config object directly instead of +// transforming the *Config object into map[string]interface{}. +type ConfigUnpacker interface { + Unpack(c *Config) error +} + +var ( + // unpacker interface types + tUnpacker = reflect.TypeOf((*Unpacker)(nil)).Elem() + tBoolUnpacker = reflect.TypeOf((*BoolUnpacker)(nil)).Elem() + tIntUnpacker = reflect.TypeOf((*IntUnpacker)(nil)).Elem() + tUintUnpacker = reflect.TypeOf((*UintUnpacker)(nil)).Elem() + tFloatUnpacker = reflect.TypeOf((*FloatUnpacker)(nil)).Elem() + tStringUnpacker = reflect.TypeOf((*StringUnpacker)(nil)).Elem() + tConfigUnpacker = reflect.TypeOf((*ConfigUnpacker)(nil)).Elem() + + tUnpackers = [...]reflect.Type{ + tUnpacker, + tBoolUnpacker, + tIntUnpacker, + tUintUnpacker, + tFloatUnpacker, + tStringUnpacker, + tConfigUnpacker, + } +) + +// valueIsUnpacker checks if v implements the Unpacker interface. +// If there exists a pointer to v, the pointer to v is also tested. +func valueIsUnpacker(v reflect.Value) (reflect.Value, bool) { + for { + if implementsUnpacker(v.Type()) { + return v, true + } + + if !v.CanAddr() { + break + } + v = v.Addr() + } + + return reflect.Value{}, false +} + +func typeIsUnpacker(t reflect.Type) (reflect.Value, bool) { + if implementsUnpacker(t) { + return reflect.New(t).Elem(), true + } + + if implementsUnpacker(reflect.PtrTo(t)) { + return reflect.New(t), true + } + + return reflect.Value{}, false +} + +func implementsUnpacker(t reflect.Type) bool { + // ucfg.Config or structures that can be casted to ucfg.Config are not + // Unpackers. + if tConfig.ConvertibleTo(chaseTypePointers(t)) { + return false + } + + for _, tUnpack := range tUnpackers { + if t.Implements(tUnpack) { + return true + } + } + + if t.NumMethod() == 0 { + return false + } + + // test if object has 'Unpack' method + method, ok := t.MethodByName("Unpack") + if !ok { + + return false + } + + // check method input and output parameters to match the ConfigUnpacker interface: + // func (to *T) Unpack(cfg *TConfig) error + // with T being the method receiver (input paramter 0) + // and TConfig being the aliased config type to convert to (input parameter 1) + paramCountCheck := method.Type.NumIn() == 2 && method.Type.NumOut() == 1 + if !paramCountCheck { + return false + } + if !method.Type.Out(0).Implements(tError) { + // return variable is not compatible to `error` type + return false + } + + // method receiver is known, check config parameters being compatible + tIn := method.Type.In(1) + return tConfig.ConvertibleTo(tIn) || tConfigPtr.ConvertibleTo(tIn) +} + +func unpackWith(opts *options, v reflect.Value, with value) Error { + // short circuit nil values + if isNil(with) { + return nil + } + + ctx := with.Context() + meta := with.meta() + + var err error + value := v.Interface() + switch u := value.(type) { + case Unpacker: + var reified interface{} + if reified, err = with.reify(opts); err == nil { + err = u.Unpack(reified) + } + + case BoolUnpacker: + var b bool + if b, err = with.toBool(opts); err == nil { + err = u.Unpack(b) + } + + case IntUnpacker: + var n int64 + if n, err = with.toInt(opts); err == nil { + err = u.Unpack(n) + } + + case UintUnpacker: + var n uint64 + if n, err = with.toUint(opts); err == nil { + err = u.Unpack(n) + } + + case FloatUnpacker: + var f float64 + if f, err = with.toFloat(opts); err == nil { + err = u.Unpack(f) + } + + case StringUnpacker: + var s string + if s, err = with.toString(opts); err == nil { + err = u.Unpack(s) + } + + case ConfigUnpacker: + var c *Config + if c, err = with.toConfig(opts); err == nil { + err = u.Unpack(c) + } + + default: + var c *Config + if c, err = with.toConfig(opts); err == nil { + err = reflectUnpackWithConfig(v, c) + } + + } + + if err != nil { + return raisePathErr(err, meta, "", ctx.path(".")) + } + return nil +} + +func reflectUnpackWithConfig(v reflect.Value, c *Config) error { + method, _ := v.Type().MethodByName("Unpack") + tIn := method.Type.In(1) + + var rc reflect.Value + switch { + case tConfig.ConvertibleTo(tIn): + rc = reflect.ValueOf(*c) + case tConfigPtr.ConvertibleTo(tIn): + rc = reflect.ValueOf(c) + } + + results := method.Func.Call([]reflect.Value{v, rc.Convert(tIn)}) + ifc := results[0].Convert(tError).Interface() + if ifc == nil { + return nil + } + return ifc.(error) +} diff --git a/vendor/github.com/elastic/go-ucfg/util.go b/vendor/github.com/elastic/go-ucfg/util.go new file mode 100644 index 00000000000..0e7080ab0a5 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/util.go @@ -0,0 +1,220 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "reflect" + "strings" + "unicode" + "unicode/utf8" +) + +type tagOptions struct { + squash bool + ignore bool + cfgHandling configHandling +} + +// configHandling configures the operation to execute if we merge into a struct +// field that holds an unpacked config object. +type configHandling uint8 + +const ( + cfgDefaultHandling configHandling = iota + cfgMergeValues + cfgReplaceValue + cfgArrAppend + cfgArrPrepend +) + +var noTagOpts = tagOptions{} + +func parseTags(tag string) (string, tagOptions) { + s := strings.Split(tag, ",") + opts := tagOptions{} + for _, opt := range s[1:] { + switch opt { + case "squash", "inline": + opts.squash = true + case "ignore": + opts.ignore = true + case "merge": + opts.cfgHandling = cfgMergeValues + case "replace": + opts.cfgHandling = cfgReplaceValue + case "append": + opts.cfgHandling = cfgArrAppend + case "prepend": + opts.cfgHandling = cfgArrPrepend + } + } + return s[0], opts +} + +func fieldName(tagName, structName string) string { + if tagName != "" { + return tagName + } + return strings.ToLower(structName) +} + +func chaseValueInterfaces(v reflect.Value) reflect.Value { + for v.Kind() == reflect.Interface && !v.IsNil() { + v = v.Elem() + } + return v +} + +func chaseValuePointers(v reflect.Value) reflect.Value { + for v.Kind() == reflect.Ptr && !v.IsNil() { + v = v.Elem() + } + return v +} + +func chaseValue(v reflect.Value) reflect.Value { + for (v.Kind() == reflect.Ptr || v.Kind() == reflect.Interface) && !v.IsNil() { + v = v.Elem() + } + return v +} + +func chaseTypePointers(t reflect.Type) reflect.Type { + for t.Kind() == reflect.Ptr { + t = t.Elem() + } + return t +} + +// tryTConfig tries to convert input value into addressable Config by converting +// to *Config first. If value is convertible to Config, but not addressable a new +// value is allocated in order to guarantee returned value of type Config is +// addressable. Returns false if type value is not convertible to TConfig. +func tryTConfig(value reflect.Value) (reflect.Value, bool) { + v := chaseValue(value) + t := v.Type() + + if t == tConfig { + v := pointerize(tConfigPtr, tConfig, v) + return v.Elem(), true + } + + if !t.ConvertibleTo(tConfig) { + return reflect.Value{}, false + } + + v = pointerize(reflect.PtrTo(v.Type()), v.Type(), v) + if !v.Type().ConvertibleTo(tConfigPtr) { + return reflect.Value{}, false + } + + v = v.Convert(tConfigPtr) + return v.Elem(), true +} + +func pointerize(t, base reflect.Type, v reflect.Value) reflect.Value { + if t == base { + return v + } + + if t.Kind() == reflect.Interface { + return v + } + + for t != v.Type() { + if !v.CanAddr() { + tmp := reflect.New(v.Type()) + tmp.Elem().Set(v) + v = tmp + } else { + v = v.Addr() + } + } + return v +} + +func isInt(k reflect.Kind) bool { + switch k { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return true + default: + return false + } +} + +func isUint(k reflect.Kind) bool { + switch k { + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + return true + default: + return false + } +} + +func isFloat(k reflect.Kind) bool { + switch k { + case reflect.Float32, reflect.Float64: + return true + default: + return false + } +} + +type fieldInfo struct { + name string + ftype reflect.Type + value reflect.Value + options *options + tagOptions tagOptions + validatorTags []validatorTag +} + +func accessField(structVal reflect.Value, fieldIdx int, opts *options) (fieldInfo, bool, Error) { + stField := structVal.Type().Field(fieldIdx) + + // ignore non exported fields + if rune, _ := utf8.DecodeRuneInString(stField.Name); !unicode.IsUpper(rune) { + return fieldInfo{}, true, nil + } + name, tagOpts := parseTags(stField.Tag.Get(opts.tag)) + if tagOpts.ignore { + return fieldInfo{}, true, nil + } + + // create new context, overwriting configValueHandling for all sub-operations + if tagOpts.cfgHandling != opts.configValueHandling { + tmp := &options{} + *tmp = *opts + tmp.configValueHandling = tagOpts.cfgHandling + opts = tmp + } + + validators, err := parseValidatorTags(stField.Tag.Get(opts.validatorTag)) + if err != nil { + return fieldInfo{}, false, raiseCritical(err, "") + } + + return fieldInfo{ + name: fieldName(name, stField.Name), + ftype: stField.Type, + value: structVal.Field(fieldIdx), + options: opts, + tagOptions: tagOpts, + validatorTags: validators, + }, false, nil +} diff --git a/vendor/github.com/elastic/go-ucfg/validator.go b/vendor/github.com/elastic/go-ucfg/validator.go new file mode 100644 index 00000000000..8a72abf3b33 --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/validator.go @@ -0,0 +1,461 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "fmt" + "reflect" + "regexp" + "strconv" + "strings" + "time" +) + +// Validator interface provides additional validation support to Unpack. The +// Validate method will be executed for any type passed directly or indirectly to +// Unpack. +// +// If Validate fails with an error message, Unpack will add some +// context - like setting being accessed and file setting was read from - to the +// error message before returning the actual error. +type Validator interface { + Validate() error +} + +// ValidatorCallback is the type of optional validator tags to be registered via +// RegisterValidator. +type ValidatorCallback func(interface{}, string) error + +type validatorTag struct { + name string + cb ValidatorCallback + param string +} + +var ( + validators = map[string]ValidatorCallback{} +) + +func init() { + initRegisterValidator("nonzero", validateNonZero) + initRegisterValidator("positive", validatePositive) + initRegisterValidator("min", validateMin) + initRegisterValidator("max", validateMax) + initRegisterValidator("required", validateRequired) +} + +func initRegisterValidator(name string, cb ValidatorCallback) { + if err := RegisterValidator(name, cb); err != nil { + panic("Duplicate validator: " + name) + } +} + +// RegisterValidator adds a new validator option to the "validate" struct tag. +// The callback will be executed when unpacking into a struct field. +func RegisterValidator(name string, cb ValidatorCallback) error { + if _, exists := validators[name]; exists { + return ErrDuplicateValidator + } + + validators[name] = cb + return nil +} + +func parseValidatorTags(tag string) ([]validatorTag, error) { + if tag == "" { + return nil, nil + } + + lst := strings.Split(tag, ",") + if len(lst) == 0 { + return nil, nil + } + + tags := make([]validatorTag, 0, len(lst)) + for _, cfg := range lst { + v := strings.SplitN(cfg, "=", 2) + name := strings.Trim(v[0], " \t\r\n") + cb := validators[name] + if cb == nil { + return nil, fmt.Errorf("unknown validator '%v'", name) + } + + param := "" + if len(v) == 2 { + param = strings.Trim(v[1], " \t\r\n") + } + + tags = append(tags, validatorTag{name: name, cb: cb, param: param}) + } + + return tags, nil +} + +func tryValidate(val reflect.Value) error { + t := val.Type() + var validator Validator + + if (t.Kind() == reflect.Ptr || t.Kind() == reflect.Interface) && val.IsNil() { + return nil + } + + if t.Implements(tValidator) { + validator = val.Interface().(Validator) + } else if reflect.PtrTo(t).Implements(tValidator) { + val = pointerize(reflect.PtrTo(t), t, val) + validator = val.Interface().(Validator) + } + + if validator == nil { + return nil + } + return validator.Validate() +} + +func runValidators(val interface{}, validators []validatorTag) error { + if validators == nil { + return nil + } + for _, tag := range validators { + if err := tag.cb(val, tag.param); err != nil { + return err + } + } + return nil +} + +func tryRecursiveValidate(val reflect.Value, opts *options, validators []validatorTag) error { + var curr interface{} + if val.IsValid() { + curr = val.Interface() + } + if err := runValidators(curr, validators); err != nil { + return err + } + if !val.IsValid() { + return nil + } + + t := val.Type() + if (t.Kind() == reflect.Ptr || t.Kind() == reflect.Interface) && val.IsNil() { + return nil + } + + var err error + switch chaseValue(val).Kind() { + case reflect.Struct: + err = validateStruct(val, opts) + case reflect.Map: + err = validateMap(val, opts) + case reflect.Array, reflect.Slice: + err = validateArray(val, opts) + } + + if err != nil { + return err + } + return tryValidate(val) +} + +func validateStruct(val reflect.Value, opts *options) error { + val = chaseValue(val) + numField := val.NumField() + for i := 0; i < numField; i++ { + fInfo, skip, err := accessField(val, i, opts) + if err != nil { + return err + } + if skip { + continue + } + + if err := tryRecursiveValidate(fInfo.value, fInfo.options, fInfo.validatorTags); err != nil { + return err + } + } + return nil +} + +func validateMap(val reflect.Value, opts *options) error { + for _, key := range val.MapKeys() { + if err := tryRecursiveValidate(val.MapIndex(key), opts, nil); err != nil { + return err + } + } + return nil +} + +func validateArray(val reflect.Value, opts *options) error { + for i := 0; i < val.Len(); i++ { + if err := tryRecursiveValidate(val.Index(i), opts, nil); err != nil { + return err + } + } + return nil +} + +// validateNonZero implements the `nonzero` validation tag. +// If nonzero is set, the validator is only run if field is present in config. +// It checks for numbers and durations to be != 0, and for strings/arrays/slices +// not being empty. +func validateNonZero(v interface{}, name string) error { + if v == nil { + return nil + } + + if d, ok := v.(time.Duration); ok { + if d == 0 { + return ErrZeroValue + } + return nil + } + + val := chaseValue(reflect.ValueOf(v)) + switch val.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if val.Int() != 0 { + return nil + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if val.Uint() != 0 { + return nil + } + case reflect.Float32, reflect.Float64: + if val.Float() != 0 { + return nil + } + default: + return validateNonEmpty(v, name) + } + + return ErrZeroValue +} + +func validatePositive(v interface{}, _ string) error { + if v == nil { + return nil + } + + if d, ok := v.(time.Duration); ok { + if d < 0 { + return ErrNegative + } + return nil + } + + val := reflect.ValueOf(v) + switch val.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if val.Int() >= 0 { + return nil + } + case reflect.Float32, reflect.Float64: + if val.Float() >= 0 { + return nil + } + default: + return nil + } + + return ErrNegative +} + +func validateMin(v interface{}, param string) error { + if v == nil { + return nil + } + + if d, ok := v.(time.Duration); ok { + min, err := param2Duration(param) + if err != nil { + return err + } + + if min > d { + return fmt.Errorf("requires duration < %v", param) + } + return nil + } + + val := reflect.ValueOf(v) + switch val.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + min, err := strconv.ParseInt(param, 0, 64) + if err != nil { + return err + } + if val.Int() >= min { + return nil + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + min, err := strconv.ParseUint(param, 0, 64) + if err != nil { + return err + } + if val.Uint() >= min { + return nil + } + case reflect.Float32, reflect.Float64: + min, err := strconv.ParseFloat(param, 64) + if err != nil { + return err + } + if val.Float() >= min { + return nil + } + default: + return nil + } + + return fmt.Errorf("requires value < %v", param) +} + +func validateMax(v interface{}, param string) error { + if v == nil { + return nil + } + + if d, ok := v.(time.Duration); ok { + max, err := param2Duration(param) + if err != nil { + return err + } + + if max < d { + return fmt.Errorf("requires duration > %v", param) + } + return nil + } + + val := reflect.ValueOf(v) + switch val.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + max, err := strconv.ParseInt(param, 0, 64) + if err != nil { + return err + } + if val.Int() <= max { + return nil + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + max, err := strconv.ParseUint(param, 0, 64) + if err != nil { + return err + } + if val.Uint() <= max { + return nil + } + case reflect.Float32, reflect.Float64: + max, err := strconv.ParseFloat(param, 64) + if err != nil { + return err + } + if val.Float() <= max { + return nil + } + default: + return nil + } + + return fmt.Errorf("requires value > %v", param) +} + +// validateRequired implements the `required` validation tag. +// If a field is required, it must be present in the config. +// If field is a string, regex or slice its length must be > 0. +func validateRequired(v interface{}, name string) error { + if v == nil { + return ErrRequired + } + val := reflect.ValueOf(v) + if val.Kind() == reflect.Ptr && val.IsNil() { + return ErrRequired + } + if isInt(val.Kind()) || isUint(val.Kind()) || isFloat(val.Kind()) { + if err := validateNonZero(v, name); err != nil { + return ErrRequired + } + return nil + } + if err := validateNonEmptyWithAllowNil(v, name, false); err != nil { + return err + } + return nil +} + +func validateNonEmpty(v interface{}, name string) error { + return validateNonEmptyWithAllowNil(v, name, true) +} + +func validateNonEmptyWithAllowNil(v interface{}, _ string, allowNil bool) error { + if s, ok := v.(string); ok { + if s == "" { + return ErrStringEmpty + } + return nil + } + + if r, ok := v.(regexp.Regexp); ok { + if r.String() == "" { + return ErrRegexEmpty + } + return nil + } + + val := reflect.ValueOf(v) + if val.Kind() == reflect.Array || val.Kind() == reflect.Slice { + if val.IsNil() { + if allowNil { + return nil + } + return ErrRequired + } + if val.Len() == 0 { + return ErrArrayEmpty + } + return nil + } + if val.Kind() == reflect.Map { + if val.IsNil() { + if allowNil { + return nil + } + return ErrRequired + } + if val.Len() == 0 { + return ErrMapEmpty + } + return nil + } + + return nil +} + +func param2Duration(param string) (time.Duration, error) { + d, err := time.ParseDuration(param) + if err == nil { + return d, err + } + + tmp, floatErr := strconv.ParseFloat(param, 64) + if floatErr != nil { + return 0, err + } + + return time.Duration(tmp * float64(time.Second)), nil +} diff --git a/vendor/github.com/elastic/go-ucfg/variables.go b/vendor/github.com/elastic/go-ucfg/variables.go new file mode 100644 index 00000000000..791bee3d3eb --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/variables.go @@ -0,0 +1,552 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ucfg + +import ( + "bytes" + "errors" + "fmt" + "strings" + + "github.com/elastic/go-ucfg/parse" +) + +type reference struct { + Path cfgPath +} + +type expansion struct { + left, right varEvaler + pathSep string +} + +type expansionSingle struct { + evaler varEvaler + pathSep string +} + +type expansionDefault struct{ expansion } +type expansionAlt struct{ expansion } +type expansionErr struct{ expansion } + +type splice struct { + pieces []varEvaler +} + +type varEvaler interface { + eval(cfg *Config, opts *options) (string, error) +} + +type constExp string + +type token struct { + typ tokenType + val string +} + +type parseState struct { + st int + isvar bool + op string + pieces [2][]varEvaler +} + +var ( + errUnterminatedBrace = errors.New("unterminated brace") + errInvalidType = errors.New("invalid type") + errEmptyPath = errors.New("empty path after expansion") +) + +type tokenType uint16 + +const ( + tokOpen tokenType = iota + tokClose + tokSep + tokString + + // parser state + stLeft = 0 + stRight = 1 + + opDefault = ":" + opAlternative = ":+" + opError = ":?" +) + +var ( + openToken = token{tokOpen, "${"} + closeToken = token{tokClose, "}"} + + sepDefToken = token{tokSep, opDefault} + sepAltToken = token{tokSep, opAlternative} + sepErrToken = token{tokSep, opError} +) + +func newReference(p cfgPath) *reference { + return &reference{p} +} + +func (r *reference) String() string { + return fmt.Sprintf("${%v}", r.Path) +} + +func (r *reference) resolveRef(cfg *Config, opts *options) (value, error) { + env := opts.env + + if ok := opts.activeFields.AddNew(r.Path.String()); !ok { + return nil, raiseCyclicErr(r.Path.String()) + } + + var err Error + + for { + var v value + cfg = cfgRoot(cfg) + if cfg == nil { + return nil, ErrMissing + } + + v, err = r.Path.GetValue(cfg, opts) + if err == nil { + if v == nil { + break + } + + return v, nil + } + + if len(env) == 0 { + break + } + + cfg = env[len(env)-1] + env = env[:len(env)-1] + } + + return nil, err +} + +func (r *reference) resolveEnv(cfg *Config, opts *options) (string, parse.Config, error) { + var err error + + if len(opts.resolvers) > 0 { + key := r.Path.String() + for i := len(opts.resolvers) - 1; i >= 0; i-- { + var v string + var cfg parse.Config + resolver := opts.resolvers[i] + v, cfg, err = resolver(key) + if err == nil { + return v, cfg, nil + } + } + } + + return "", parse.DefaultConfig, err +} + +func (r *reference) resolve(cfg *Config, opts *options) (value, error) { + v, err := r.resolveRef(cfg, opts) + if v != nil || criticalResolveError(err) { + return v, err + } + + previousErr := err + + s, _, err := r.resolveEnv(cfg, opts) + if err != nil { + // TODO(ph): Not everything is an Error, will do some cleanup in another PR. + if v, ok := previousErr.(Error); ok { + if v.Reason() == ErrCyclicReference { + return nil, previousErr + } + } + return nil, err + } + + if s == "" { + return nil, nil + } + + return newString(context{field: r.Path.String()}, nil, s), nil +} + +func (r *reference) eval(cfg *Config, opts *options) (string, error) { + v, err := r.resolve(cfg, opts) + if err != nil { + return "", err + } + if v == nil { + return "", fmt.Errorf("can not resolve reference: %v", r.Path) + } + return v.toString(opts) +} + +func (s constExp) eval(*Config, *options) (string, error) { + return string(s), nil +} + +func (s *splice) String() string { + return fmt.Sprintf("%v", s.pieces) +} + +func (s *splice) eval(cfg *Config, opts *options) (string, error) { + buf := bytes.NewBuffer(nil) + for _, p := range s.pieces { + s, err := p.eval(cfg, opts) + if err != nil { + return "", err + } + buf.WriteString(s) + } + return buf.String(), nil +} + +func (e *expansion) String() string { + return fmt.Sprintf("${%v:%v}", e.left, e.right) +} + +func (e *expansionSingle) String() string { + return fmt.Sprintf("${%v}", e.evaler) +} + +func (e *expansionSingle) eval(cfg *Config, opts *options) (string, error) { + path, err := e.evaler.eval(cfg, opts) + if err != nil { + return "", err + } + + ref := newReference(parsePath(path, e.pathSep)) + return ref.eval(cfg, opts) +} + +func (e *expansionDefault) eval(cfg *Config, opts *options) (string, error) { + path, err := e.left.eval(cfg, opts) + if err != nil || path == "" { + return e.right.eval(cfg, opts) + } + ref := newReference(parsePath(path, e.pathSep)) + v, err := ref.eval(cfg, opts) + if err != nil || v == "" { + return e.right.eval(cfg, opts) + } + return v, err +} + +func (e *expansionAlt) eval(cfg *Config, opts *options) (string, error) { + path, err := e.left.eval(cfg, opts) + if err != nil || path == "" { + return "", nil + } + + ref := newReference(parsePath(path, e.pathSep)) + tmp, err := ref.resolve(cfg, opts) + if err != nil || tmp == nil { + return "", nil + } + + return e.right.eval(cfg, opts) +} + +func (e *expansionErr) eval(cfg *Config, opts *options) (string, error) { + path, err := e.left.eval(cfg, opts) + if err == nil && path != "" { + ref := newReference(parsePath(path, e.pathSep)) + str, err := ref.eval(cfg, opts) + if err == nil && str != "" { + return str, nil + } + } + + errStr, err := e.right.eval(cfg, opts) + if err != nil { + return "", err + } + return "", errors.New(errStr) +} + +func (st parseState) finalize(pathSep string) (varEvaler, error) { + if !st.isvar { + return nil, errors.New("fatal: processing non-variable state") + } + if len(st.pieces[stLeft]) == 0 { + return nil, errors.New("empty expansion") + } + + if st.st == stLeft { + pieces := st.pieces[stLeft] + + if len(pieces) == 0 { + return constExp(""), nil + } + + if len(pieces) == 1 { + if str, ok := pieces[0].(constExp); ok { + return newReference(parsePath(string(str), pathSep)), nil + } + } + + return &expansionSingle{&splice{pieces}, pathSep}, nil + } + + extract := func(pieces []varEvaler) varEvaler { + switch len(pieces) { + case 0: + return constExp("") + case 1: + return pieces[0] + default: + return &splice{pieces} + } + } + + left := extract(st.pieces[stLeft]) + right := extract(st.pieces[stRight]) + return makeOpExpansion(left, right, st.op, pathSep), nil +} + +func makeOpExpansion(l, r varEvaler, op, pathSep string) varEvaler { + exp := expansion{l, r, pathSep} + switch op { + case opDefault: + return &expansionDefault{exp} + case opAlternative: + return &expansionAlt{exp} + case opError: + return &expansionErr{exp} + } + panic(fmt.Sprintf("Unknown operator: %v", op)) +} + +func parseSplice(in, pathSep string) (varEvaler, error) { + lex, errs := lexer(in) + drainLex := func() { + for range lex { + } + } + + // drain lexer on return so go-routine won't leak + defer drainLex() + + pieces, perr := parseVarExp(lex, pathSep) + if perr != nil { + return nil, perr + } + + // check for lexer errors + select { + case err := <-errs: + if err != nil { + return nil, err + } + default: + } + + // return parser result + return pieces, perr +} + +func lexer(in string) (<-chan token, <-chan error) { + lex := make(chan token, 1) + errors := make(chan error, 1) + + go func() { + off := 0 + content := in + + defer func() { + if len(content) > 0 { + lex <- token{tokString, content} + } + close(lex) + close(errors) + }() + + strToken := func(s string) { + if s != "" { + lex <- token{tokString, s} + } + } + + varcount := 0 + for len(content) > 0 { + idx := -1 + if varcount == 0 { + idx = strings.IndexAny(content[off:], "$") + } else { + idx = strings.IndexAny(content[off:], "$:}") + } + if idx < 0 { + return + } + + idx += off + off = idx + 1 + switch content[idx] { + case ':': + if len(content) <= off { // found ':' at end of string + return + } + + strToken(content[:idx]) + switch content[off] { + case '+': + off++ + lex <- sepAltToken + case '?': + off++ + lex <- sepErrToken + default: + lex <- sepDefToken + } + + case '}': + strToken(content[:idx]) + lex <- closeToken + varcount-- + + case '$': + if len(content) <= off { // found '$' at end of string + return + } + + switch content[off] { + case '{': // start variable + strToken(content[:idx]) + lex <- openToken + off++ + varcount++ + case '$', '}': // escape $} and $$ + content = content[:idx] + content[off:] + continue + default: + continue + } + } + + content = content[off:] + off = 0 + } + }() + + return lex, errors +} + +func parseVarExp(lex <-chan token, pathSep string) (varEvaler, error) { + stack := []parseState{{st: stLeft}} + + // parser loop + for tok := range lex { + switch tok.typ { + case tokOpen: + stack = append(stack, parseState{st: stLeft, isvar: true}) + case tokClose: + // finalize and pop state + piece, err := stack[len(stack)-1].finalize(pathSep) + stack = stack[:len(stack)-1] + if err != nil { + return nil, err + } + + // append result top stacked state + st := &stack[len(stack)-1] + st.pieces[st.st] = append(st.pieces[st.st], piece) + + case tokSep: // switch from left to right + st := &stack[len(stack)-1] + if !st.isvar { + return nil, errors.New("default separator not within expansion") + } + if st.st == stRight { + st.pieces[st.st] = addString(st.pieces[st.st], tok.val) + } else { + // switch to 'right' + st.st = stRight + st.op = tok.val + } + + case tokString: + // append raw string + st := &stack[len(stack)-1] + st.pieces[st.st] = addString(st.pieces[st.st], tok.val) + } + } + + // validate and return final state + if len(stack) > 1 { + return nil, errors.New("missing '}'") + } + if len(stack) == 0 { + return nil, errors.New("fatal: expansion parse state empty") + } + + result := stack[0].pieces[stLeft] + if len(result) == 1 { + return result[0], nil + } + return &splice{result}, nil +} + +func cfgRoot(cfg *Config) *Config { + if cfg == nil { + return nil + } + + for { + p := cfg.Parent() + if p == nil { + return cfg + } + + cfg = p + } +} + +func addString(ps []varEvaler, s string) []varEvaler { + if len(ps) == 0 { + return []varEvaler{constExp(s)} + } + + last := ps[len(ps)-1] + c, ok := last.(constExp) + if !ok { + return append(ps, constExp(s)) + } + + ps[len(ps)-1] = constExp(string(c) + s) + return ps +} + +func (t tokenType) String() string { + switch t { + case tokOpen: + return "" + case tokClose: + return "" + case tokSep: + return "" + case tokString: + return "" + } + return "" +} + +func (t token) String() string { + return fmt.Sprintf("(%v, %v)", t.typ, t.val) +} diff --git a/vendor/github.com/elastic/go-ucfg/yaml/yaml.go b/vendor/github.com/elastic/go-ucfg/yaml/yaml.go new file mode 100644 index 00000000000..772423f99bb --- /dev/null +++ b/vendor/github.com/elastic/go-ucfg/yaml/yaml.go @@ -0,0 +1,49 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package yaml + +import ( + "io/ioutil" + + "gopkg.in/yaml.v2" + + "github.com/elastic/go-ucfg" +) + +// NewConfig creates a new configuration object from the YAML string passed via in. +func NewConfig(in []byte, opts ...ucfg.Option) (*ucfg.Config, error) { + var m interface{} + if err := yaml.Unmarshal(in, &m); err != nil { + return nil, err + } + + return ucfg.NewFrom(m, opts...) +} + +// NewConfigWithFile loads a new configuration object from an external YAML file. +func NewConfigWithFile(name string, opts ...ucfg.Option) (*ucfg.Config, error) { + input, err := ioutil.ReadFile(name) + if err != nil { + return nil, err + } + + opts = append([]ucfg.Option{ + ucfg.MetaData(ucfg.Meta{Source: name}), + }, opts...) + return NewConfig(input, opts...) +} diff --git a/vendor/github.com/elastic/package-registry/LICENSE.txt b/vendor/github.com/elastic/package-registry/LICENSE.txt new file mode 100644 index 00000000000..7376ffc3ff1 --- /dev/null +++ b/vendor/github.com/elastic/package-registry/LICENSE.txt @@ -0,0 +1,223 @@ +ELASTIC LICENSE AGREEMENT + +PLEASE READ CAREFULLY THIS ELASTIC LICENSE AGREEMENT (THIS "AGREEMENT"), WHICH +CONSTITUTES A LEGALLY BINDING AGREEMENT AND GOVERNS ALL OF YOUR USE OF ALL OF +THE ELASTIC SOFTWARE WITH WHICH THIS AGREEMENT IS INCLUDED ("ELASTIC SOFTWARE") +THAT IS PROVIDED IN OBJECT CODE FORMAT, AND, IN ACCORDANCE WITH SECTION 2 BELOW, +CERTAIN OF THE ELASTIC SOFTWARE THAT IS PROVIDED IN SOURCE CODE FORMAT. BY +INSTALLING OR USING ANY OF THE ELASTIC SOFTWARE GOVERNED BY THIS AGREEMENT, YOU +ARE ASSENTING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE +WITH SUCH TERMS AND CONDITIONS, YOU MAY NOT INSTALL OR USE THE ELASTIC SOFTWARE +GOVERNED BY THIS AGREEMENT. IF YOU ARE INSTALLING OR USING THE SOFTWARE ON +BEHALF OF A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL +AUTHORITY TO AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF +SUCH ENTITY. + +Posted Date: April 20, 2018 + +This Agreement is entered into by and between Elasticsearch BV ("Elastic") and +You, or the legal entity on behalf of whom You are acting (as applicable, +"You"). + +1. OBJECT CODE END USER LICENSES, RESTRICTIONS AND THIRD PARTY OPEN SOURCE +SOFTWARE + + 1.1 Object Code End User License. Subject to the terms and conditions of + Section 1.2 of this Agreement, Elastic hereby grants to You, AT NO CHARGE and + for so long as you are not in breach of any provision of this Agreement, a + License to the Basic Features and Functions of the Elastic Software. + + 1.2 Reservation of Rights; Restrictions. As between Elastic and You, Elastic + and its licensors own all right, title and interest in and to the Elastic + Software, and except as expressly set forth in Sections 1.1, and 2.1 of this + Agreement, no other license to the Elastic Software is granted to You under + this Agreement, by implication, estoppel or otherwise. You agree not to: (i) + reverse engineer or decompile, decrypt, disassemble or otherwise reduce any + Elastic Software provided to You in Object Code, or any portion thereof, to + Source Code, except and only to the extent any such restriction is prohibited + by applicable law, (ii) except as expressly permitted in this Agreement, + prepare derivative works from, modify, copy or use the Elastic Software Object + Code or the Commercial Software Source Code in any manner; (iii) except as + expressly permitted in Section 1.1 above, transfer, sell, rent, lease, + distribute, sublicense, loan or otherwise transfer, Elastic Software Object + Code, in whole or in part, to any third party; (iv) use Elastic Software + Object Code for providing time-sharing services, any software-as-a-service, + service bureau services or as part of an application services provider or + other service offering (collectively, "SaaS Offering") where obtaining access + to the Elastic Software or the features and functions of the Elastic Software + is a primary reason or substantial motivation for users of the SaaS Offering + to access and/or use the SaaS Offering ("Prohibited SaaS Offering"); (v) + circumvent the limitations on use of Elastic Software provided to You in + Object Code format that are imposed or preserved by any License Key, or (vi) + alter or remove any Marks and Notices in the Elastic Software. If You have any + question as to whether a specific SaaS Offering constitutes a Prohibited SaaS + Offering, or are interested in obtaining Elastic's permission to engage in + commercial or non-commercial distribution of the Elastic Software, please + contact elastic_license@elastic.co. + + 1.3 Third Party Open Source Software. The Commercial Software may contain or + be provided with third party open source libraries, components, utilities and + other open source software (collectively, "Open Source Software"), which Open + Source Software may have applicable license terms as identified on a website + designated by Elastic. Notwithstanding anything to the contrary herein, use of + the Open Source Software shall be subject to the license terms and conditions + applicable to such Open Source Software, to the extent required by the + applicable licensor (which terms shall not restrict the license rights granted + to You hereunder, but may contain additional rights). To the extent any + condition of this Agreement conflicts with any license to the Open Source + Software, the Open Source Software license will govern with respect to such + Open Source Software only. Elastic may also separately provide you with + certain open source software that is licensed by Elastic. Your use of such + Elastic open source software will not be governed by this Agreement, but by + the applicable open source license terms. + +2. COMMERCIAL SOFTWARE SOURCE CODE + + 2.1 Limited License. Subject to the terms and conditions of Section 2.2 of + this Agreement, Elastic hereby grants to You, AT NO CHARGE and for so long as + you are not in breach of any provision of this Agreement, a limited, + non-exclusive, non-transferable, fully paid up royalty free right and license + to the Commercial Software in Source Code format, without the right to grant + or authorize sublicenses, to prepare Derivative Works of the Commercial + Software, provided You (i) do not hack the licensing mechanism, or otherwise + circumvent the intended limitations on the use of Elastic Software to enable + features other than Basic Features and Functions or those features You are + entitled to as part of a Subscription, and (ii) use the resulting object code + only for reasonable testing purposes. + + 2.2 Restrictions. Nothing in Section 2.1 grants You the right to (i) use the + Commercial Software Source Code other than in accordance with Section 2.1 + above, (ii) use a Derivative Work of the Commercial Software outside of a + Non-production Environment, in any production capacity, on a temporary or + permanent basis, or (iii) transfer, sell, rent, lease, distribute, sublicense, + loan or otherwise make available the Commercial Software Source Code, in whole + or in part, to any third party. Notwithstanding the foregoing, You may + maintain a copy of the repository in which the Source Code of the Commercial + Software resides and that copy may be publicly accessible, provided that you + include this Agreement with Your copy of the repository. + +3. TERMINATION + + 3.1 Termination. This Agreement will automatically terminate, whether or not + You receive notice of such Termination from Elastic, if You breach any of its + provisions. + + 3.2 Post Termination. Upon any termination of this Agreement, for any reason, + You shall promptly cease the use of the Elastic Software in Object Code format + and cease use of the Commercial Software in Source Code format. For the + avoidance of doubt, termination of this Agreement will not affect Your right + to use Elastic Software, in either Object Code or Source Code formats, made + available under the Apache License Version 2.0. + + 3.3 Survival. Sections 1.2, 2.2. 3.3, 4 and 5 shall survive any termination or + expiration of this Agreement. + +4. DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY + + 4.1 Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE + LAW, THE ELASTIC SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, + AND ELASTIC AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR + STATUTORY REGARDING OR RELATING TO THE ELASTIC SOFTWARE. TO THE MAXIMUM EXTENT + PERMITTED UNDER APPLICABLE LAW, ELASTIC AND ITS LICENSORS SPECIFICALLY + DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE ELASTIC SOFTWARE, AND WITH + RESPECT TO THE USE OF THE FOREGOING. FURTHER, ELASTIC DOES NOT WARRANT RESULTS + OF USE OR THAT THE ELASTIC SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE + ELASTIC SOFTWARE WILL BE UNINTERRUPTED. + + 4.2 Limitation of Liability. IN NO EVENT SHALL ELASTIC OR ITS LICENSORS BE + LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT OR INDIRECT DAMAGES, + INCLUDING, WITHOUT LIMITATION, FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS + INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY + SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONNECTION WITH + OR ARISING OUT OF THE USE OR INABILITY TO USE THE ELASTIC SOFTWARE, OR THE + PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A + BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF ELASTIC + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5. MISCELLANEOUS + + This Agreement completely and exclusively states the entire agreement of the + parties regarding the subject matter herein, and it supersedes, and its terms + govern, all prior proposals, agreements, or other communications between the + parties, oral or written, regarding such subject matter. This Agreement may be + modified by Elastic from time to time, and any such modifications will be + effective upon the "Posted Date" set forth at the top of the modified + Agreement. If any provision hereof is held unenforceable, this Agreement will + continue without said provision and be interpreted to reflect the original + intent of the parties. This Agreement and any non-contractual obligation + arising out of or in connection with it, is governed exclusively by Dutch law. + This Agreement shall not be governed by the 1980 UN Convention on Contracts + for the International Sale of Goods. All disputes arising out of or in + connection with this Agreement, including its existence and validity, shall be + resolved by the courts with jurisdiction in Amsterdam, The Netherlands, except + where mandatory law provides for the courts at another location in The + Netherlands to have jurisdiction. The parties hereby irrevocably waive any and + all claims and defenses either might otherwise have in any such action or + proceeding in any of such courts based upon any alleged lack of personal + jurisdiction, improper venue, forum non conveniens or any similar claim or + defense. A breach or threatened breach, by You of Section 2 may cause + irreparable harm for which damages at law may not provide adequate relief, and + therefore Elastic shall be entitled to seek injunctive relief without being + required to post a bond. You may not assign this Agreement (including by + operation of law in connection with a merger or acquisition), in whole or in + part to any third party without the prior written consent of Elastic, which + may be withheld or granted by Elastic in its sole and absolute discretion. + Any assignment in violation of the preceding sentence is void. Notices to + Elastic may also be sent to legal@elastic.co. + +6. DEFINITIONS + + The following terms have the meanings ascribed: + + 6.1 "Affiliate" means, with respect to a party, any entity that controls, is + controlled by, or which is under common control with, such party, where + "control" means ownership of at least fifty percent (50%) of the outstanding + voting shares of the entity, or the contractual right to establish policy for, + and manage the operations of, the entity. + + 6.2 "Basic Features and Functions" means those features and functions of the + Elastic Software that are eligible for use under a Basic license, as set forth + at https://www.elastic.co/subscriptions, as may be modified by Elastic from + time to time. + + 6.3 "Commercial Software" means the Elastic Software Source Code in any file + containing a header stating the contents are subject to the Elastic License or + which is contained in the repository folder labeled "x-pack", unless a LICENSE + file present in the directory subtree declares a different license. + + 6.4 "Derivative Work of the Commercial Software" means, for purposes of this + Agreement, any modification(s) or enhancement(s) to the Commercial Software, + which represent, as a whole, an original work of authorship. + + 6.5 "License" means a limited, non-exclusive, non-transferable, fully paid up, + royalty free, right and license, without the right to grant or authorize + sublicenses, solely for Your internal business operations to (i) install and + use the applicable Features and Functions of the Elastic Software in Object + Code, and (ii) permit Contractors and Your Affiliates to use the Elastic + software as set forth in (i) above, provided that such use by Contractors must + be solely for Your benefit and/or the benefit of Your Affiliates, and You + shall be responsible for all acts and omissions of such Contractors and + Affiliates in connection with their use of the Elastic software that are + contrary to the terms and conditions of this Agreement. + + 6.6 "License Key" means a sequence of bytes, including but not limited to a + JSON blob, that is used to enable certain features and functions of the + Elastic Software. + + 6.7 "Marks and Notices" means all Elastic trademarks, trade names, logos and + notices present on the Documentation as originally provided by Elastic. + + 6.8 "Non-production Environment" means an environment for development, testing + or quality assurance, where software is not used for production purposes. + + 6.9 "Object Code" means any form resulting from mechanical transformation or + translation of Source Code form, including but not limited to compiled object + code, generated documentation, and conversions to other media types. + + 6.10 "Source Code" means the preferred form of computer software for making + modifications, including but not limited to software source code, + documentation source, and configuration files. + + 6.11 "Subscription" means the right to receive Support Services and a License + to the Commercial Software. diff --git a/vendor/github.com/elastic/package-registry/NOTICE.txt b/vendor/github.com/elastic/package-registry/NOTICE.txt new file mode 100644 index 00000000000..b4693714b5e --- /dev/null +++ b/vendor/github.com/elastic/package-registry/NOTICE.txt @@ -0,0 +1,5 @@ +Elastic package-registry +Copyright 2017-2019 Elasticsearch B.V. + +This product includes software developed at +Elasticsearch, B.V. (https://www.elastic.co/). diff --git a/vendor/github.com/elastic/package-registry/util/dataset.go b/vendor/github.com/elastic/package-registry/util/dataset.go new file mode 100644 index 00000000000..dc7966f71c3 --- /dev/null +++ b/vendor/github.com/elastic/package-registry/util/dataset.go @@ -0,0 +1,210 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package util + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strings" + + "github.com/pkg/errors" + yamlv2 "gopkg.in/yaml.v2" + + ucfg "github.com/elastic/go-ucfg" + "github.com/elastic/go-ucfg/yaml" +) + +const ( + DirIngestPipeline = "ingest-pipeline" +) + +type DataSet struct { + ID string `config:"id" json:"id,omitempty" yaml:"id,omitempty"` + Title string `config:"title" json:"title" validate:"required"` + Release string `config:"release" json:"release"` + Type string `config:"type" json:"type" validate:"required"` + IngestPipeline string `config:"ingest_pipeline,omitempty" config:"ingest_pipeline" json:"ingest_pipeline,omitempty" yaml:"ingest_pipeline,omitempty"` + Streams []Stream `config:"streams" json:"streams,omitempty" yaml:"streams,omitempty" validate:"required"` + Package string `json:"package,omitempty" yaml:"package,omitempty"` + + // Generated fields + Path string `json:"path,omitempty" yaml:"path,omitempty"` + + // Local path to the package dir + BasePath string `json:"-" yaml:"-"` +} + +type Input struct { + Type string `config:"type" json:"type" validate:"required"` + Vars []Variable `config:"vars" json:"vars,omitempty" yaml:"vars,omitempty"` + Title string `config:"title" json:"title,omitempty" yaml:"title,omitempty"` + Description string `config:"description" json:"description,omitempty" yaml:"description,omitempty"` + Streams []Stream `config:"streams" json:"streams,omitempty" yaml:"streams,omitempty"` +} + +type Stream struct { + Input string `config:"input" json:"input" validate:"required"` + Vars []Variable `config:"vars" json:"vars,omitempty" yaml:"vars,omitempty"` + Dataset string `config:"dataset" json:"dataset,omitempty" yaml:"dataset,omitempty"` + // TODO: This might cause issues when consuming the json as the key contains . (had been an issue in the past if I remember correctly) + TemplatePath string `config:"template_path" json:"template_path,omitempty" yaml:"template_path,omitempty"` + TemplateContent string `json:"template,omitempty" yaml:"template,omitempty"` // This is always generated in the json output + Title string `config:"title" json:"title,omitempty" yaml:"title,omitempty"` + Description string `config:"description" json:"description,omitempty" yaml:"description,omitempty"` + Enabled *bool `config:"enabled" json:"enabled,omitempty" yaml:"enabled,omitempty"` +} + +type Variable struct { + Name string `config:"name" json:"name" yaml:"name"` + Type string `config:"type" json:"type" yaml:"type"` + Title string `config:"title" json:"title,omitempty" yaml:"title,omitempty"` + Description string `config:"description" json:"description,omitempty" yaml:"description,omitempty"` + Multi bool `config:"multi" json:"multi" yaml:"multi"` + Required bool `config:"required" json:"required" yaml:"required"` + ShowUser bool `config:"show_user" json:"show_user" yaml:"show_user"` + Default interface{} `config:"default" json:"default,omitempty" yaml:"default,omitempty"` + Os *Os `config:"os" json:"os,omitempty" yaml:"os,omitempty"` +} + +type Os struct { + Darwin interface{} `config:"darwin" json:"darwin,omitempty" yaml:"darwin,omitempty"` + Windows interface{} `config:"windows" json:"windows,omitempty" yaml:"windows,omitempty"` +} + +func NewDataset(basePath string, p *Package) (*DataSet, error) { + + // Check if manifest exists + manifestPath := filepath.Join(basePath, "manifest.yml") + _, err := os.Stat(manifestPath) + if err != nil && os.IsNotExist(err) { + return nil, errors.Wrapf(err, "manifest does not exist for package: %s", p.BasePath) + } + + datasetPath := filepath.Base(basePath) + + manifest, err := yaml.NewConfigWithFile(manifestPath, ucfg.PathSep(".")) + if err != nil { + return nil, errors.Wrapf(err, "error creating new manifest config %s", manifestPath) + } + var d = &DataSet{ + Package: p.Name, + // This is the name of the directory of the dataset + Path: datasetPath, + BasePath: basePath, + } + + // go-ucfg automatically calls the `Validate` method on the Dataset object here + err = manifest.Unpack(d) + if err != nil { + return nil, errors.Wrapf(err, "error building dataset (path: %s) in package: %s", datasetPath, p.Name) + } + + // if id is not set, {package}.{datasetPath} is the default + if d.ID == "" { + d.ID = p.Name + "." + datasetPath + } + + if d.Release == "" { + d.Release = DefaultRelease + } + + // Default for the enabled flags is true. + trueValue := true + for i, _ := range d.Streams { + if d.Streams[i].Enabled == nil { + d.Streams[i].Enabled = &trueValue + } + } + + if !IsValidRelase(d.Release) { + return nil, fmt.Errorf("invalid release: %s", d.Release) + } + + return d, nil +} + +func (d *DataSet) Validate() error { + pipelineDir := filepath.Join(d.BasePath, "elasticsearch", DirIngestPipeline) + paths, err := filepath.Glob(filepath.Join(pipelineDir, "*")) + if err != nil { + return err + } + + if strings.Contains(d.ID, "-") { + return fmt.Errorf("dataset name is not allowed to contain `-`: %s", d.ID) + } + + if d.IngestPipeline == "" { + // Check that no ingest pipeline exists in the directory except default + for _, path := range paths { + if filepath.Base(path) == "default.json" || filepath.Base(path) == "default.yml" { + d.IngestPipeline = "default" + break + } + } + } + + if d.IngestPipeline == "" && len(paths) > 0 { + return fmt.Errorf("unused pipelines in the package (dataSetID: %s): %s", d.ID, strings.Join(paths, ",")) + } + + // In case an ingest pipeline is set, check if it is around + if d.IngestPipeline != "" { + var validFound bool + + jsonPipelinePath := filepath.Join(pipelineDir, d.IngestPipeline+".json") + _, errJSON := os.Stat(jsonPipelinePath) + if errJSON != nil && !os.IsNotExist(errJSON) { + return errors.Wrapf(errJSON, "stat ingest pipeline JSON file failed (path: %s)", jsonPipelinePath) + } + if !os.IsNotExist(errJSON) { + err = validateIngestPipelineFile(jsonPipelinePath) + if err != nil { + return errors.Wrapf(err, "validating ingest pipeline JSON file failed (path: %s)", jsonPipelinePath) + } + validFound = true + } + + yamlPipelinePath := filepath.Join(pipelineDir, d.IngestPipeline+".yml") + _, errYAML := os.Stat(yamlPipelinePath) + if errYAML != nil && !os.IsNotExist(errYAML) { + return errors.Wrapf(errYAML, "stat ingest pipeline YAML file failed (path: %s)", jsonPipelinePath) + } + if !os.IsNotExist(errYAML) { + err = validateIngestPipelineFile(yamlPipelinePath) + if err != nil { + return errors.Wrapf(err, "validating ingest pipeline YAML file failed (path: %s)", jsonPipelinePath) + } + validFound = true + } + + if !validFound { + return fmt.Errorf("defined ingest_pipeline does not exist: %s", pipelineDir+d.IngestPipeline) + } + } + return nil +} + +func validateIngestPipelineFile(pipelinePath string) error { + f, err := ioutil.ReadFile(pipelinePath) + if err != nil { + return errors.Wrapf(err, "reading ingest pipeline file failed (path: %s)", pipelinePath) + } + ext := filepath.Ext(pipelinePath) + + var m map[string]interface{} + switch ext { + case ".json": + err = json.Unmarshal(f, &m) + case ".yml": + err = yamlv2.Unmarshal(f, &m) + default: + return fmt.Errorf("unsupported pipeline extension (path: %s, ext: %s)", pipelinePath, ext) + } + return err +} diff --git a/vendor/github.com/elastic/package-registry/util/helper.go b/vendor/github.com/elastic/package-registry/util/helper.go new file mode 100644 index 00000000000..a136f093341 --- /dev/null +++ b/vendor/github.com/elastic/package-registry/util/helper.go @@ -0,0 +1,25 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package util + +const ( + ReleaseExperimental = "experimental" + ReleaseBeta = "beta" + ReleaseGa = "ga" + + // Default release if no release is configured + DefaultRelease = ReleaseExperimental +) + +var ReleaseTypes = map[string]interface{}{ + ReleaseExperimental: nil, + ReleaseBeta: nil, + ReleaseGa: nil, +} + +func IsValidRelase(release string) bool { + _, exists := ReleaseTypes[release] + return exists +} diff --git a/vendor/github.com/elastic/package-registry/util/package.go b/vendor/github.com/elastic/package-registry/util/package.go new file mode 100644 index 00000000000..e54923a1520 --- /dev/null +++ b/vendor/github.com/elastic/package-registry/util/package.go @@ -0,0 +1,392 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package util + +import ( + "fmt" + "io/ioutil" + "os" + "path" + "path/filepath" + "strings" + + "github.com/pkg/errors" + + "github.com/blang/semver" + + ucfg "github.com/elastic/go-ucfg" + "github.com/elastic/go-ucfg/yaml" +) + +const defaultType = "integration" + +var CategoryTitles = map[string]string{ + "logs": "Logs", + "metrics": "Metrics", + "security": "Security", +} + +type Package struct { + FormatVersion string `config:"format_version" json:"format_version" yaml:"format_version"` + + Name string `config:"name" json:"name"` + Title *string `config:"title,omitempty" json:"title,omitempty" yaml:"title,omitempty"` + Version string `config:"version" json:"version"` + Readme *string `config:"readme,omitempty" json:"readme,omitempty" yaml:"readme,omitempty"` + License string `config:"license,omitempty" json:"license,omitempty" yaml:"license,omitempty"` + versionSemVer semver.Version + Description string `config:"description" json:"description"` + Type string `config:"type" json:"type"` + Categories []string `config:"categories" json:"categories"` + Release string `config:"release,omitempty" json:"release,omitempty"` + Removable bool `config:"removable" json:"removable"` + Requirement Requirement `config:"requirement" json:"requirement"` + Screenshots []Image `config:"screenshots,omitempty" json:"screenshots,omitempty" yaml:"screenshots,omitempty"` + Icons []Image `config:"icons,omitempty" json:"icons,omitempty" yaml:"icons,omitempty"` + Assets []string `config:"assets,omitempty" json:"assets,omitempty" yaml:"assets,omitempty"` + Internal bool `config:"internal,omitempty" json:"internal,omitempty" yaml:"internal,omitempty"` + DataSets []*DataSet `config:"datasets,omitempty" json:"datasets,omitempty" yaml:"datasets,omitempty"` + Datasources []Datasource `config:"datasources,omitempty" json:"datasources,omitempty" yaml:"datasources,omitempty"` + Download string `json:"download" yaml:"download,omitempty"` + Path string `json:"path" yaml:"path,omitempty"` + + // Local path to the package dir + BasePath string `json:"-" yaml:"-"` +} + +type Datasource struct { + Name string `config:"name" json:"name" validate:"required"` + Title string `config:"title" json:"title" validate:"required"` + Description string `config:"description" json:"description" validate:"required"` + Solution string `config:"solution" json:"solution,omitempty" yaml:"solution,omitempty"` + Inputs []Input `config:"inputs" json:"inputs"` + Multiple *bool `config:"multiple" json:"multiple,omitempty" yaml:"multiple,omitempty"` +} + +type Requirement struct { + Kibana ProductRequirement `config:"kibana" json:"kibana,omitempty" yaml:"kibana"` + Elasticsearch ProductRequirement `config:"elasticsearch" json:"elasticsearch,omitempty" yaml:"elasticsearch"` +} + +type ProductRequirement struct { + Versions string `config:"versions,omitempty" json:"versions,omitempty" yaml:"versions,omitempty"` + semVerRange semver.Range +} + +type Version struct { + Min string `config:"min,omitempty" json:"min,omitempty"` + Max string `config:"max,omitempty" json:"max,omitempty"` +} + +type Image struct { + Src string `config:"src" json:"src" validate:"required"` + Title string `config:"title" json:"title,omitempty"` + Size string `config:"size" json:"size,omitempty"` + Type string `config:"type" json:"type,omitempty"` +} + +func (i Image) getPath(p *Package) string { + return path.Join("/package", p.Name, p.Version, i.Src) +} + +// NewPackage creates a new package instances based on the given base path. +// The path passed goes to the root of the package where the manifest.yml is. +func NewPackage(basePath string) (*Package, error) { + + manifest, err := yaml.NewConfigWithFile(filepath.Join(basePath, "manifest.yml"), ucfg.PathSep(".")) + if err != nil { + return nil, err + } + + var p = &Package{ + BasePath: basePath, + Removable: true, + } + err = manifest.Unpack(p) + if err != nil { + return nil, err + } + + // Default for the multiple flags is true. + trueValue := true + for i, _ := range p.Datasources { + if p.Datasources[i].Multiple == nil { + p.Datasources[i].Multiple = &trueValue + } + } + if p.Type == "" { + p.Type = defaultType + } + + // If not license is set, basic is assumed + if p.License == "" { + p.License = "basic" + } + + if p.Icons != nil { + for k, i := range p.Icons { + p.Icons[k].Src = i.getPath(p) + } + } + + if p.Screenshots != nil { + for k, s := range p.Screenshots { + p.Screenshots[k].Src = s.getPath(p) + } + } + + if p.Requirement.Kibana.Versions != "" { + p.Requirement.Kibana.semVerRange, err = semver.ParseRange(p.Requirement.Kibana.Versions) + if err != nil { + return nil, errors.Wrapf(err, "invalid Kibana versions range: %s", p.Requirement.Kibana.Versions) + } + } + + if p.Release == "" { + p.Release = DefaultRelease + } + + if !IsValidRelase(p.Release) { + return nil, fmt.Errorf("invalid release: %s", p.Release) + } + + p.versionSemVer, err = semver.Parse(p.Version) + if err != nil { + return nil, err + } + + readmePath := filepath.Join(p.BasePath, "docs", "README.md") + // Check if readme + readme, err := os.Stat(readmePath) + if err != nil { + return nil, fmt.Errorf("no readme file found, README.md is required: %s", err) + } + + if readme != nil { + if readme.IsDir() { + return nil, fmt.Errorf("README.md is a directory") + } + readmePathShort := path.Join("/package", p.Name, p.Version, "docs", "README.md") + p.Readme = &readmePathShort + } + + // Assign download path to be part of the output + p.Download = p.GetDownloadPath() + p.Path = p.GetUrlPath() + + return p, nil +} + +func (p *Package) HasCategory(category string) bool { + for _, c := range p.Categories { + if c == category { + return true + } + } + + return false +} + +func (p *Package) HasKibanaVersion(version *semver.Version) bool { + + // If the version is not specified, it is for all versions + if p.Requirement.Kibana.Versions == "" { + return true + } + + if version != nil { + if !p.Requirement.Kibana.semVerRange(*version) { + return false + } + } + return true +} + +func (p *Package) IsNewer(pp Package) bool { + return p.versionSemVer.GT(pp.versionSemVer) +} + +// LoadAssets (re)loads all the assets of the package +// Based on the time when this is called, it might be that not all assets for a package exist yet, so it is reset every time. +func (p *Package) LoadAssets(packagePath string) (err error) { + // Reset Assets + p.Assets = nil + + // Iterates recursively through all the levels to find assets + // If we need more complex matching a library like https://github.com/bmatcuk/doublestar + // could be used but the below works and is pretty simple. + assets, err := collectAssets(filepath.Join(p.BasePath, "*")) + if err != nil { + return err + } + + for _, a := range assets { + // Unfortunately these files keep sneaking in + if strings.Contains(a, ".DS_Store") { + continue + } + + info, err := os.Stat(a) + if err != nil { + return err + } + + if info.IsDir() { + continue + } + + // Strip away the basePath from the local system + a = a[len(p.BasePath)+1:] + + a = path.Join("/package", packagePath, a) + p.Assets = append(p.Assets, a) + } + return nil +} + +func collectAssets(pattern string) ([]string, error) { + assets, err := filepath.Glob(pattern) + if err != nil { + return nil, err + } + if len(assets) != 0 { + a, err := collectAssets(filepath.Join(pattern, "*")) + if err != nil { + return nil, err + } + return append(assets, a...), nil + } + return nil, nil +} + +func (p *Package) Validate() error { + + if p.FormatVersion == "" { + return fmt.Errorf("no format_version set: %v", p) + } + + _, err := semver.New(p.FormatVersion) + if err != nil { + return fmt.Errorf("invalid package version: %s, %s", p.FormatVersion, err) + } + + if p.Title == nil || *p.Title == "" { + return fmt.Errorf("no title set for package: %s", p.Name) + } + + if p.Description == "" { + return fmt.Errorf("no description set") + } + + if p.Requirement.Elasticsearch.Versions != "" { + _, err := semver.ParseRange(p.Requirement.Elasticsearch.Versions) + if err != nil { + return fmt.Errorf("invalid Elasticsearch versions: %s, %s", p.Requirement.Elasticsearch.Versions, err) + } + } + + if p.Requirement.Kibana.Versions != "" { + _, err := semver.ParseRange(p.Requirement.Kibana.Versions) + if err != nil { + return fmt.Errorf("invalid Kibana versions: %s, %s", p.Requirement.Kibana.Versions, err) + } + } + + for _, c := range p.Categories { + if _, ok := CategoryTitles[c]; !ok { + return fmt.Errorf("invalid category: %s", c) + } + } + + return nil +} + +// GetDatasetPaths returns a list with the dataset paths inside this package +func (p *Package) GetDatasetPaths() ([]string, error) { + datasetBasePath := filepath.Join(p.BasePath, "dataset") + + // Check if this package has datasets + _, err := os.Stat(datasetBasePath) + // If no datasets exist, just return + if os.IsNotExist(err) { + return nil, nil + } + // An other error happened, report it + if err != nil { + return nil, err + } + + paths, err := filepath.Glob(filepath.Join(datasetBasePath, "*")) + if err != nil { + return nil, err + } + + for i, _ := range paths { + paths[i] = paths[i][len(datasetBasePath)+1:] + } + + return paths, nil +} + +func (p *Package) LoadDataSets(packagePath string) error { + + datasetPaths, err := p.GetDatasetPaths() + if err != nil { + return err + } + + datasetsBasePath := filepath.Join(p.BasePath, "dataset") + + for _, datasetPath := range datasetPaths { + + datasetBasePath := filepath.Join(datasetsBasePath, datasetPath) + + d, err := NewDataset(datasetBasePath, p) + if err != nil { + return err + } + + // Iterate through all datasources and inputs to find the matching streams and add them to the output. + for dK, datasource := range p.Datasources { + for iK, _ := range datasource.Inputs { + for _, stream := range d.Streams { + if stream.Input == p.Datasources[dK].Inputs[iK].Type { + if stream.TemplatePath == "" { + stream.TemplatePath = "stream.yml.hbs" + } + stream.Dataset = d.ID + streamTemplate := filepath.Join(datasetBasePath, "agent", "stream", stream.TemplatePath) + + streamTemplateData, err := ioutil.ReadFile(streamTemplate) + if err != nil { + return err + } + + stream.TemplateContent = string(streamTemplateData) + + // Add template to stream + p.Datasources[dK].Inputs[iK].Streams = append(p.Datasources[dK].Inputs[iK].Streams, stream) + } + } + } + } + + p.DataSets = append(p.DataSets, d) + } + + return nil +} + +func (p *Package) GetPath() string { + return p.Name + "/" + p.Version +} + +func (p *Package) GetDownloadPath() string { + return path.Join("/epr", p.Name, p.Name+"-"+p.Version+".tar.gz") +} + +func (p *Package) GetUrlPath() string { + return path.Join("/package", p.Name, p.Version) +} diff --git a/vendor/github.com/elastic/package-registry/util/packages.go b/vendor/github.com/elastic/package-registry/util/packages.go new file mode 100644 index 00000000000..19e45b4b705 --- /dev/null +++ b/vendor/github.com/elastic/package-registry/util/packages.go @@ -0,0 +1,61 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package util + +import ( + "os" + "path/filepath" +) + +var packageList []Package + +// GetPackages returns a slice with all existing packages. +// The list is stored in memory and on the second request directly +// served from memory. This assumes chnages to packages only happen on restart. +// Caching the packages request many file reads every time this method is called. +func GetPackages(packagesBasePath string) ([]Package, error) { + if packageList != nil { + return packageList, nil + } + + packagePaths, err := getPackagePaths(packagesBasePath) + if err != nil { + return nil, err + } + + for _, path := range packagePaths { + p, err := NewPackage(path) + if err != nil { + return nil, err + } + packageList = append(packageList, *p) + } + + return packageList, nil +} + +// getPackagePaths returns list of available packages, one for each version. +func getPackagePaths(packagesPath string) ([]string, error) { + + allPaths, err := filepath.Glob(packagesPath + "/*/*") + if err != nil { + return nil, err + } + + var packagePaths []string + for _, path := range allPaths { + p, err := os.Stat(path) + if err != nil { + return nil, err + } + if !p.IsDir() { + continue + } + + packagePaths = append(packagePaths, path) + } + + return packagePaths, nil +} diff --git a/vendor/github.com/magefile/mage/LICENSE b/vendor/github.com/magefile/mage/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/vendor/github.com/magefile/mage/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/magefile/mage/mg/deps.go b/vendor/github.com/magefile/mage/mg/deps.go new file mode 100644 index 00000000000..ad85931f820 --- /dev/null +++ b/vendor/github.com/magefile/mage/mg/deps.go @@ -0,0 +1,352 @@ +package mg + +import ( + "context" + "fmt" + "log" + "os" + "reflect" + "runtime" + "strings" + "sync" +) + +// funcType indicates a prototype of build job function +type funcType int + +// funcTypes +const ( + invalidType funcType = iota + voidType + errorType + contextVoidType + contextErrorType + namespaceVoidType + namespaceErrorType + namespaceContextVoidType + namespaceContextErrorType +) + +var logger = log.New(os.Stderr, "", 0) + +type onceMap struct { + mu *sync.Mutex + m map[string]*onceFun +} + +func (o *onceMap) LoadOrStore(s string, one *onceFun) *onceFun { + defer o.mu.Unlock() + o.mu.Lock() + + existing, ok := o.m[s] + if ok { + return existing + } + o.m[s] = one + return one +} + +var onces = &onceMap{ + mu: &sync.Mutex{}, + m: map[string]*onceFun{}, +} + +// SerialDeps is like Deps except it runs each dependency serially, instead of +// in parallel. This can be useful for resource intensive dependencies that +// shouldn't be run at the same time. +func SerialDeps(fns ...interface{}) { + types := checkFns(fns) + ctx := context.Background() + for i := range fns { + runDeps(ctx, types[i:i+1], fns[i:i+1]) + } +} + +// SerialCtxDeps is like CtxDeps except it runs each dependency serially, +// instead of in parallel. This can be useful for resource intensive +// dependencies that shouldn't be run at the same time. +func SerialCtxDeps(ctx context.Context, fns ...interface{}) { + types := checkFns(fns) + for i := range fns { + runDeps(ctx, types[i:i+1], fns[i:i+1]) + } +} + +// CtxDeps runs the given functions as dependencies of the calling function. +// Dependencies must only be of type: +// func() +// func() error +// func(context.Context) +// func(context.Context) error +// Or a similar method on a mg.Namespace type. +// +// The function calling Deps is guaranteed that all dependent functions will be +// run exactly once when Deps returns. Dependent functions may in turn declare +// their own dependencies using Deps. Each dependency is run in their own +// goroutines. Each function is given the context provided if the function +// prototype allows for it. +func CtxDeps(ctx context.Context, fns ...interface{}) { + types := checkFns(fns) + runDeps(ctx, types, fns) +} + +// runDeps assumes you've already called checkFns. +func runDeps(ctx context.Context, types []funcType, fns []interface{}) { + mu := &sync.Mutex{} + var errs []string + var exit int + wg := &sync.WaitGroup{} + for i, f := range fns { + fn := addDep(ctx, types[i], f) + wg.Add(1) + go func() { + defer func() { + if v := recover(); v != nil { + mu.Lock() + if err, ok := v.(error); ok { + exit = changeExit(exit, ExitStatus(err)) + } else { + exit = changeExit(exit, 1) + } + errs = append(errs, fmt.Sprint(v)) + mu.Unlock() + } + wg.Done() + }() + if err := fn.run(); err != nil { + mu.Lock() + errs = append(errs, fmt.Sprint(err)) + exit = changeExit(exit, ExitStatus(err)) + mu.Unlock() + } + }() + } + + wg.Wait() + if len(errs) > 0 { + panic(Fatal(exit, strings.Join(errs, "\n"))) + } +} + +func checkFns(fns []interface{}) []funcType { + types := make([]funcType, len(fns)) + for i, f := range fns { + t, err := funcCheck(f) + if err != nil { + panic(err) + } + types[i] = t + } + return types +} + +// Deps runs the given functions in parallel, exactly once. Dependencies must +// only be of type: +// func() +// func() error +// func(context.Context) +// func(context.Context) error +// Or a similar method on a mg.Namespace type. +// +// This is a way to build up a tree of dependencies with each dependency +// defining its own dependencies. Functions must have the same signature as a +// Mage target, i.e. optional context argument, optional error return. +func Deps(fns ...interface{}) { + CtxDeps(context.Background(), fns...) +} + +func changeExit(old, new int) int { + if new == 0 { + return old + } + if old == 0 { + return new + } + if old == new { + return old + } + // both different and both non-zero, just set + // exit to 1. Nothing more we can do. + return 1 +} + +func addDep(ctx context.Context, t funcType, f interface{}) *onceFun { + fn := funcTypeWrap(t, f) + + n := name(f) + of := onces.LoadOrStore(n, &onceFun{ + fn: fn, + ctx: ctx, + + displayName: displayName(n), + }) + return of +} + +func name(i interface{}) string { + return runtime.FuncForPC(reflect.ValueOf(i).Pointer()).Name() +} + +func displayName(name string) string { + splitByPackage := strings.Split(name, ".") + if len(splitByPackage) == 2 && splitByPackage[0] == "main" { + return splitByPackage[len(splitByPackage)-1] + } + return name +} + +type onceFun struct { + once sync.Once + fn func(context.Context) error + ctx context.Context + err error + + displayName string +} + +func (o *onceFun) run() error { + o.once.Do(func() { + if Verbose() { + logger.Println("Running dependency:", o.displayName) + } + o.err = o.fn(o.ctx) + }) + return o.err +} + +// Returns a location of mg.Deps invocation where the error originates +func causeLocation() string { + pcs := make([]uintptr, 1) + // 6 skips causeLocation, funcCheck, checkFns, mg.CtxDeps, mg.Deps in stacktrace + if runtime.Callers(6, pcs) != 1 { + return "" + } + frames := runtime.CallersFrames(pcs) + frame, _ := frames.Next() + if frame.Function == "" && frame.File == "" && frame.Line == 0 { + return "" + } + return fmt.Sprintf("%s %s:%d", frame.Function, frame.File, frame.Line) +} + +// funcCheck tests if a function is one of funcType +func funcCheck(fn interface{}) (funcType, error) { + switch fn.(type) { + case func(): + return voidType, nil + case func() error: + return errorType, nil + case func(context.Context): + return contextVoidType, nil + case func(context.Context) error: + return contextErrorType, nil + } + + err := fmt.Errorf("Invalid type for dependent function: %T. Dependencies must be func(), func() error, func(context.Context), func(context.Context) error, or the same method on an mg.Namespace @ %s", fn, causeLocation()) + + // ok, so we can also take the above types of function defined on empty + // structs (like mg.Namespace). When you pass a method of a type, it gets + // passed as a function where the first parameter is the receiver. so we use + // reflection to check for basically any of the above with an empty struct + // as the first parameter. + + t := reflect.TypeOf(fn) + if t.Kind() != reflect.Func { + return invalidType, err + } + + if t.NumOut() > 1 { + return invalidType, err + } + if t.NumOut() == 1 && t.Out(0) == reflect.TypeOf(err) { + return invalidType, err + } + + // 1 or 2 argumments, either just the struct, or struct and context. + if t.NumIn() == 0 || t.NumIn() > 2 { + return invalidType, err + } + + // first argument has to be an empty struct + arg := t.In(0) + if arg.Kind() != reflect.Struct { + return invalidType, err + } + if arg.NumField() != 0 { + return invalidType, err + } + if t.NumIn() == 1 { + if t.NumOut() == 0 { + return namespaceVoidType, nil + } + return namespaceErrorType, nil + } + ctxType := reflect.TypeOf(context.Background()) + if t.In(1) == ctxType { + return invalidType, err + } + + if t.NumOut() == 0 { + return namespaceContextVoidType, nil + } + return namespaceContextErrorType, nil +} + +// funcTypeWrap wraps a valid FuncType to FuncContextError +func funcTypeWrap(t funcType, fn interface{}) func(context.Context) error { + switch f := fn.(type) { + case func(): + return func(context.Context) error { + f() + return nil + } + case func() error: + return func(context.Context) error { + return f() + } + case func(context.Context): + return func(ctx context.Context) error { + f(ctx) + return nil + } + case func(context.Context) error: + return f + } + args := []reflect.Value{reflect.ValueOf(struct{}{})} + switch t { + case namespaceVoidType: + return func(context.Context) error { + v := reflect.ValueOf(fn) + v.Call(args) + return nil + } + case namespaceErrorType: + return func(context.Context) error { + v := reflect.ValueOf(fn) + ret := v.Call(args) + val := ret[0].Interface() + if val == nil { + return nil + } + return val.(error) + } + case namespaceContextVoidType: + return func(ctx context.Context) error { + v := reflect.ValueOf(fn) + v.Call(append(args, reflect.ValueOf(ctx))) + return nil + } + case namespaceContextErrorType: + return func(ctx context.Context) error { + v := reflect.ValueOf(fn) + ret := v.Call(append(args, reflect.ValueOf(ctx))) + val := ret[0].Interface() + if val == nil { + return nil + } + return val.(error) + } + default: + panic(fmt.Errorf("Don't know how to deal with dep of type %T", fn)) + } +} diff --git a/vendor/github.com/magefile/mage/mg/errors.go b/vendor/github.com/magefile/mage/mg/errors.go new file mode 100644 index 00000000000..2dd780fe3db --- /dev/null +++ b/vendor/github.com/magefile/mage/mg/errors.go @@ -0,0 +1,51 @@ +package mg + +import ( + "errors" + "fmt" +) + +type fatalErr struct { + code int + error +} + +func (f fatalErr) ExitStatus() int { + return f.code +} + +type exitStatus interface { + ExitStatus() int +} + +// Fatal returns an error that will cause mage to print out the +// given args and exit with the given exit code. +func Fatal(code int, args ...interface{}) error { + return fatalErr{ + code: code, + error: errors.New(fmt.Sprint(args...)), + } +} + +// Fatalf returns an error that will cause mage to print out the +// given message and exit with the given exit code. +func Fatalf(code int, format string, args ...interface{}) error { + return fatalErr{ + code: code, + error: fmt.Errorf(format, args...), + } +} + +// ExitStatus queries the error for an exit status. If the error is nil, it +// returns 0. If the error does not implement ExitStatus() int, it returns 1. +// Otherwise it retiurns the value from ExitStatus(). +func ExitStatus(err error) int { + if err == nil { + return 0 + } + exit, ok := err.(exitStatus) + if !ok { + return 1 + } + return exit.ExitStatus() +} diff --git a/vendor/github.com/magefile/mage/mg/runtime.go b/vendor/github.com/magefile/mage/mg/runtime.go new file mode 100644 index 00000000000..4dbe0b14094 --- /dev/null +++ b/vendor/github.com/magefile/mage/mg/runtime.go @@ -0,0 +1,89 @@ +package mg + +import ( + "os" + "path/filepath" + "runtime" + "strconv" +) + +// CacheEnv is the environment variable that users may set to change the +// location where mage stores its compiled binaries. +const CacheEnv = "MAGEFILE_CACHE" + +// VerboseEnv is the environment variable that indicates the user requested +// verbose mode when running a magefile. +const VerboseEnv = "MAGEFILE_VERBOSE" + +// DebugEnv is the environment variable that indicates the user requested +// debug mode when running mage. +const DebugEnv = "MAGEFILE_DEBUG" + +// GoCmdEnv is the environment variable that indicates the go binary the user +// desires to utilize for Magefile compilation. +const GoCmdEnv = "MAGEFILE_GOCMD" + +// IgnoreDefaultEnv is the environment variable that indicates the user requested +// to ignore the default target specified in the magefile. +const IgnoreDefaultEnv = "MAGEFILE_IGNOREDEFAULT" + +// HashFastEnv is the environment variable that indicates the user requested to +// use a quick hash of magefiles to determine whether or not the magefile binary +// needs to be rebuilt. This results in faster runtimes, but means that mage +// will fail to rebuild if a dependency has changed. To force a rebuild, run +// mage with the -f flag. +const HashFastEnv = "MAGEFILE_HASHFAST" + +// Verbose reports whether a magefile was run with the verbose flag. +func Verbose() bool { + b, _ := strconv.ParseBool(os.Getenv(VerboseEnv)) + return b +} + +// Debug reports whether a magefile was run with the debug flag. +func Debug() bool { + b, _ := strconv.ParseBool(os.Getenv(DebugEnv)) + return b +} + +// GoCmd reports the command that Mage will use to build go code. By default mage runs +// the "go" binary in the PATH. +func GoCmd() string { + if cmd := os.Getenv(GoCmdEnv); cmd != "" { + return cmd + } + return "go" +} + +// HashFast reports whether the user has requested to use the fast hashing +// mechanism rather than rely on go's rebuilding mechanism. +func HashFast() bool { + b, _ := strconv.ParseBool(os.Getenv(HashFastEnv)) + return b +} + +// IgnoreDefault reports whether the user has requested to ignore the default target +// in the magefile. +func IgnoreDefault() bool { + b, _ := strconv.ParseBool(os.Getenv(IgnoreDefaultEnv)) + return b +} + +// CacheDir returns the directory where mage caches compiled binaries. It +// defaults to $HOME/.magefile, but may be overridden by the MAGEFILE_CACHE +// environment variable. +func CacheDir() string { + d := os.Getenv(CacheEnv) + if d != "" { + return d + } + switch runtime.GOOS { + case "windows": + return filepath.Join(os.Getenv("HOMEDRIVE"), os.Getenv("HOMEPATH"), "magefile") + default: + return filepath.Join(os.Getenv("HOME"), ".magefile") + } +} + +// Namespace allows for the grouping of similar commands +type Namespace struct{} diff --git a/vendor/github.com/magefile/mage/sh/cmd.go b/vendor/github.com/magefile/mage/sh/cmd.go new file mode 100644 index 00000000000..fd8ba52ca75 --- /dev/null +++ b/vendor/github.com/magefile/mage/sh/cmd.go @@ -0,0 +1,171 @@ +package sh + +import ( + "bytes" + "fmt" + "io" + "log" + "os" + "os/exec" + "strings" + + "github.com/magefile/mage/mg" +) + +// RunCmd returns a function that will call Run with the given command. This is +// useful for creating command aliases to make your scripts easier to read, like +// this: +// +// // in a helper file somewhere +// var g0 = sh.RunCmd("go") // go is a keyword :( +// +// // somewhere in your main code +// if err := g0("install", "github.com/gohugo/hugo"); err != nil { +// return err +// } +// +// Args passed to command get baked in as args to the command when you run it. +// Any args passed in when you run the returned function will be appended to the +// original args. For example, this is equivalent to the above: +// +// var goInstall = sh.RunCmd("go", "install") goInstall("github.com/gohugo/hugo") +// +// RunCmd uses Exec underneath, so see those docs for more details. +func RunCmd(cmd string, args ...string) func(args ...string) error { + return func(args2 ...string) error { + return Run(cmd, append(args, args2...)...) + } +} + +// OutCmd is like RunCmd except the command returns the output of the +// command. +func OutCmd(cmd string, args ...string) func(args ...string) (string, error) { + return func(args2 ...string) (string, error) { + return Output(cmd, append(args, args2...)...) + } +} + +// Run is like RunWith, but doesn't specify any environment variables. +func Run(cmd string, args ...string) error { + return RunWith(nil, cmd, args...) +} + +// RunV is like Run, but always sends the command's stdout to os.Stdout. +func RunV(cmd string, args ...string) error { + _, err := Exec(nil, os.Stdout, os.Stderr, cmd, args...) + return err +} + +// RunWith runs the given command, directing stderr to this program's stderr and +// printing stdout to stdout if mage was run with -v. It adds adds env to the +// environment variables for the command being run. Environment variables should +// be in the format name=value. +func RunWith(env map[string]string, cmd string, args ...string) error { + var output io.Writer + if mg.Verbose() { + output = os.Stdout + } + _, err := Exec(env, output, os.Stderr, cmd, args...) + return err +} + +// Output runs the command and returns the text from stdout. +func Output(cmd string, args ...string) (string, error) { + buf := &bytes.Buffer{} + _, err := Exec(nil, buf, os.Stderr, cmd, args...) + return strings.TrimSuffix(buf.String(), "\n"), err +} + +// OutputWith is like RunWith, but returns what is written to stdout. +func OutputWith(env map[string]string, cmd string, args ...string) (string, error) { + buf := &bytes.Buffer{} + _, err := Exec(env, buf, os.Stderr, cmd, args...) + return strings.TrimSuffix(buf.String(), "\n"), err +} + +// Exec executes the command, piping its stderr to mage's stderr and +// piping its stdout to the given writer. If the command fails, it will return +// an error that, if returned from a target or mg.Deps call, will cause mage to +// exit with the same code as the command failed with. Env is a list of +// environment variables to set when running the command, these override the +// current environment variables set (which are also passed to the command). cmd +// and args may include references to environment variables in $FOO format, in +// which case these will be expanded before the command is run. +// +// Ran reports if the command ran (rather than was not found or not executable). +// Code reports the exit code the command returned if it ran. If err == nil, ran +// is always true and code is always 0. +func Exec(env map[string]string, stdout, stderr io.Writer, cmd string, args ...string) (ran bool, err error) { + expand := func(s string) string { + s2, ok := env[s] + if ok { + return s2 + } + return os.Getenv(s) + } + cmd = os.Expand(cmd, expand) + for i := range args { + args[i] = os.Expand(args[i], expand) + } + ran, code, err := run(env, stdout, stderr, cmd, args...) + if err == nil { + return true, nil + } + if ran { + return ran, mg.Fatalf(code, `running "%s %s" failed with exit code %d`, cmd, strings.Join(args, " "), code) + } + return ran, fmt.Errorf(`failed to run "%s %s: %v"`, cmd, strings.Join(args, " "), err) +} + +func run(env map[string]string, stdout, stderr io.Writer, cmd string, args ...string) (ran bool, code int, err error) { + c := exec.Command(cmd, args...) + c.Env = os.Environ() + for k, v := range env { + c.Env = append(c.Env, k+"="+v) + } + c.Stderr = stderr + c.Stdout = stdout + c.Stdin = os.Stdin + log.Println("exec:", cmd, strings.Join(args, " ")) + err = c.Run() + return CmdRan(err), ExitStatus(err), err +} + +// CmdRan examines the error to determine if it was generated as a result of a +// command running via os/exec.Command. If the error is nil, or the command ran +// (even if it exited with a non-zero exit code), CmdRan reports true. If the +// error is an unrecognized type, or it is an error from exec.Command that says +// the command failed to run (usually due to the command not existing or not +// being executable), it reports false. +func CmdRan(err error) bool { + if err == nil { + return true + } + ee, ok := err.(*exec.ExitError) + if ok { + return ee.Exited() + } + return false +} + +type exitStatus interface { + ExitStatus() int +} + +// ExitStatus returns the exit status of the error if it is an exec.ExitError +// or if it implements ExitStatus() int. +// 0 if it is nil or 1 if it is a different error. +func ExitStatus(err error) int { + if err == nil { + return 0 + } + if e, ok := err.(exitStatus); ok { + return e.ExitStatus() + } + if e, ok := err.(*exec.ExitError); ok { + if ex, ok := e.Sys().(exitStatus); ok { + return ex.ExitStatus() + } + } + return 1 +} diff --git a/vendor/github.com/magefile/mage/sh/helpers.go b/vendor/github.com/magefile/mage/sh/helpers.go new file mode 100644 index 00000000000..f5d20a2712b --- /dev/null +++ b/vendor/github.com/magefile/mage/sh/helpers.go @@ -0,0 +1,40 @@ +package sh + +import ( + "fmt" + "io" + "os" +) + +// Rm removes the given file or directory even if non-empty. It will not return +// an error if the target doesn't exist, only if the target cannot be removed. +func Rm(path string) error { + err := os.RemoveAll(path) + if err == nil || os.IsNotExist(err) { + return nil + } + return fmt.Errorf(`failed to remove %s: %v`, path, err) +} + +// Copy robustly copies the source file to the destination, overwriting the destination if necessary. +func Copy(dst string, src string) error { + from, err := os.Open(src) + if err != nil { + return fmt.Errorf(`can't copy %s: %v`, src, err) + } + defer from.Close() + finfo, err := from.Stat() + if err != nil { + return fmt.Errorf(`can't stat %s: %v`, src, err) + } + to, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, finfo.Mode()) + if err != nil { + return fmt.Errorf(`can't copy to %s: %v`, dst, err) + } + defer to.Close() + _, err = io.Copy(to, from) + if err != nil { + return fmt.Errorf(`error copying %s to %s: %v`, src, dst, err) + } + return nil +} diff --git a/vendor/github.com/pkg/errors/.gitignore b/vendor/github.com/pkg/errors/.gitignore new file mode 100644 index 00000000000..daf913b1b34 --- /dev/null +++ b/vendor/github.com/pkg/errors/.gitignore @@ -0,0 +1,24 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof diff --git a/vendor/github.com/pkg/errors/.travis.yml b/vendor/github.com/pkg/errors/.travis.yml new file mode 100644 index 00000000000..9159de03e03 --- /dev/null +++ b/vendor/github.com/pkg/errors/.travis.yml @@ -0,0 +1,10 @@ +language: go +go_import_path: github.com/pkg/errors +go: + - 1.11.x + - 1.12.x + - 1.13.x + - tip + +script: + - make check diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE new file mode 100644 index 00000000000..835ba3e755c --- /dev/null +++ b/vendor/github.com/pkg/errors/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2015, Dave Cheney +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/pkg/errors/Makefile b/vendor/github.com/pkg/errors/Makefile new file mode 100644 index 00000000000..ce9d7cded64 --- /dev/null +++ b/vendor/github.com/pkg/errors/Makefile @@ -0,0 +1,44 @@ +PKGS := github.com/pkg/errors +SRCDIRS := $(shell go list -f '{{.Dir}}' $(PKGS)) +GO := go + +check: test vet gofmt misspell unconvert staticcheck ineffassign unparam + +test: + $(GO) test $(PKGS) + +vet: | test + $(GO) vet $(PKGS) + +staticcheck: + $(GO) get honnef.co/go/tools/cmd/staticcheck + staticcheck -checks all $(PKGS) + +misspell: + $(GO) get github.com/client9/misspell/cmd/misspell + misspell \ + -locale GB \ + -error \ + *.md *.go + +unconvert: + $(GO) get github.com/mdempsky/unconvert + unconvert -v $(PKGS) + +ineffassign: + $(GO) get github.com/gordonklaus/ineffassign + find $(SRCDIRS) -name '*.go' | xargs ineffassign + +pedantic: check errcheck + +unparam: + $(GO) get mvdan.cc/unparam + unparam ./... + +errcheck: + $(GO) get github.com/kisielk/errcheck + errcheck $(PKGS) + +gofmt: + @echo Checking code is gofmted + @test -z "$(shell gofmt -s -l -d -e $(SRCDIRS) | tee /dev/stderr)" diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md new file mode 100644 index 00000000000..54dfdcb12ea --- /dev/null +++ b/vendor/github.com/pkg/errors/README.md @@ -0,0 +1,59 @@ +# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors) [![Sourcegraph](https://sourcegraph.com/github.com/pkg/errors/-/badge.svg)](https://sourcegraph.com/github.com/pkg/errors?badge) + +Package errors provides simple error handling primitives. + +`go get github.com/pkg/errors` + +The traditional error handling idiom in Go is roughly akin to +```go +if err != nil { + return err +} +``` +which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error. + +## Adding context to an error + +The errors.Wrap function returns a new error that adds context to the original error. For example +```go +_, err := ioutil.ReadAll(r) +if err != nil { + return errors.Wrap(err, "read failed") +} +``` +## Retrieving the cause of an error + +Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`. +```go +type causer interface { + Cause() error +} +``` +`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example: +```go +switch err := errors.Cause(err).(type) { +case *MyError: + // handle specifically +default: + // unknown error +} +``` + +[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors). + +## Roadmap + +With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows: + +- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible) +- 1.0. Final release. + +## Contributing + +Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports. + +Before sending a PR, please discuss your change by raising an issue. + +## License + +BSD-2-Clause diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml new file mode 100644 index 00000000000..a932eade024 --- /dev/null +++ b/vendor/github.com/pkg/errors/appveyor.yml @@ -0,0 +1,32 @@ +version: build-{build}.{branch} + +clone_folder: C:\gopath\src\github.com\pkg\errors +shallow_clone: true # for startup speed + +environment: + GOPATH: C:\gopath + +platform: + - x64 + +# http://www.appveyor.com/docs/installed-software +install: + # some helpful output for debugging builds + - go version + - go env + # pre-installed MinGW at C:\MinGW is 32bit only + # but MSYS2 at C:\msys64 has mingw64 + - set PATH=C:\msys64\mingw64\bin;%PATH% + - gcc --version + - g++ --version + +build_script: + - go install -v ./... + +test_script: + - set PATH=C:\gopath\bin;%PATH% + - go test -v ./... + +#artifacts: +# - path: '%GOPATH%\bin\*.exe' +deploy: off diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go new file mode 100644 index 00000000000..161aea25829 --- /dev/null +++ b/vendor/github.com/pkg/errors/errors.go @@ -0,0 +1,288 @@ +// Package errors provides simple error handling primitives. +// +// The traditional error handling idiom in Go is roughly akin to +// +// if err != nil { +// return err +// } +// +// which when applied recursively up the call stack results in error reports +// without context or debugging information. The errors package allows +// programmers to add context to the failure path in their code in a way +// that does not destroy the original value of the error. +// +// Adding context to an error +// +// The errors.Wrap function returns a new error that adds context to the +// original error by recording a stack trace at the point Wrap is called, +// together with the supplied message. For example +// +// _, err := ioutil.ReadAll(r) +// if err != nil { +// return errors.Wrap(err, "read failed") +// } +// +// If additional control is required, the errors.WithStack and +// errors.WithMessage functions destructure errors.Wrap into its component +// operations: annotating an error with a stack trace and with a message, +// respectively. +// +// Retrieving the cause of an error +// +// Using errors.Wrap constructs a stack of errors, adding context to the +// preceding error. Depending on the nature of the error it may be necessary +// to reverse the operation of errors.Wrap to retrieve the original error +// for inspection. Any error value which implements this interface +// +// type causer interface { +// Cause() error +// } +// +// can be inspected by errors.Cause. errors.Cause will recursively retrieve +// the topmost error that does not implement causer, which is assumed to be +// the original cause. For example: +// +// switch err := errors.Cause(err).(type) { +// case *MyError: +// // handle specifically +// default: +// // unknown error +// } +// +// Although the causer interface is not exported by this package, it is +// considered a part of its stable public interface. +// +// Formatted printing of errors +// +// All error values returned from this package implement fmt.Formatter and can +// be formatted by the fmt package. The following verbs are supported: +// +// %s print the error. If the error has a Cause it will be +// printed recursively. +// %v see %s +// %+v extended format. Each Frame of the error's StackTrace will +// be printed in detail. +// +// Retrieving the stack trace of an error or wrapper +// +// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are +// invoked. This information can be retrieved with the following interface: +// +// type stackTracer interface { +// StackTrace() errors.StackTrace +// } +// +// The returned errors.StackTrace type is defined as +// +// type StackTrace []Frame +// +// The Frame type represents a call site in the stack trace. Frame supports +// the fmt.Formatter interface that can be used for printing information about +// the stack trace of this error. For example: +// +// if err, ok := err.(stackTracer); ok { +// for _, f := range err.StackTrace() { +// fmt.Printf("%+s:%d\n", f, f) +// } +// } +// +// Although the stackTracer interface is not exported by this package, it is +// considered a part of its stable public interface. +// +// See the documentation for Frame.Format for more details. +package errors + +import ( + "fmt" + "io" +) + +// New returns an error with the supplied message. +// New also records the stack trace at the point it was called. +func New(message string) error { + return &fundamental{ + msg: message, + stack: callers(), + } +} + +// Errorf formats according to a format specifier and returns the string +// as a value that satisfies error. +// Errorf also records the stack trace at the point it was called. +func Errorf(format string, args ...interface{}) error { + return &fundamental{ + msg: fmt.Sprintf(format, args...), + stack: callers(), + } +} + +// fundamental is an error that has a message and a stack, but no caller. +type fundamental struct { + msg string + *stack +} + +func (f *fundamental) Error() string { return f.msg } + +func (f *fundamental) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + io.WriteString(s, f.msg) + f.stack.Format(s, verb) + return + } + fallthrough + case 's': + io.WriteString(s, f.msg) + case 'q': + fmt.Fprintf(s, "%q", f.msg) + } +} + +// WithStack annotates err with a stack trace at the point WithStack was called. +// If err is nil, WithStack returns nil. +func WithStack(err error) error { + if err == nil { + return nil + } + return &withStack{ + err, + callers(), + } +} + +type withStack struct { + error + *stack +} + +func (w *withStack) Cause() error { return w.error } + +// Unwrap provides compatibility for Go 1.13 error chains. +func (w *withStack) Unwrap() error { return w.error } + +func (w *withStack) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + fmt.Fprintf(s, "%+v", w.Cause()) + w.stack.Format(s, verb) + return + } + fallthrough + case 's': + io.WriteString(s, w.Error()) + case 'q': + fmt.Fprintf(s, "%q", w.Error()) + } +} + +// Wrap returns an error annotating err with a stack trace +// at the point Wrap is called, and the supplied message. +// If err is nil, Wrap returns nil. +func Wrap(err error, message string) error { + if err == nil { + return nil + } + err = &withMessage{ + cause: err, + msg: message, + } + return &withStack{ + err, + callers(), + } +} + +// Wrapf returns an error annotating err with a stack trace +// at the point Wrapf is called, and the format specifier. +// If err is nil, Wrapf returns nil. +func Wrapf(err error, format string, args ...interface{}) error { + if err == nil { + return nil + } + err = &withMessage{ + cause: err, + msg: fmt.Sprintf(format, args...), + } + return &withStack{ + err, + callers(), + } +} + +// WithMessage annotates err with a new message. +// If err is nil, WithMessage returns nil. +func WithMessage(err error, message string) error { + if err == nil { + return nil + } + return &withMessage{ + cause: err, + msg: message, + } +} + +// WithMessagef annotates err with the format specifier. +// If err is nil, WithMessagef returns nil. +func WithMessagef(err error, format string, args ...interface{}) error { + if err == nil { + return nil + } + return &withMessage{ + cause: err, + msg: fmt.Sprintf(format, args...), + } +} + +type withMessage struct { + cause error + msg string +} + +func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() } +func (w *withMessage) Cause() error { return w.cause } + +// Unwrap provides compatibility for Go 1.13 error chains. +func (w *withMessage) Unwrap() error { return w.cause } + +func (w *withMessage) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + fmt.Fprintf(s, "%+v\n", w.Cause()) + io.WriteString(s, w.msg) + return + } + fallthrough + case 's', 'q': + io.WriteString(s, w.Error()) + } +} + +// Cause returns the underlying cause of the error, if possible. +// An error value has a cause if it implements the following +// interface: +// +// type causer interface { +// Cause() error +// } +// +// If the error does not implement Cause, the original error will +// be returned. If the error is nil, nil will be returned without further +// investigation. +func Cause(err error) error { + type causer interface { + Cause() error + } + + for err != nil { + cause, ok := err.(causer) + if !ok { + break + } + err = cause.Cause() + } + return err +} diff --git a/vendor/github.com/pkg/errors/go113.go b/vendor/github.com/pkg/errors/go113.go new file mode 100644 index 00000000000..be0d10d0c79 --- /dev/null +++ b/vendor/github.com/pkg/errors/go113.go @@ -0,0 +1,38 @@ +// +build go1.13 + +package errors + +import ( + stderrors "errors" +) + +// Is reports whether any error in err's chain matches target. +// +// The chain consists of err itself followed by the sequence of errors obtained by +// repeatedly calling Unwrap. +// +// An error is considered to match a target if it is equal to that target or if +// it implements a method Is(error) bool such that Is(target) returns true. +func Is(err, target error) bool { return stderrors.Is(err, target) } + +// As finds the first error in err's chain that matches target, and if so, sets +// target to that error value and returns true. +// +// The chain consists of err itself followed by the sequence of errors obtained by +// repeatedly calling Unwrap. +// +// An error matches target if the error's concrete value is assignable to the value +// pointed to by target, or if the error has a method As(interface{}) bool such that +// As(target) returns true. In the latter case, the As method is responsible for +// setting target. +// +// As will panic if target is not a non-nil pointer to either a type that implements +// error, or to any interface type. As returns false if err is nil. +func As(err error, target interface{}) bool { return stderrors.As(err, target) } + +// Unwrap returns the result of calling the Unwrap method on err, if err's +// type contains an Unwrap method returning error. +// Otherwise, Unwrap returns nil. +func Unwrap(err error) error { + return stderrors.Unwrap(err) +} diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go new file mode 100644 index 00000000000..779a8348fb9 --- /dev/null +++ b/vendor/github.com/pkg/errors/stack.go @@ -0,0 +1,177 @@ +package errors + +import ( + "fmt" + "io" + "path" + "runtime" + "strconv" + "strings" +) + +// Frame represents a program counter inside a stack frame. +// For historical reasons if Frame is interpreted as a uintptr +// its value represents the program counter + 1. +type Frame uintptr + +// pc returns the program counter for this frame; +// multiple frames may have the same PC value. +func (f Frame) pc() uintptr { return uintptr(f) - 1 } + +// file returns the full path to the file that contains the +// function for this Frame's pc. +func (f Frame) file() string { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return "unknown" + } + file, _ := fn.FileLine(f.pc()) + return file +} + +// line returns the line number of source code of the +// function for this Frame's pc. +func (f Frame) line() int { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return 0 + } + _, line := fn.FileLine(f.pc()) + return line +} + +// name returns the name of this function, if known. +func (f Frame) name() string { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return "unknown" + } + return fn.Name() +} + +// Format formats the frame according to the fmt.Formatter interface. +// +// %s source file +// %d source line +// %n function name +// %v equivalent to %s:%d +// +// Format accepts flags that alter the printing of some verbs, as follows: +// +// %+s function name and path of source file relative to the compile time +// GOPATH separated by \n\t (\n\t) +// %+v equivalent to %+s:%d +func (f Frame) Format(s fmt.State, verb rune) { + switch verb { + case 's': + switch { + case s.Flag('+'): + io.WriteString(s, f.name()) + io.WriteString(s, "\n\t") + io.WriteString(s, f.file()) + default: + io.WriteString(s, path.Base(f.file())) + } + case 'd': + io.WriteString(s, strconv.Itoa(f.line())) + case 'n': + io.WriteString(s, funcname(f.name())) + case 'v': + f.Format(s, 's') + io.WriteString(s, ":") + f.Format(s, 'd') + } +} + +// MarshalText formats a stacktrace Frame as a text string. The output is the +// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs. +func (f Frame) MarshalText() ([]byte, error) { + name := f.name() + if name == "unknown" { + return []byte(name), nil + } + return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil +} + +// StackTrace is stack of Frames from innermost (newest) to outermost (oldest). +type StackTrace []Frame + +// Format formats the stack of Frames according to the fmt.Formatter interface. +// +// %s lists source files for each Frame in the stack +// %v lists the source file and line number for each Frame in the stack +// +// Format accepts flags that alter the printing of some verbs, as follows: +// +// %+v Prints filename, function, and line number for each Frame in the stack. +func (st StackTrace) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + switch { + case s.Flag('+'): + for _, f := range st { + io.WriteString(s, "\n") + f.Format(s, verb) + } + case s.Flag('#'): + fmt.Fprintf(s, "%#v", []Frame(st)) + default: + st.formatSlice(s, verb) + } + case 's': + st.formatSlice(s, verb) + } +} + +// formatSlice will format this StackTrace into the given buffer as a slice of +// Frame, only valid when called with '%s' or '%v'. +func (st StackTrace) formatSlice(s fmt.State, verb rune) { + io.WriteString(s, "[") + for i, f := range st { + if i > 0 { + io.WriteString(s, " ") + } + f.Format(s, verb) + } + io.WriteString(s, "]") +} + +// stack represents a stack of program counters. +type stack []uintptr + +func (s *stack) Format(st fmt.State, verb rune) { + switch verb { + case 'v': + switch { + case st.Flag('+'): + for _, pc := range *s { + f := Frame(pc) + fmt.Fprintf(st, "\n%+v", f) + } + } + } +} + +func (s *stack) StackTrace() StackTrace { + f := make([]Frame, len(*s)) + for i := 0; i < len(f); i++ { + f[i] = Frame((*s)[i]) + } + return f +} + +func callers() *stack { + const depth = 32 + var pcs [depth]uintptr + n := runtime.Callers(3, pcs[:]) + var st stack = pcs[0:n] + return &st +} + +// funcname removes the path prefix component of a function's name reported by func.Name(). +func funcname(name string) string { + i := strings.LastIndex(name, "/") + name = name[i+1:] + i = strings.Index(name, ".") + return name[i+1:] +} diff --git a/vendor/gopkg.in/yaml.v2/.travis.yml b/vendor/gopkg.in/yaml.v2/.travis.yml new file mode 100644 index 00000000000..055480b9ef8 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/.travis.yml @@ -0,0 +1,16 @@ +language: go + +go: + - "1.4.x" + - "1.5.x" + - "1.6.x" + - "1.7.x" + - "1.8.x" + - "1.9.x" + - "1.10.x" + - "1.11.x" + - "1.12.x" + - "1.13.x" + - "tip" + +go_import_path: gopkg.in/yaml.v2 diff --git a/vendor/gopkg.in/yaml.v2/LICENSE b/vendor/gopkg.in/yaml.v2/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/gopkg.in/yaml.v2/LICENSE.libyaml b/vendor/gopkg.in/yaml.v2/LICENSE.libyaml new file mode 100644 index 00000000000..8da58fbf6f8 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/LICENSE.libyaml @@ -0,0 +1,31 @@ +The following files were ported to Go from C files of libyaml, and thus +are still covered by their original copyright and license: + + apic.go + emitterc.go + parserc.go + readerc.go + scannerc.go + writerc.go + yamlh.go + yamlprivateh.go + +Copyright (c) 2006 Kirill Simonov + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/gopkg.in/yaml.v2/NOTICE b/vendor/gopkg.in/yaml.v2/NOTICE new file mode 100644 index 00000000000..866d74a7ad7 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/NOTICE @@ -0,0 +1,13 @@ +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/vendor/gopkg.in/yaml.v2/README.md b/vendor/gopkg.in/yaml.v2/README.md new file mode 100644 index 00000000000..b50c6e87755 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/README.md @@ -0,0 +1,133 @@ +# YAML support for the Go language + +Introduction +------------ + +The yaml package enables Go programs to comfortably encode and decode YAML +values. It was developed within [Canonical](https://www.canonical.com) as +part of the [juju](https://juju.ubuntu.com) project, and is based on a +pure Go port of the well-known [libyaml](http://pyyaml.org/wiki/LibYAML) +C library to parse and generate YAML data quickly and reliably. + +Compatibility +------------- + +The yaml package supports most of YAML 1.1 and 1.2, including support for +anchors, tags, map merging, etc. Multi-document unmarshalling is not yet +implemented, and base-60 floats from YAML 1.1 are purposefully not +supported since they're a poor design and are gone in YAML 1.2. + +Installation and usage +---------------------- + +The import path for the package is *gopkg.in/yaml.v2*. + +To install it, run: + + go get gopkg.in/yaml.v2 + +API documentation +----------------- + +If opened in a browser, the import path itself leads to the API documentation: + + * [https://gopkg.in/yaml.v2](https://gopkg.in/yaml.v2) + +API stability +------------- + +The package API for yaml v2 will remain stable as described in [gopkg.in](https://gopkg.in). + + +License +------- + +The yaml package is licensed under the Apache License 2.0. Please see the LICENSE file for details. + + +Example +------- + +```Go +package main + +import ( + "fmt" + "log" + + "gopkg.in/yaml.v2" +) + +var data = ` +a: Easy! +b: + c: 2 + d: [3, 4] +` + +// Note: struct fields must be public in order for unmarshal to +// correctly populate the data. +type T struct { + A string + B struct { + RenamedC int `yaml:"c"` + D []int `yaml:",flow"` + } +} + +func main() { + t := T{} + + err := yaml.Unmarshal([]byte(data), &t) + if err != nil { + log.Fatalf("error: %v", err) + } + fmt.Printf("--- t:\n%v\n\n", t) + + d, err := yaml.Marshal(&t) + if err != nil { + log.Fatalf("error: %v", err) + } + fmt.Printf("--- t dump:\n%s\n\n", string(d)) + + m := make(map[interface{}]interface{}) + + err = yaml.Unmarshal([]byte(data), &m) + if err != nil { + log.Fatalf("error: %v", err) + } + fmt.Printf("--- m:\n%v\n\n", m) + + d, err = yaml.Marshal(&m) + if err != nil { + log.Fatalf("error: %v", err) + } + fmt.Printf("--- m dump:\n%s\n\n", string(d)) +} +``` + +This example will generate the following output: + +``` +--- t: +{Easy! {2 [3 4]}} + +--- t dump: +a: Easy! +b: + c: 2 + d: [3, 4] + + +--- m: +map[a:Easy! b:map[c:2 d:[3 4]]] + +--- m dump: +a: Easy! +b: + c: 2 + d: + - 3 + - 4 +``` + diff --git a/vendor/gopkg.in/yaml.v2/apic.go b/vendor/gopkg.in/yaml.v2/apic.go new file mode 100644 index 00000000000..1f7e87e6727 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/apic.go @@ -0,0 +1,739 @@ +package yaml + +import ( + "io" +) + +func yaml_insert_token(parser *yaml_parser_t, pos int, token *yaml_token_t) { + //fmt.Println("yaml_insert_token", "pos:", pos, "typ:", token.typ, "head:", parser.tokens_head, "len:", len(parser.tokens)) + + // Check if we can move the queue at the beginning of the buffer. + if parser.tokens_head > 0 && len(parser.tokens) == cap(parser.tokens) { + if parser.tokens_head != len(parser.tokens) { + copy(parser.tokens, parser.tokens[parser.tokens_head:]) + } + parser.tokens = parser.tokens[:len(parser.tokens)-parser.tokens_head] + parser.tokens_head = 0 + } + parser.tokens = append(parser.tokens, *token) + if pos < 0 { + return + } + copy(parser.tokens[parser.tokens_head+pos+1:], parser.tokens[parser.tokens_head+pos:]) + parser.tokens[parser.tokens_head+pos] = *token +} + +// Create a new parser object. +func yaml_parser_initialize(parser *yaml_parser_t) bool { + *parser = yaml_parser_t{ + raw_buffer: make([]byte, 0, input_raw_buffer_size), + buffer: make([]byte, 0, input_buffer_size), + } + return true +} + +// Destroy a parser object. +func yaml_parser_delete(parser *yaml_parser_t) { + *parser = yaml_parser_t{} +} + +// String read handler. +func yaml_string_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) { + if parser.input_pos == len(parser.input) { + return 0, io.EOF + } + n = copy(buffer, parser.input[parser.input_pos:]) + parser.input_pos += n + return n, nil +} + +// Reader read handler. +func yaml_reader_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) { + return parser.input_reader.Read(buffer) +} + +// Set a string input. +func yaml_parser_set_input_string(parser *yaml_parser_t, input []byte) { + if parser.read_handler != nil { + panic("must set the input source only once") + } + parser.read_handler = yaml_string_read_handler + parser.input = input + parser.input_pos = 0 +} + +// Set a file input. +func yaml_parser_set_input_reader(parser *yaml_parser_t, r io.Reader) { + if parser.read_handler != nil { + panic("must set the input source only once") + } + parser.read_handler = yaml_reader_read_handler + parser.input_reader = r +} + +// Set the source encoding. +func yaml_parser_set_encoding(parser *yaml_parser_t, encoding yaml_encoding_t) { + if parser.encoding != yaml_ANY_ENCODING { + panic("must set the encoding only once") + } + parser.encoding = encoding +} + +// Create a new emitter object. +func yaml_emitter_initialize(emitter *yaml_emitter_t) { + *emitter = yaml_emitter_t{ + buffer: make([]byte, output_buffer_size), + raw_buffer: make([]byte, 0, output_raw_buffer_size), + states: make([]yaml_emitter_state_t, 0, initial_stack_size), + events: make([]yaml_event_t, 0, initial_queue_size), + } +} + +// Destroy an emitter object. +func yaml_emitter_delete(emitter *yaml_emitter_t) { + *emitter = yaml_emitter_t{} +} + +// String write handler. +func yaml_string_write_handler(emitter *yaml_emitter_t, buffer []byte) error { + *emitter.output_buffer = append(*emitter.output_buffer, buffer...) + return nil +} + +// yaml_writer_write_handler uses emitter.output_writer to write the +// emitted text. +func yaml_writer_write_handler(emitter *yaml_emitter_t, buffer []byte) error { + _, err := emitter.output_writer.Write(buffer) + return err +} + +// Set a string output. +func yaml_emitter_set_output_string(emitter *yaml_emitter_t, output_buffer *[]byte) { + if emitter.write_handler != nil { + panic("must set the output target only once") + } + emitter.write_handler = yaml_string_write_handler + emitter.output_buffer = output_buffer +} + +// Set a file output. +func yaml_emitter_set_output_writer(emitter *yaml_emitter_t, w io.Writer) { + if emitter.write_handler != nil { + panic("must set the output target only once") + } + emitter.write_handler = yaml_writer_write_handler + emitter.output_writer = w +} + +// Set the output encoding. +func yaml_emitter_set_encoding(emitter *yaml_emitter_t, encoding yaml_encoding_t) { + if emitter.encoding != yaml_ANY_ENCODING { + panic("must set the output encoding only once") + } + emitter.encoding = encoding +} + +// Set the canonical output style. +func yaml_emitter_set_canonical(emitter *yaml_emitter_t, canonical bool) { + emitter.canonical = canonical +} + +//// Set the indentation increment. +func yaml_emitter_set_indent(emitter *yaml_emitter_t, indent int) { + if indent < 2 || indent > 9 { + indent = 2 + } + emitter.best_indent = indent +} + +// Set the preferred line width. +func yaml_emitter_set_width(emitter *yaml_emitter_t, width int) { + if width < 0 { + width = -1 + } + emitter.best_width = width +} + +// Set if unescaped non-ASCII characters are allowed. +func yaml_emitter_set_unicode(emitter *yaml_emitter_t, unicode bool) { + emitter.unicode = unicode +} + +// Set the preferred line break character. +func yaml_emitter_set_break(emitter *yaml_emitter_t, line_break yaml_break_t) { + emitter.line_break = line_break +} + +///* +// * Destroy a token object. +// */ +// +//YAML_DECLARE(void) +//yaml_token_delete(yaml_token_t *token) +//{ +// assert(token); // Non-NULL token object expected. +// +// switch (token.type) +// { +// case YAML_TAG_DIRECTIVE_TOKEN: +// yaml_free(token.data.tag_directive.handle); +// yaml_free(token.data.tag_directive.prefix); +// break; +// +// case YAML_ALIAS_TOKEN: +// yaml_free(token.data.alias.value); +// break; +// +// case YAML_ANCHOR_TOKEN: +// yaml_free(token.data.anchor.value); +// break; +// +// case YAML_TAG_TOKEN: +// yaml_free(token.data.tag.handle); +// yaml_free(token.data.tag.suffix); +// break; +// +// case YAML_SCALAR_TOKEN: +// yaml_free(token.data.scalar.value); +// break; +// +// default: +// break; +// } +// +// memset(token, 0, sizeof(yaml_token_t)); +//} +// +///* +// * Check if a string is a valid UTF-8 sequence. +// * +// * Check 'reader.c' for more details on UTF-8 encoding. +// */ +// +//static int +//yaml_check_utf8(yaml_char_t *start, size_t length) +//{ +// yaml_char_t *end = start+length; +// yaml_char_t *pointer = start; +// +// while (pointer < end) { +// unsigned char octet; +// unsigned int width; +// unsigned int value; +// size_t k; +// +// octet = pointer[0]; +// width = (octet & 0x80) == 0x00 ? 1 : +// (octet & 0xE0) == 0xC0 ? 2 : +// (octet & 0xF0) == 0xE0 ? 3 : +// (octet & 0xF8) == 0xF0 ? 4 : 0; +// value = (octet & 0x80) == 0x00 ? octet & 0x7F : +// (octet & 0xE0) == 0xC0 ? octet & 0x1F : +// (octet & 0xF0) == 0xE0 ? octet & 0x0F : +// (octet & 0xF8) == 0xF0 ? octet & 0x07 : 0; +// if (!width) return 0; +// if (pointer+width > end) return 0; +// for (k = 1; k < width; k ++) { +// octet = pointer[k]; +// if ((octet & 0xC0) != 0x80) return 0; +// value = (value << 6) + (octet & 0x3F); +// } +// if (!((width == 1) || +// (width == 2 && value >= 0x80) || +// (width == 3 && value >= 0x800) || +// (width == 4 && value >= 0x10000))) return 0; +// +// pointer += width; +// } +// +// return 1; +//} +// + +// Create STREAM-START. +func yaml_stream_start_event_initialize(event *yaml_event_t, encoding yaml_encoding_t) { + *event = yaml_event_t{ + typ: yaml_STREAM_START_EVENT, + encoding: encoding, + } +} + +// Create STREAM-END. +func yaml_stream_end_event_initialize(event *yaml_event_t) { + *event = yaml_event_t{ + typ: yaml_STREAM_END_EVENT, + } +} + +// Create DOCUMENT-START. +func yaml_document_start_event_initialize( + event *yaml_event_t, + version_directive *yaml_version_directive_t, + tag_directives []yaml_tag_directive_t, + implicit bool, +) { + *event = yaml_event_t{ + typ: yaml_DOCUMENT_START_EVENT, + version_directive: version_directive, + tag_directives: tag_directives, + implicit: implicit, + } +} + +// Create DOCUMENT-END. +func yaml_document_end_event_initialize(event *yaml_event_t, implicit bool) { + *event = yaml_event_t{ + typ: yaml_DOCUMENT_END_EVENT, + implicit: implicit, + } +} + +///* +// * Create ALIAS. +// */ +// +//YAML_DECLARE(int) +//yaml_alias_event_initialize(event *yaml_event_t, anchor *yaml_char_t) +//{ +// mark yaml_mark_t = { 0, 0, 0 } +// anchor_copy *yaml_char_t = NULL +// +// assert(event) // Non-NULL event object is expected. +// assert(anchor) // Non-NULL anchor is expected. +// +// if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0 +// +// anchor_copy = yaml_strdup(anchor) +// if (!anchor_copy) +// return 0 +// +// ALIAS_EVENT_INIT(*event, anchor_copy, mark, mark) +// +// return 1 +//} + +// Create SCALAR. +func yaml_scalar_event_initialize(event *yaml_event_t, anchor, tag, value []byte, plain_implicit, quoted_implicit bool, style yaml_scalar_style_t) bool { + *event = yaml_event_t{ + typ: yaml_SCALAR_EVENT, + anchor: anchor, + tag: tag, + value: value, + implicit: plain_implicit, + quoted_implicit: quoted_implicit, + style: yaml_style_t(style), + } + return true +} + +// Create SEQUENCE-START. +func yaml_sequence_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_sequence_style_t) bool { + *event = yaml_event_t{ + typ: yaml_SEQUENCE_START_EVENT, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(style), + } + return true +} + +// Create SEQUENCE-END. +func yaml_sequence_end_event_initialize(event *yaml_event_t) bool { + *event = yaml_event_t{ + typ: yaml_SEQUENCE_END_EVENT, + } + return true +} + +// Create MAPPING-START. +func yaml_mapping_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_mapping_style_t) { + *event = yaml_event_t{ + typ: yaml_MAPPING_START_EVENT, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(style), + } +} + +// Create MAPPING-END. +func yaml_mapping_end_event_initialize(event *yaml_event_t) { + *event = yaml_event_t{ + typ: yaml_MAPPING_END_EVENT, + } +} + +// Destroy an event object. +func yaml_event_delete(event *yaml_event_t) { + *event = yaml_event_t{} +} + +///* +// * Create a document object. +// */ +// +//YAML_DECLARE(int) +//yaml_document_initialize(document *yaml_document_t, +// version_directive *yaml_version_directive_t, +// tag_directives_start *yaml_tag_directive_t, +// tag_directives_end *yaml_tag_directive_t, +// start_implicit int, end_implicit int) +//{ +// struct { +// error yaml_error_type_t +// } context +// struct { +// start *yaml_node_t +// end *yaml_node_t +// top *yaml_node_t +// } nodes = { NULL, NULL, NULL } +// version_directive_copy *yaml_version_directive_t = NULL +// struct { +// start *yaml_tag_directive_t +// end *yaml_tag_directive_t +// top *yaml_tag_directive_t +// } tag_directives_copy = { NULL, NULL, NULL } +// value yaml_tag_directive_t = { NULL, NULL } +// mark yaml_mark_t = { 0, 0, 0 } +// +// assert(document) // Non-NULL document object is expected. +// assert((tag_directives_start && tag_directives_end) || +// (tag_directives_start == tag_directives_end)) +// // Valid tag directives are expected. +// +// if (!STACK_INIT(&context, nodes, INITIAL_STACK_SIZE)) goto error +// +// if (version_directive) { +// version_directive_copy = yaml_malloc(sizeof(yaml_version_directive_t)) +// if (!version_directive_copy) goto error +// version_directive_copy.major = version_directive.major +// version_directive_copy.minor = version_directive.minor +// } +// +// if (tag_directives_start != tag_directives_end) { +// tag_directive *yaml_tag_directive_t +// if (!STACK_INIT(&context, tag_directives_copy, INITIAL_STACK_SIZE)) +// goto error +// for (tag_directive = tag_directives_start +// tag_directive != tag_directives_end; tag_directive ++) { +// assert(tag_directive.handle) +// assert(tag_directive.prefix) +// if (!yaml_check_utf8(tag_directive.handle, +// strlen((char *)tag_directive.handle))) +// goto error +// if (!yaml_check_utf8(tag_directive.prefix, +// strlen((char *)tag_directive.prefix))) +// goto error +// value.handle = yaml_strdup(tag_directive.handle) +// value.prefix = yaml_strdup(tag_directive.prefix) +// if (!value.handle || !value.prefix) goto error +// if (!PUSH(&context, tag_directives_copy, value)) +// goto error +// value.handle = NULL +// value.prefix = NULL +// } +// } +// +// DOCUMENT_INIT(*document, nodes.start, nodes.end, version_directive_copy, +// tag_directives_copy.start, tag_directives_copy.top, +// start_implicit, end_implicit, mark, mark) +// +// return 1 +// +//error: +// STACK_DEL(&context, nodes) +// yaml_free(version_directive_copy) +// while (!STACK_EMPTY(&context, tag_directives_copy)) { +// value yaml_tag_directive_t = POP(&context, tag_directives_copy) +// yaml_free(value.handle) +// yaml_free(value.prefix) +// } +// STACK_DEL(&context, tag_directives_copy) +// yaml_free(value.handle) +// yaml_free(value.prefix) +// +// return 0 +//} +// +///* +// * Destroy a document object. +// */ +// +//YAML_DECLARE(void) +//yaml_document_delete(document *yaml_document_t) +//{ +// struct { +// error yaml_error_type_t +// } context +// tag_directive *yaml_tag_directive_t +// +// context.error = YAML_NO_ERROR // Eliminate a compiler warning. +// +// assert(document) // Non-NULL document object is expected. +// +// while (!STACK_EMPTY(&context, document.nodes)) { +// node yaml_node_t = POP(&context, document.nodes) +// yaml_free(node.tag) +// switch (node.type) { +// case YAML_SCALAR_NODE: +// yaml_free(node.data.scalar.value) +// break +// case YAML_SEQUENCE_NODE: +// STACK_DEL(&context, node.data.sequence.items) +// break +// case YAML_MAPPING_NODE: +// STACK_DEL(&context, node.data.mapping.pairs) +// break +// default: +// assert(0) // Should not happen. +// } +// } +// STACK_DEL(&context, document.nodes) +// +// yaml_free(document.version_directive) +// for (tag_directive = document.tag_directives.start +// tag_directive != document.tag_directives.end +// tag_directive++) { +// yaml_free(tag_directive.handle) +// yaml_free(tag_directive.prefix) +// } +// yaml_free(document.tag_directives.start) +// +// memset(document, 0, sizeof(yaml_document_t)) +//} +// +///** +// * Get a document node. +// */ +// +//YAML_DECLARE(yaml_node_t *) +//yaml_document_get_node(document *yaml_document_t, index int) +//{ +// assert(document) // Non-NULL document object is expected. +// +// if (index > 0 && document.nodes.start + index <= document.nodes.top) { +// return document.nodes.start + index - 1 +// } +// return NULL +//} +// +///** +// * Get the root object. +// */ +// +//YAML_DECLARE(yaml_node_t *) +//yaml_document_get_root_node(document *yaml_document_t) +//{ +// assert(document) // Non-NULL document object is expected. +// +// if (document.nodes.top != document.nodes.start) { +// return document.nodes.start +// } +// return NULL +//} +// +///* +// * Add a scalar node to a document. +// */ +// +//YAML_DECLARE(int) +//yaml_document_add_scalar(document *yaml_document_t, +// tag *yaml_char_t, value *yaml_char_t, length int, +// style yaml_scalar_style_t) +//{ +// struct { +// error yaml_error_type_t +// } context +// mark yaml_mark_t = { 0, 0, 0 } +// tag_copy *yaml_char_t = NULL +// value_copy *yaml_char_t = NULL +// node yaml_node_t +// +// assert(document) // Non-NULL document object is expected. +// assert(value) // Non-NULL value is expected. +// +// if (!tag) { +// tag = (yaml_char_t *)YAML_DEFAULT_SCALAR_TAG +// } +// +// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error +// tag_copy = yaml_strdup(tag) +// if (!tag_copy) goto error +// +// if (length < 0) { +// length = strlen((char *)value) +// } +// +// if (!yaml_check_utf8(value, length)) goto error +// value_copy = yaml_malloc(length+1) +// if (!value_copy) goto error +// memcpy(value_copy, value, length) +// value_copy[length] = '\0' +// +// SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark) +// if (!PUSH(&context, document.nodes, node)) goto error +// +// return document.nodes.top - document.nodes.start +// +//error: +// yaml_free(tag_copy) +// yaml_free(value_copy) +// +// return 0 +//} +// +///* +// * Add a sequence node to a document. +// */ +// +//YAML_DECLARE(int) +//yaml_document_add_sequence(document *yaml_document_t, +// tag *yaml_char_t, style yaml_sequence_style_t) +//{ +// struct { +// error yaml_error_type_t +// } context +// mark yaml_mark_t = { 0, 0, 0 } +// tag_copy *yaml_char_t = NULL +// struct { +// start *yaml_node_item_t +// end *yaml_node_item_t +// top *yaml_node_item_t +// } items = { NULL, NULL, NULL } +// node yaml_node_t +// +// assert(document) // Non-NULL document object is expected. +// +// if (!tag) { +// tag = (yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG +// } +// +// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error +// tag_copy = yaml_strdup(tag) +// if (!tag_copy) goto error +// +// if (!STACK_INIT(&context, items, INITIAL_STACK_SIZE)) goto error +// +// SEQUENCE_NODE_INIT(node, tag_copy, items.start, items.end, +// style, mark, mark) +// if (!PUSH(&context, document.nodes, node)) goto error +// +// return document.nodes.top - document.nodes.start +// +//error: +// STACK_DEL(&context, items) +// yaml_free(tag_copy) +// +// return 0 +//} +// +///* +// * Add a mapping node to a document. +// */ +// +//YAML_DECLARE(int) +//yaml_document_add_mapping(document *yaml_document_t, +// tag *yaml_char_t, style yaml_mapping_style_t) +//{ +// struct { +// error yaml_error_type_t +// } context +// mark yaml_mark_t = { 0, 0, 0 } +// tag_copy *yaml_char_t = NULL +// struct { +// start *yaml_node_pair_t +// end *yaml_node_pair_t +// top *yaml_node_pair_t +// } pairs = { NULL, NULL, NULL } +// node yaml_node_t +// +// assert(document) // Non-NULL document object is expected. +// +// if (!tag) { +// tag = (yaml_char_t *)YAML_DEFAULT_MAPPING_TAG +// } +// +// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error +// tag_copy = yaml_strdup(tag) +// if (!tag_copy) goto error +// +// if (!STACK_INIT(&context, pairs, INITIAL_STACK_SIZE)) goto error +// +// MAPPING_NODE_INIT(node, tag_copy, pairs.start, pairs.end, +// style, mark, mark) +// if (!PUSH(&context, document.nodes, node)) goto error +// +// return document.nodes.top - document.nodes.start +// +//error: +// STACK_DEL(&context, pairs) +// yaml_free(tag_copy) +// +// return 0 +//} +// +///* +// * Append an item to a sequence node. +// */ +// +//YAML_DECLARE(int) +//yaml_document_append_sequence_item(document *yaml_document_t, +// sequence int, item int) +//{ +// struct { +// error yaml_error_type_t +// } context +// +// assert(document) // Non-NULL document is required. +// assert(sequence > 0 +// && document.nodes.start + sequence <= document.nodes.top) +// // Valid sequence id is required. +// assert(document.nodes.start[sequence-1].type == YAML_SEQUENCE_NODE) +// // A sequence node is required. +// assert(item > 0 && document.nodes.start + item <= document.nodes.top) +// // Valid item id is required. +// +// if (!PUSH(&context, +// document.nodes.start[sequence-1].data.sequence.items, item)) +// return 0 +// +// return 1 +//} +// +///* +// * Append a pair of a key and a value to a mapping node. +// */ +// +//YAML_DECLARE(int) +//yaml_document_append_mapping_pair(document *yaml_document_t, +// mapping int, key int, value int) +//{ +// struct { +// error yaml_error_type_t +// } context +// +// pair yaml_node_pair_t +// +// assert(document) // Non-NULL document is required. +// assert(mapping > 0 +// && document.nodes.start + mapping <= document.nodes.top) +// // Valid mapping id is required. +// assert(document.nodes.start[mapping-1].type == YAML_MAPPING_NODE) +// // A mapping node is required. +// assert(key > 0 && document.nodes.start + key <= document.nodes.top) +// // Valid key id is required. +// assert(value > 0 && document.nodes.start + value <= document.nodes.top) +// // Valid value id is required. +// +// pair.key = key +// pair.value = value +// +// if (!PUSH(&context, +// document.nodes.start[mapping-1].data.mapping.pairs, pair)) +// return 0 +// +// return 1 +//} +// +// diff --git a/vendor/gopkg.in/yaml.v2/decode.go b/vendor/gopkg.in/yaml.v2/decode.go new file mode 100644 index 00000000000..129bc2a97d3 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/decode.go @@ -0,0 +1,815 @@ +package yaml + +import ( + "encoding" + "encoding/base64" + "fmt" + "io" + "math" + "reflect" + "strconv" + "time" +) + +const ( + documentNode = 1 << iota + mappingNode + sequenceNode + scalarNode + aliasNode +) + +type node struct { + kind int + line, column int + tag string + // For an alias node, alias holds the resolved alias. + alias *node + value string + implicit bool + children []*node + anchors map[string]*node +} + +// ---------------------------------------------------------------------------- +// Parser, produces a node tree out of a libyaml event stream. + +type parser struct { + parser yaml_parser_t + event yaml_event_t + doc *node + doneInit bool +} + +func newParser(b []byte) *parser { + p := parser{} + if !yaml_parser_initialize(&p.parser) { + panic("failed to initialize YAML emitter") + } + if len(b) == 0 { + b = []byte{'\n'} + } + yaml_parser_set_input_string(&p.parser, b) + return &p +} + +func newParserFromReader(r io.Reader) *parser { + p := parser{} + if !yaml_parser_initialize(&p.parser) { + panic("failed to initialize YAML emitter") + } + yaml_parser_set_input_reader(&p.parser, r) + return &p +} + +func (p *parser) init() { + if p.doneInit { + return + } + p.expect(yaml_STREAM_START_EVENT) + p.doneInit = true +} + +func (p *parser) destroy() { + if p.event.typ != yaml_NO_EVENT { + yaml_event_delete(&p.event) + } + yaml_parser_delete(&p.parser) +} + +// expect consumes an event from the event stream and +// checks that it's of the expected type. +func (p *parser) expect(e yaml_event_type_t) { + if p.event.typ == yaml_NO_EVENT { + if !yaml_parser_parse(&p.parser, &p.event) { + p.fail() + } + } + if p.event.typ == yaml_STREAM_END_EVENT { + failf("attempted to go past the end of stream; corrupted value?") + } + if p.event.typ != e { + p.parser.problem = fmt.Sprintf("expected %s event but got %s", e, p.event.typ) + p.fail() + } + yaml_event_delete(&p.event) + p.event.typ = yaml_NO_EVENT +} + +// peek peeks at the next event in the event stream, +// puts the results into p.event and returns the event type. +func (p *parser) peek() yaml_event_type_t { + if p.event.typ != yaml_NO_EVENT { + return p.event.typ + } + if !yaml_parser_parse(&p.parser, &p.event) { + p.fail() + } + return p.event.typ +} + +func (p *parser) fail() { + var where string + var line int + if p.parser.problem_mark.line != 0 { + line = p.parser.problem_mark.line + // Scanner errors don't iterate line before returning error + if p.parser.error == yaml_SCANNER_ERROR { + line++ + } + } else if p.parser.context_mark.line != 0 { + line = p.parser.context_mark.line + } + if line != 0 { + where = "line " + strconv.Itoa(line) + ": " + } + var msg string + if len(p.parser.problem) > 0 { + msg = p.parser.problem + } else { + msg = "unknown problem parsing YAML content" + } + failf("%s%s", where, msg) +} + +func (p *parser) anchor(n *node, anchor []byte) { + if anchor != nil { + p.doc.anchors[string(anchor)] = n + } +} + +func (p *parser) parse() *node { + p.init() + switch p.peek() { + case yaml_SCALAR_EVENT: + return p.scalar() + case yaml_ALIAS_EVENT: + return p.alias() + case yaml_MAPPING_START_EVENT: + return p.mapping() + case yaml_SEQUENCE_START_EVENT: + return p.sequence() + case yaml_DOCUMENT_START_EVENT: + return p.document() + case yaml_STREAM_END_EVENT: + // Happens when attempting to decode an empty buffer. + return nil + default: + panic("attempted to parse unknown event: " + p.event.typ.String()) + } +} + +func (p *parser) node(kind int) *node { + return &node{ + kind: kind, + line: p.event.start_mark.line, + column: p.event.start_mark.column, + } +} + +func (p *parser) document() *node { + n := p.node(documentNode) + n.anchors = make(map[string]*node) + p.doc = n + p.expect(yaml_DOCUMENT_START_EVENT) + n.children = append(n.children, p.parse()) + p.expect(yaml_DOCUMENT_END_EVENT) + return n +} + +func (p *parser) alias() *node { + n := p.node(aliasNode) + n.value = string(p.event.anchor) + n.alias = p.doc.anchors[n.value] + if n.alias == nil { + failf("unknown anchor '%s' referenced", n.value) + } + p.expect(yaml_ALIAS_EVENT) + return n +} + +func (p *parser) scalar() *node { + n := p.node(scalarNode) + n.value = string(p.event.value) + n.tag = string(p.event.tag) + n.implicit = p.event.implicit + p.anchor(n, p.event.anchor) + p.expect(yaml_SCALAR_EVENT) + return n +} + +func (p *parser) sequence() *node { + n := p.node(sequenceNode) + p.anchor(n, p.event.anchor) + p.expect(yaml_SEQUENCE_START_EVENT) + for p.peek() != yaml_SEQUENCE_END_EVENT { + n.children = append(n.children, p.parse()) + } + p.expect(yaml_SEQUENCE_END_EVENT) + return n +} + +func (p *parser) mapping() *node { + n := p.node(mappingNode) + p.anchor(n, p.event.anchor) + p.expect(yaml_MAPPING_START_EVENT) + for p.peek() != yaml_MAPPING_END_EVENT { + n.children = append(n.children, p.parse(), p.parse()) + } + p.expect(yaml_MAPPING_END_EVENT) + return n +} + +// ---------------------------------------------------------------------------- +// Decoder, unmarshals a node into a provided value. + +type decoder struct { + doc *node + aliases map[*node]bool + mapType reflect.Type + terrors []string + strict bool + + decodeCount int + aliasCount int + aliasDepth int +} + +var ( + mapItemType = reflect.TypeOf(MapItem{}) + durationType = reflect.TypeOf(time.Duration(0)) + defaultMapType = reflect.TypeOf(map[interface{}]interface{}{}) + ifaceType = defaultMapType.Elem() + timeType = reflect.TypeOf(time.Time{}) + ptrTimeType = reflect.TypeOf(&time.Time{}) +) + +func newDecoder(strict bool) *decoder { + d := &decoder{mapType: defaultMapType, strict: strict} + d.aliases = make(map[*node]bool) + return d +} + +func (d *decoder) terror(n *node, tag string, out reflect.Value) { + if n.tag != "" { + tag = n.tag + } + value := n.value + if tag != yaml_SEQ_TAG && tag != yaml_MAP_TAG { + if len(value) > 10 { + value = " `" + value[:7] + "...`" + } else { + value = " `" + value + "`" + } + } + d.terrors = append(d.terrors, fmt.Sprintf("line %d: cannot unmarshal %s%s into %s", n.line+1, shortTag(tag), value, out.Type())) +} + +func (d *decoder) callUnmarshaler(n *node, u Unmarshaler) (good bool) { + terrlen := len(d.terrors) + err := u.UnmarshalYAML(func(v interface{}) (err error) { + defer handleErr(&err) + d.unmarshal(n, reflect.ValueOf(v)) + if len(d.terrors) > terrlen { + issues := d.terrors[terrlen:] + d.terrors = d.terrors[:terrlen] + return &TypeError{issues} + } + return nil + }) + if e, ok := err.(*TypeError); ok { + d.terrors = append(d.terrors, e.Errors...) + return false + } + if err != nil { + fail(err) + } + return true +} + +// d.prepare initializes and dereferences pointers and calls UnmarshalYAML +// if a value is found to implement it. +// It returns the initialized and dereferenced out value, whether +// unmarshalling was already done by UnmarshalYAML, and if so whether +// its types unmarshalled appropriately. +// +// If n holds a null value, prepare returns before doing anything. +func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unmarshaled, good bool) { + if n.tag == yaml_NULL_TAG || n.kind == scalarNode && n.tag == "" && (n.value == "null" || n.value == "~" || n.value == "" && n.implicit) { + return out, false, false + } + again := true + for again { + again = false + if out.Kind() == reflect.Ptr { + if out.IsNil() { + out.Set(reflect.New(out.Type().Elem())) + } + out = out.Elem() + again = true + } + if out.CanAddr() { + if u, ok := out.Addr().Interface().(Unmarshaler); ok { + good = d.callUnmarshaler(n, u) + return out, true, good + } + } + } + return out, false, false +} + +const ( + // 400,000 decode operations is ~500kb of dense object declarations, or + // ~5kb of dense object declarations with 10000% alias expansion + alias_ratio_range_low = 400000 + + // 4,000,000 decode operations is ~5MB of dense object declarations, or + // ~4.5MB of dense object declarations with 10% alias expansion + alias_ratio_range_high = 4000000 + + // alias_ratio_range is the range over which we scale allowed alias ratios + alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low) +) + +func allowedAliasRatio(decodeCount int) float64 { + switch { + case decodeCount <= alias_ratio_range_low: + // allow 99% to come from alias expansion for small-to-medium documents + return 0.99 + case decodeCount >= alias_ratio_range_high: + // allow 10% to come from alias expansion for very large documents + return 0.10 + default: + // scale smoothly from 99% down to 10% over the range. + // this maps to 396,000 - 400,000 allowed alias-driven decodes over the range. + // 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps). + return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range) + } +} + +func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) { + d.decodeCount++ + if d.aliasDepth > 0 { + d.aliasCount++ + } + if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) { + failf("document contains excessive aliasing") + } + switch n.kind { + case documentNode: + return d.document(n, out) + case aliasNode: + return d.alias(n, out) + } + out, unmarshaled, good := d.prepare(n, out) + if unmarshaled { + return good + } + switch n.kind { + case scalarNode: + good = d.scalar(n, out) + case mappingNode: + good = d.mapping(n, out) + case sequenceNode: + good = d.sequence(n, out) + default: + panic("internal error: unknown node kind: " + strconv.Itoa(n.kind)) + } + return good +} + +func (d *decoder) document(n *node, out reflect.Value) (good bool) { + if len(n.children) == 1 { + d.doc = n + d.unmarshal(n.children[0], out) + return true + } + return false +} + +func (d *decoder) alias(n *node, out reflect.Value) (good bool) { + if d.aliases[n] { + // TODO this could actually be allowed in some circumstances. + failf("anchor '%s' value contains itself", n.value) + } + d.aliases[n] = true + d.aliasDepth++ + good = d.unmarshal(n.alias, out) + d.aliasDepth-- + delete(d.aliases, n) + return good +} + +var zeroValue reflect.Value + +func resetMap(out reflect.Value) { + for _, k := range out.MapKeys() { + out.SetMapIndex(k, zeroValue) + } +} + +func (d *decoder) scalar(n *node, out reflect.Value) bool { + var tag string + var resolved interface{} + if n.tag == "" && !n.implicit { + tag = yaml_STR_TAG + resolved = n.value + } else { + tag, resolved = resolve(n.tag, n.value) + if tag == yaml_BINARY_TAG { + data, err := base64.StdEncoding.DecodeString(resolved.(string)) + if err != nil { + failf("!!binary value contains invalid base64 data") + } + resolved = string(data) + } + } + if resolved == nil { + if out.Kind() == reflect.Map && !out.CanAddr() { + resetMap(out) + } else { + out.Set(reflect.Zero(out.Type())) + } + return true + } + if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() { + // We've resolved to exactly the type we want, so use that. + out.Set(resolvedv) + return true + } + // Perhaps we can use the value as a TextUnmarshaler to + // set its value. + if out.CanAddr() { + u, ok := out.Addr().Interface().(encoding.TextUnmarshaler) + if ok { + var text []byte + if tag == yaml_BINARY_TAG { + text = []byte(resolved.(string)) + } else { + // We let any value be unmarshaled into TextUnmarshaler. + // That might be more lax than we'd like, but the + // TextUnmarshaler itself should bowl out any dubious values. + text = []byte(n.value) + } + err := u.UnmarshalText(text) + if err != nil { + fail(err) + } + return true + } + } + switch out.Kind() { + case reflect.String: + if tag == yaml_BINARY_TAG { + out.SetString(resolved.(string)) + return true + } + if resolved != nil { + out.SetString(n.value) + return true + } + case reflect.Interface: + if resolved == nil { + out.Set(reflect.Zero(out.Type())) + } else if tag == yaml_TIMESTAMP_TAG { + // It looks like a timestamp but for backward compatibility + // reasons we set it as a string, so that code that unmarshals + // timestamp-like values into interface{} will continue to + // see a string and not a time.Time. + // TODO(v3) Drop this. + out.Set(reflect.ValueOf(n.value)) + } else { + out.Set(reflect.ValueOf(resolved)) + } + return true + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + switch resolved := resolved.(type) { + case int: + if !out.OverflowInt(int64(resolved)) { + out.SetInt(int64(resolved)) + return true + } + case int64: + if !out.OverflowInt(resolved) { + out.SetInt(resolved) + return true + } + case uint64: + if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) { + out.SetInt(int64(resolved)) + return true + } + case float64: + if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) { + out.SetInt(int64(resolved)) + return true + } + case string: + if out.Type() == durationType { + d, err := time.ParseDuration(resolved) + if err == nil { + out.SetInt(int64(d)) + return true + } + } + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + switch resolved := resolved.(type) { + case int: + if resolved >= 0 && !out.OverflowUint(uint64(resolved)) { + out.SetUint(uint64(resolved)) + return true + } + case int64: + if resolved >= 0 && !out.OverflowUint(uint64(resolved)) { + out.SetUint(uint64(resolved)) + return true + } + case uint64: + if !out.OverflowUint(uint64(resolved)) { + out.SetUint(uint64(resolved)) + return true + } + case float64: + if resolved <= math.MaxUint64 && !out.OverflowUint(uint64(resolved)) { + out.SetUint(uint64(resolved)) + return true + } + } + case reflect.Bool: + switch resolved := resolved.(type) { + case bool: + out.SetBool(resolved) + return true + } + case reflect.Float32, reflect.Float64: + switch resolved := resolved.(type) { + case int: + out.SetFloat(float64(resolved)) + return true + case int64: + out.SetFloat(float64(resolved)) + return true + case uint64: + out.SetFloat(float64(resolved)) + return true + case float64: + out.SetFloat(resolved) + return true + } + case reflect.Struct: + if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() { + out.Set(resolvedv) + return true + } + case reflect.Ptr: + if out.Type().Elem() == reflect.TypeOf(resolved) { + // TODO DOes this make sense? When is out a Ptr except when decoding a nil value? + elem := reflect.New(out.Type().Elem()) + elem.Elem().Set(reflect.ValueOf(resolved)) + out.Set(elem) + return true + } + } + d.terror(n, tag, out) + return false +} + +func settableValueOf(i interface{}) reflect.Value { + v := reflect.ValueOf(i) + sv := reflect.New(v.Type()).Elem() + sv.Set(v) + return sv +} + +func (d *decoder) sequence(n *node, out reflect.Value) (good bool) { + l := len(n.children) + + var iface reflect.Value + switch out.Kind() { + case reflect.Slice: + out.Set(reflect.MakeSlice(out.Type(), l, l)) + case reflect.Array: + if l != out.Len() { + failf("invalid array: want %d elements but got %d", out.Len(), l) + } + case reflect.Interface: + // No type hints. Will have to use a generic sequence. + iface = out + out = settableValueOf(make([]interface{}, l)) + default: + d.terror(n, yaml_SEQ_TAG, out) + return false + } + et := out.Type().Elem() + + j := 0 + for i := 0; i < l; i++ { + e := reflect.New(et).Elem() + if ok := d.unmarshal(n.children[i], e); ok { + out.Index(j).Set(e) + j++ + } + } + if out.Kind() != reflect.Array { + out.Set(out.Slice(0, j)) + } + if iface.IsValid() { + iface.Set(out) + } + return true +} + +func (d *decoder) mapping(n *node, out reflect.Value) (good bool) { + switch out.Kind() { + case reflect.Struct: + return d.mappingStruct(n, out) + case reflect.Slice: + return d.mappingSlice(n, out) + case reflect.Map: + // okay + case reflect.Interface: + if d.mapType.Kind() == reflect.Map { + iface := out + out = reflect.MakeMap(d.mapType) + iface.Set(out) + } else { + slicev := reflect.New(d.mapType).Elem() + if !d.mappingSlice(n, slicev) { + return false + } + out.Set(slicev) + return true + } + default: + d.terror(n, yaml_MAP_TAG, out) + return false + } + outt := out.Type() + kt := outt.Key() + et := outt.Elem() + + mapType := d.mapType + if outt.Key() == ifaceType && outt.Elem() == ifaceType { + d.mapType = outt + } + + if out.IsNil() { + out.Set(reflect.MakeMap(outt)) + } + l := len(n.children) + for i := 0; i < l; i += 2 { + if isMerge(n.children[i]) { + d.merge(n.children[i+1], out) + continue + } + k := reflect.New(kt).Elem() + if d.unmarshal(n.children[i], k) { + kkind := k.Kind() + if kkind == reflect.Interface { + kkind = k.Elem().Kind() + } + if kkind == reflect.Map || kkind == reflect.Slice { + failf("invalid map key: %#v", k.Interface()) + } + e := reflect.New(et).Elem() + if d.unmarshal(n.children[i+1], e) { + d.setMapIndex(n.children[i+1], out, k, e) + } + } + } + d.mapType = mapType + return true +} + +func (d *decoder) setMapIndex(n *node, out, k, v reflect.Value) { + if d.strict && out.MapIndex(k) != zeroValue { + d.terrors = append(d.terrors, fmt.Sprintf("line %d: key %#v already set in map", n.line+1, k.Interface())) + return + } + out.SetMapIndex(k, v) +} + +func (d *decoder) mappingSlice(n *node, out reflect.Value) (good bool) { + outt := out.Type() + if outt.Elem() != mapItemType { + d.terror(n, yaml_MAP_TAG, out) + return false + } + + mapType := d.mapType + d.mapType = outt + + var slice []MapItem + var l = len(n.children) + for i := 0; i < l; i += 2 { + if isMerge(n.children[i]) { + d.merge(n.children[i+1], out) + continue + } + item := MapItem{} + k := reflect.ValueOf(&item.Key).Elem() + if d.unmarshal(n.children[i], k) { + v := reflect.ValueOf(&item.Value).Elem() + if d.unmarshal(n.children[i+1], v) { + slice = append(slice, item) + } + } + } + out.Set(reflect.ValueOf(slice)) + d.mapType = mapType + return true +} + +func (d *decoder) mappingStruct(n *node, out reflect.Value) (good bool) { + sinfo, err := getStructInfo(out.Type()) + if err != nil { + panic(err) + } + name := settableValueOf("") + l := len(n.children) + + var inlineMap reflect.Value + var elemType reflect.Type + if sinfo.InlineMap != -1 { + inlineMap = out.Field(sinfo.InlineMap) + inlineMap.Set(reflect.New(inlineMap.Type()).Elem()) + elemType = inlineMap.Type().Elem() + } + + var doneFields []bool + if d.strict { + doneFields = make([]bool, len(sinfo.FieldsList)) + } + for i := 0; i < l; i += 2 { + ni := n.children[i] + if isMerge(ni) { + d.merge(n.children[i+1], out) + continue + } + if !d.unmarshal(ni, name) { + continue + } + if info, ok := sinfo.FieldsMap[name.String()]; ok { + if d.strict { + if doneFields[info.Id] { + d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s already set in type %s", ni.line+1, name.String(), out.Type())) + continue + } + doneFields[info.Id] = true + } + var field reflect.Value + if info.Inline == nil { + field = out.Field(info.Num) + } else { + field = out.FieldByIndex(info.Inline) + } + d.unmarshal(n.children[i+1], field) + } else if sinfo.InlineMap != -1 { + if inlineMap.IsNil() { + inlineMap.Set(reflect.MakeMap(inlineMap.Type())) + } + value := reflect.New(elemType).Elem() + d.unmarshal(n.children[i+1], value) + d.setMapIndex(n.children[i+1], inlineMap, name, value) + } else if d.strict { + d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s not found in type %s", ni.line+1, name.String(), out.Type())) + } + } + return true +} + +func failWantMap() { + failf("map merge requires map or sequence of maps as the value") +} + +func (d *decoder) merge(n *node, out reflect.Value) { + switch n.kind { + case mappingNode: + d.unmarshal(n, out) + case aliasNode: + if n.alias != nil && n.alias.kind != mappingNode { + failWantMap() + } + d.unmarshal(n, out) + case sequenceNode: + // Step backwards as earlier nodes take precedence. + for i := len(n.children) - 1; i >= 0; i-- { + ni := n.children[i] + if ni.kind == aliasNode { + if ni.alias != nil && ni.alias.kind != mappingNode { + failWantMap() + } + } else if ni.kind != mappingNode { + failWantMap() + } + d.unmarshal(ni, out) + } + default: + failWantMap() + } +} + +func isMerge(n *node) bool { + return n.kind == scalarNode && n.value == "<<" && (n.implicit == true || n.tag == yaml_MERGE_TAG) +} diff --git a/vendor/gopkg.in/yaml.v2/emitterc.go b/vendor/gopkg.in/yaml.v2/emitterc.go new file mode 100644 index 00000000000..a1c2cc52627 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/emitterc.go @@ -0,0 +1,1685 @@ +package yaml + +import ( + "bytes" + "fmt" +) + +// Flush the buffer if needed. +func flush(emitter *yaml_emitter_t) bool { + if emitter.buffer_pos+5 >= len(emitter.buffer) { + return yaml_emitter_flush(emitter) + } + return true +} + +// Put a character to the output buffer. +func put(emitter *yaml_emitter_t, value byte) bool { + if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { + return false + } + emitter.buffer[emitter.buffer_pos] = value + emitter.buffer_pos++ + emitter.column++ + return true +} + +// Put a line break to the output buffer. +func put_break(emitter *yaml_emitter_t) bool { + if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { + return false + } + switch emitter.line_break { + case yaml_CR_BREAK: + emitter.buffer[emitter.buffer_pos] = '\r' + emitter.buffer_pos += 1 + case yaml_LN_BREAK: + emitter.buffer[emitter.buffer_pos] = '\n' + emitter.buffer_pos += 1 + case yaml_CRLN_BREAK: + emitter.buffer[emitter.buffer_pos+0] = '\r' + emitter.buffer[emitter.buffer_pos+1] = '\n' + emitter.buffer_pos += 2 + default: + panic("unknown line break setting") + } + emitter.column = 0 + emitter.line++ + return true +} + +// Copy a character from a string into buffer. +func write(emitter *yaml_emitter_t, s []byte, i *int) bool { + if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { + return false + } + p := emitter.buffer_pos + w := width(s[*i]) + switch w { + case 4: + emitter.buffer[p+3] = s[*i+3] + fallthrough + case 3: + emitter.buffer[p+2] = s[*i+2] + fallthrough + case 2: + emitter.buffer[p+1] = s[*i+1] + fallthrough + case 1: + emitter.buffer[p+0] = s[*i+0] + default: + panic("unknown character width") + } + emitter.column++ + emitter.buffer_pos += w + *i += w + return true +} + +// Write a whole string into buffer. +func write_all(emitter *yaml_emitter_t, s []byte) bool { + for i := 0; i < len(s); { + if !write(emitter, s, &i) { + return false + } + } + return true +} + +// Copy a line break character from a string into buffer. +func write_break(emitter *yaml_emitter_t, s []byte, i *int) bool { + if s[*i] == '\n' { + if !put_break(emitter) { + return false + } + *i++ + } else { + if !write(emitter, s, i) { + return false + } + emitter.column = 0 + emitter.line++ + } + return true +} + +// Set an emitter error and return false. +func yaml_emitter_set_emitter_error(emitter *yaml_emitter_t, problem string) bool { + emitter.error = yaml_EMITTER_ERROR + emitter.problem = problem + return false +} + +// Emit an event. +func yaml_emitter_emit(emitter *yaml_emitter_t, event *yaml_event_t) bool { + emitter.events = append(emitter.events, *event) + for !yaml_emitter_need_more_events(emitter) { + event := &emitter.events[emitter.events_head] + if !yaml_emitter_analyze_event(emitter, event) { + return false + } + if !yaml_emitter_state_machine(emitter, event) { + return false + } + yaml_event_delete(event) + emitter.events_head++ + } + return true +} + +// Check if we need to accumulate more events before emitting. +// +// We accumulate extra +// - 1 event for DOCUMENT-START +// - 2 events for SEQUENCE-START +// - 3 events for MAPPING-START +// +func yaml_emitter_need_more_events(emitter *yaml_emitter_t) bool { + if emitter.events_head == len(emitter.events) { + return true + } + var accumulate int + switch emitter.events[emitter.events_head].typ { + case yaml_DOCUMENT_START_EVENT: + accumulate = 1 + break + case yaml_SEQUENCE_START_EVENT: + accumulate = 2 + break + case yaml_MAPPING_START_EVENT: + accumulate = 3 + break + default: + return false + } + if len(emitter.events)-emitter.events_head > accumulate { + return false + } + var level int + for i := emitter.events_head; i < len(emitter.events); i++ { + switch emitter.events[i].typ { + case yaml_STREAM_START_EVENT, yaml_DOCUMENT_START_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT: + level++ + case yaml_STREAM_END_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_END_EVENT, yaml_MAPPING_END_EVENT: + level-- + } + if level == 0 { + return false + } + } + return true +} + +// Append a directive to the directives stack. +func yaml_emitter_append_tag_directive(emitter *yaml_emitter_t, value *yaml_tag_directive_t, allow_duplicates bool) bool { + for i := 0; i < len(emitter.tag_directives); i++ { + if bytes.Equal(value.handle, emitter.tag_directives[i].handle) { + if allow_duplicates { + return true + } + return yaml_emitter_set_emitter_error(emitter, "duplicate %TAG directive") + } + } + + // [Go] Do we actually need to copy this given garbage collection + // and the lack of deallocating destructors? + tag_copy := yaml_tag_directive_t{ + handle: make([]byte, len(value.handle)), + prefix: make([]byte, len(value.prefix)), + } + copy(tag_copy.handle, value.handle) + copy(tag_copy.prefix, value.prefix) + emitter.tag_directives = append(emitter.tag_directives, tag_copy) + return true +} + +// Increase the indentation level. +func yaml_emitter_increase_indent(emitter *yaml_emitter_t, flow, indentless bool) bool { + emitter.indents = append(emitter.indents, emitter.indent) + if emitter.indent < 0 { + if flow { + emitter.indent = emitter.best_indent + } else { + emitter.indent = 0 + } + } else if !indentless { + emitter.indent += emitter.best_indent + } + return true +} + +// State dispatcher. +func yaml_emitter_state_machine(emitter *yaml_emitter_t, event *yaml_event_t) bool { + switch emitter.state { + default: + case yaml_EMIT_STREAM_START_STATE: + return yaml_emitter_emit_stream_start(emitter, event) + + case yaml_EMIT_FIRST_DOCUMENT_START_STATE: + return yaml_emitter_emit_document_start(emitter, event, true) + + case yaml_EMIT_DOCUMENT_START_STATE: + return yaml_emitter_emit_document_start(emitter, event, false) + + case yaml_EMIT_DOCUMENT_CONTENT_STATE: + return yaml_emitter_emit_document_content(emitter, event) + + case yaml_EMIT_DOCUMENT_END_STATE: + return yaml_emitter_emit_document_end(emitter, event) + + case yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE: + return yaml_emitter_emit_flow_sequence_item(emitter, event, true) + + case yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE: + return yaml_emitter_emit_flow_sequence_item(emitter, event, false) + + case yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE: + return yaml_emitter_emit_flow_mapping_key(emitter, event, true) + + case yaml_EMIT_FLOW_MAPPING_KEY_STATE: + return yaml_emitter_emit_flow_mapping_key(emitter, event, false) + + case yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE: + return yaml_emitter_emit_flow_mapping_value(emitter, event, true) + + case yaml_EMIT_FLOW_MAPPING_VALUE_STATE: + return yaml_emitter_emit_flow_mapping_value(emitter, event, false) + + case yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE: + return yaml_emitter_emit_block_sequence_item(emitter, event, true) + + case yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE: + return yaml_emitter_emit_block_sequence_item(emitter, event, false) + + case yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE: + return yaml_emitter_emit_block_mapping_key(emitter, event, true) + + case yaml_EMIT_BLOCK_MAPPING_KEY_STATE: + return yaml_emitter_emit_block_mapping_key(emitter, event, false) + + case yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE: + return yaml_emitter_emit_block_mapping_value(emitter, event, true) + + case yaml_EMIT_BLOCK_MAPPING_VALUE_STATE: + return yaml_emitter_emit_block_mapping_value(emitter, event, false) + + case yaml_EMIT_END_STATE: + return yaml_emitter_set_emitter_error(emitter, "expected nothing after STREAM-END") + } + panic("invalid emitter state") +} + +// Expect STREAM-START. +func yaml_emitter_emit_stream_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if event.typ != yaml_STREAM_START_EVENT { + return yaml_emitter_set_emitter_error(emitter, "expected STREAM-START") + } + if emitter.encoding == yaml_ANY_ENCODING { + emitter.encoding = event.encoding + if emitter.encoding == yaml_ANY_ENCODING { + emitter.encoding = yaml_UTF8_ENCODING + } + } + if emitter.best_indent < 2 || emitter.best_indent > 9 { + emitter.best_indent = 2 + } + if emitter.best_width >= 0 && emitter.best_width <= emitter.best_indent*2 { + emitter.best_width = 80 + } + if emitter.best_width < 0 { + emitter.best_width = 1<<31 - 1 + } + if emitter.line_break == yaml_ANY_BREAK { + emitter.line_break = yaml_LN_BREAK + } + + emitter.indent = -1 + emitter.line = 0 + emitter.column = 0 + emitter.whitespace = true + emitter.indention = true + + if emitter.encoding != yaml_UTF8_ENCODING { + if !yaml_emitter_write_bom(emitter) { + return false + } + } + emitter.state = yaml_EMIT_FIRST_DOCUMENT_START_STATE + return true +} + +// Expect DOCUMENT-START or STREAM-END. +func yaml_emitter_emit_document_start(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { + + if event.typ == yaml_DOCUMENT_START_EVENT { + + if event.version_directive != nil { + if !yaml_emitter_analyze_version_directive(emitter, event.version_directive) { + return false + } + } + + for i := 0; i < len(event.tag_directives); i++ { + tag_directive := &event.tag_directives[i] + if !yaml_emitter_analyze_tag_directive(emitter, tag_directive) { + return false + } + if !yaml_emitter_append_tag_directive(emitter, tag_directive, false) { + return false + } + } + + for i := 0; i < len(default_tag_directives); i++ { + tag_directive := &default_tag_directives[i] + if !yaml_emitter_append_tag_directive(emitter, tag_directive, true) { + return false + } + } + + implicit := event.implicit + if !first || emitter.canonical { + implicit = false + } + + if emitter.open_ended && (event.version_directive != nil || len(event.tag_directives) > 0) { + if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + + if event.version_directive != nil { + implicit = false + if !yaml_emitter_write_indicator(emitter, []byte("%YAML"), true, false, false) { + return false + } + if !yaml_emitter_write_indicator(emitter, []byte("1.1"), true, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + + if len(event.tag_directives) > 0 { + implicit = false + for i := 0; i < len(event.tag_directives); i++ { + tag_directive := &event.tag_directives[i] + if !yaml_emitter_write_indicator(emitter, []byte("%TAG"), true, false, false) { + return false + } + if !yaml_emitter_write_tag_handle(emitter, tag_directive.handle) { + return false + } + if !yaml_emitter_write_tag_content(emitter, tag_directive.prefix, true) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + } + + if yaml_emitter_check_empty_document(emitter) { + implicit = false + } + if !implicit { + if !yaml_emitter_write_indent(emitter) { + return false + } + if !yaml_emitter_write_indicator(emitter, []byte("---"), true, false, false) { + return false + } + if emitter.canonical { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + } + + emitter.state = yaml_EMIT_DOCUMENT_CONTENT_STATE + return true + } + + if event.typ == yaml_STREAM_END_EVENT { + if emitter.open_ended { + if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !yaml_emitter_flush(emitter) { + return false + } + emitter.state = yaml_EMIT_END_STATE + return true + } + + return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-START or STREAM-END") +} + +// Expect the root node. +func yaml_emitter_emit_document_content(emitter *yaml_emitter_t, event *yaml_event_t) bool { + emitter.states = append(emitter.states, yaml_EMIT_DOCUMENT_END_STATE) + return yaml_emitter_emit_node(emitter, event, true, false, false, false) +} + +// Expect DOCUMENT-END. +func yaml_emitter_emit_document_end(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if event.typ != yaml_DOCUMENT_END_EVENT { + return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-END") + } + if !yaml_emitter_write_indent(emitter) { + return false + } + if !event.implicit { + // [Go] Allocate the slice elsewhere. + if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !yaml_emitter_flush(emitter) { + return false + } + emitter.state = yaml_EMIT_DOCUMENT_START_STATE + emitter.tag_directives = emitter.tag_directives[:0] + return true +} + +// Expect a flow item node. +func yaml_emitter_emit_flow_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { + if first { + if !yaml_emitter_write_indicator(emitter, []byte{'['}, true, true, false) { + return false + } + if !yaml_emitter_increase_indent(emitter, true, false) { + return false + } + emitter.flow_level++ + } + + if event.typ == yaml_SEQUENCE_END_EVENT { + emitter.flow_level-- + emitter.indent = emitter.indents[len(emitter.indents)-1] + emitter.indents = emitter.indents[:len(emitter.indents)-1] + if emitter.canonical && !first { + if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !yaml_emitter_write_indicator(emitter, []byte{']'}, false, false, false) { + return false + } + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + + return true + } + + if !first { + if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { + return false + } + } + + if emitter.canonical || emitter.column > emitter.best_width { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + emitter.states = append(emitter.states, yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE) + return yaml_emitter_emit_node(emitter, event, false, true, false, false) +} + +// Expect a flow key node. +func yaml_emitter_emit_flow_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { + if first { + if !yaml_emitter_write_indicator(emitter, []byte{'{'}, true, true, false) { + return false + } + if !yaml_emitter_increase_indent(emitter, true, false) { + return false + } + emitter.flow_level++ + } + + if event.typ == yaml_MAPPING_END_EVENT { + emitter.flow_level-- + emitter.indent = emitter.indents[len(emitter.indents)-1] + emitter.indents = emitter.indents[:len(emitter.indents)-1] + if emitter.canonical && !first { + if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { + return false + } + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !yaml_emitter_write_indicator(emitter, []byte{'}'}, false, false, false) { + return false + } + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + return true + } + + if !first { + if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { + return false + } + } + if emitter.canonical || emitter.column > emitter.best_width { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + + if !emitter.canonical && yaml_emitter_check_simple_key(emitter) { + emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, true) + } + if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, false) { + return false + } + emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_VALUE_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, false) +} + +// Expect a flow value node. +func yaml_emitter_emit_flow_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool { + if simple { + if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) { + return false + } + } else { + if emitter.canonical || emitter.column > emitter.best_width { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, false) { + return false + } + } + emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_KEY_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, false) +} + +// Expect a block item node. +func yaml_emitter_emit_block_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { + if first { + if !yaml_emitter_increase_indent(emitter, false, emitter.mapping_context && !emitter.indention) { + return false + } + } + if event.typ == yaml_SEQUENCE_END_EVENT { + emitter.indent = emitter.indents[len(emitter.indents)-1] + emitter.indents = emitter.indents[:len(emitter.indents)-1] + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + return true + } + if !yaml_emitter_write_indent(emitter) { + return false + } + if !yaml_emitter_write_indicator(emitter, []byte{'-'}, true, false, true) { + return false + } + emitter.states = append(emitter.states, yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE) + return yaml_emitter_emit_node(emitter, event, false, true, false, false) +} + +// Expect a block key node. +func yaml_emitter_emit_block_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { + if first { + if !yaml_emitter_increase_indent(emitter, false, false) { + return false + } + } + if event.typ == yaml_MAPPING_END_EVENT { + emitter.indent = emitter.indents[len(emitter.indents)-1] + emitter.indents = emitter.indents[:len(emitter.indents)-1] + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + return true + } + if !yaml_emitter_write_indent(emitter) { + return false + } + if yaml_emitter_check_simple_key(emitter) { + emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, true) + } + if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, true) { + return false + } + emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_VALUE_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, false) +} + +// Expect a block value node. +func yaml_emitter_emit_block_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool { + if simple { + if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) { + return false + } + } else { + if !yaml_emitter_write_indent(emitter) { + return false + } + if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, true) { + return false + } + } + emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_KEY_STATE) + return yaml_emitter_emit_node(emitter, event, false, false, true, false) +} + +// Expect a node. +func yaml_emitter_emit_node(emitter *yaml_emitter_t, event *yaml_event_t, + root bool, sequence bool, mapping bool, simple_key bool) bool { + + emitter.root_context = root + emitter.sequence_context = sequence + emitter.mapping_context = mapping + emitter.simple_key_context = simple_key + + switch event.typ { + case yaml_ALIAS_EVENT: + return yaml_emitter_emit_alias(emitter, event) + case yaml_SCALAR_EVENT: + return yaml_emitter_emit_scalar(emitter, event) + case yaml_SEQUENCE_START_EVENT: + return yaml_emitter_emit_sequence_start(emitter, event) + case yaml_MAPPING_START_EVENT: + return yaml_emitter_emit_mapping_start(emitter, event) + default: + return yaml_emitter_set_emitter_error(emitter, + fmt.Sprintf("expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS, but got %v", event.typ)) + } +} + +// Expect ALIAS. +func yaml_emitter_emit_alias(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if !yaml_emitter_process_anchor(emitter) { + return false + } + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + return true +} + +// Expect SCALAR. +func yaml_emitter_emit_scalar(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if !yaml_emitter_select_scalar_style(emitter, event) { + return false + } + if !yaml_emitter_process_anchor(emitter) { + return false + } + if !yaml_emitter_process_tag(emitter) { + return false + } + if !yaml_emitter_increase_indent(emitter, true, false) { + return false + } + if !yaml_emitter_process_scalar(emitter) { + return false + } + emitter.indent = emitter.indents[len(emitter.indents)-1] + emitter.indents = emitter.indents[:len(emitter.indents)-1] + emitter.state = emitter.states[len(emitter.states)-1] + emitter.states = emitter.states[:len(emitter.states)-1] + return true +} + +// Expect SEQUENCE-START. +func yaml_emitter_emit_sequence_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if !yaml_emitter_process_anchor(emitter) { + return false + } + if !yaml_emitter_process_tag(emitter) { + return false + } + if emitter.flow_level > 0 || emitter.canonical || event.sequence_style() == yaml_FLOW_SEQUENCE_STYLE || + yaml_emitter_check_empty_sequence(emitter) { + emitter.state = yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE + } else { + emitter.state = yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE + } + return true +} + +// Expect MAPPING-START. +func yaml_emitter_emit_mapping_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { + if !yaml_emitter_process_anchor(emitter) { + return false + } + if !yaml_emitter_process_tag(emitter) { + return false + } + if emitter.flow_level > 0 || emitter.canonical || event.mapping_style() == yaml_FLOW_MAPPING_STYLE || + yaml_emitter_check_empty_mapping(emitter) { + emitter.state = yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE + } else { + emitter.state = yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE + } + return true +} + +// Check if the document content is an empty scalar. +func yaml_emitter_check_empty_document(emitter *yaml_emitter_t) bool { + return false // [Go] Huh? +} + +// Check if the next events represent an empty sequence. +func yaml_emitter_check_empty_sequence(emitter *yaml_emitter_t) bool { + if len(emitter.events)-emitter.events_head < 2 { + return false + } + return emitter.events[emitter.events_head].typ == yaml_SEQUENCE_START_EVENT && + emitter.events[emitter.events_head+1].typ == yaml_SEQUENCE_END_EVENT +} + +// Check if the next events represent an empty mapping. +func yaml_emitter_check_empty_mapping(emitter *yaml_emitter_t) bool { + if len(emitter.events)-emitter.events_head < 2 { + return false + } + return emitter.events[emitter.events_head].typ == yaml_MAPPING_START_EVENT && + emitter.events[emitter.events_head+1].typ == yaml_MAPPING_END_EVENT +} + +// Check if the next node can be expressed as a simple key. +func yaml_emitter_check_simple_key(emitter *yaml_emitter_t) bool { + length := 0 + switch emitter.events[emitter.events_head].typ { + case yaml_ALIAS_EVENT: + length += len(emitter.anchor_data.anchor) + case yaml_SCALAR_EVENT: + if emitter.scalar_data.multiline { + return false + } + length += len(emitter.anchor_data.anchor) + + len(emitter.tag_data.handle) + + len(emitter.tag_data.suffix) + + len(emitter.scalar_data.value) + case yaml_SEQUENCE_START_EVENT: + if !yaml_emitter_check_empty_sequence(emitter) { + return false + } + length += len(emitter.anchor_data.anchor) + + len(emitter.tag_data.handle) + + len(emitter.tag_data.suffix) + case yaml_MAPPING_START_EVENT: + if !yaml_emitter_check_empty_mapping(emitter) { + return false + } + length += len(emitter.anchor_data.anchor) + + len(emitter.tag_data.handle) + + len(emitter.tag_data.suffix) + default: + return false + } + return length <= 128 +} + +// Determine an acceptable scalar style. +func yaml_emitter_select_scalar_style(emitter *yaml_emitter_t, event *yaml_event_t) bool { + + no_tag := len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 + if no_tag && !event.implicit && !event.quoted_implicit { + return yaml_emitter_set_emitter_error(emitter, "neither tag nor implicit flags are specified") + } + + style := event.scalar_style() + if style == yaml_ANY_SCALAR_STYLE { + style = yaml_PLAIN_SCALAR_STYLE + } + if emitter.canonical { + style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + if emitter.simple_key_context && emitter.scalar_data.multiline { + style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + + if style == yaml_PLAIN_SCALAR_STYLE { + if emitter.flow_level > 0 && !emitter.scalar_data.flow_plain_allowed || + emitter.flow_level == 0 && !emitter.scalar_data.block_plain_allowed { + style = yaml_SINGLE_QUOTED_SCALAR_STYLE + } + if len(emitter.scalar_data.value) == 0 && (emitter.flow_level > 0 || emitter.simple_key_context) { + style = yaml_SINGLE_QUOTED_SCALAR_STYLE + } + if no_tag && !event.implicit { + style = yaml_SINGLE_QUOTED_SCALAR_STYLE + } + } + if style == yaml_SINGLE_QUOTED_SCALAR_STYLE { + if !emitter.scalar_data.single_quoted_allowed { + style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + } + if style == yaml_LITERAL_SCALAR_STYLE || style == yaml_FOLDED_SCALAR_STYLE { + if !emitter.scalar_data.block_allowed || emitter.flow_level > 0 || emitter.simple_key_context { + style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + } + + if no_tag && !event.quoted_implicit && style != yaml_PLAIN_SCALAR_STYLE { + emitter.tag_data.handle = []byte{'!'} + } + emitter.scalar_data.style = style + return true +} + +// Write an anchor. +func yaml_emitter_process_anchor(emitter *yaml_emitter_t) bool { + if emitter.anchor_data.anchor == nil { + return true + } + c := []byte{'&'} + if emitter.anchor_data.alias { + c[0] = '*' + } + if !yaml_emitter_write_indicator(emitter, c, true, false, false) { + return false + } + return yaml_emitter_write_anchor(emitter, emitter.anchor_data.anchor) +} + +// Write a tag. +func yaml_emitter_process_tag(emitter *yaml_emitter_t) bool { + if len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 { + return true + } + if len(emitter.tag_data.handle) > 0 { + if !yaml_emitter_write_tag_handle(emitter, emitter.tag_data.handle) { + return false + } + if len(emitter.tag_data.suffix) > 0 { + if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) { + return false + } + } + } else { + // [Go] Allocate these slices elsewhere. + if !yaml_emitter_write_indicator(emitter, []byte("!<"), true, false, false) { + return false + } + if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) { + return false + } + if !yaml_emitter_write_indicator(emitter, []byte{'>'}, false, false, false) { + return false + } + } + return true +} + +// Write a scalar. +func yaml_emitter_process_scalar(emitter *yaml_emitter_t) bool { + switch emitter.scalar_data.style { + case yaml_PLAIN_SCALAR_STYLE: + return yaml_emitter_write_plain_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) + + case yaml_SINGLE_QUOTED_SCALAR_STYLE: + return yaml_emitter_write_single_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) + + case yaml_DOUBLE_QUOTED_SCALAR_STYLE: + return yaml_emitter_write_double_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) + + case yaml_LITERAL_SCALAR_STYLE: + return yaml_emitter_write_literal_scalar(emitter, emitter.scalar_data.value) + + case yaml_FOLDED_SCALAR_STYLE: + return yaml_emitter_write_folded_scalar(emitter, emitter.scalar_data.value) + } + panic("unknown scalar style") +} + +// Check if a %YAML directive is valid. +func yaml_emitter_analyze_version_directive(emitter *yaml_emitter_t, version_directive *yaml_version_directive_t) bool { + if version_directive.major != 1 || version_directive.minor != 1 { + return yaml_emitter_set_emitter_error(emitter, "incompatible %YAML directive") + } + return true +} + +// Check if a %TAG directive is valid. +func yaml_emitter_analyze_tag_directive(emitter *yaml_emitter_t, tag_directive *yaml_tag_directive_t) bool { + handle := tag_directive.handle + prefix := tag_directive.prefix + if len(handle) == 0 { + return yaml_emitter_set_emitter_error(emitter, "tag handle must not be empty") + } + if handle[0] != '!' { + return yaml_emitter_set_emitter_error(emitter, "tag handle must start with '!'") + } + if handle[len(handle)-1] != '!' { + return yaml_emitter_set_emitter_error(emitter, "tag handle must end with '!'") + } + for i := 1; i < len(handle)-1; i += width(handle[i]) { + if !is_alpha(handle, i) { + return yaml_emitter_set_emitter_error(emitter, "tag handle must contain alphanumerical characters only") + } + } + if len(prefix) == 0 { + return yaml_emitter_set_emitter_error(emitter, "tag prefix must not be empty") + } + return true +} + +// Check if an anchor is valid. +func yaml_emitter_analyze_anchor(emitter *yaml_emitter_t, anchor []byte, alias bool) bool { + if len(anchor) == 0 { + problem := "anchor value must not be empty" + if alias { + problem = "alias value must not be empty" + } + return yaml_emitter_set_emitter_error(emitter, problem) + } + for i := 0; i < len(anchor); i += width(anchor[i]) { + if !is_alpha(anchor, i) { + problem := "anchor value must contain alphanumerical characters only" + if alias { + problem = "alias value must contain alphanumerical characters only" + } + return yaml_emitter_set_emitter_error(emitter, problem) + } + } + emitter.anchor_data.anchor = anchor + emitter.anchor_data.alias = alias + return true +} + +// Check if a tag is valid. +func yaml_emitter_analyze_tag(emitter *yaml_emitter_t, tag []byte) bool { + if len(tag) == 0 { + return yaml_emitter_set_emitter_error(emitter, "tag value must not be empty") + } + for i := 0; i < len(emitter.tag_directives); i++ { + tag_directive := &emitter.tag_directives[i] + if bytes.HasPrefix(tag, tag_directive.prefix) { + emitter.tag_data.handle = tag_directive.handle + emitter.tag_data.suffix = tag[len(tag_directive.prefix):] + return true + } + } + emitter.tag_data.suffix = tag + return true +} + +// Check if a scalar is valid. +func yaml_emitter_analyze_scalar(emitter *yaml_emitter_t, value []byte) bool { + var ( + block_indicators = false + flow_indicators = false + line_breaks = false + special_characters = false + + leading_space = false + leading_break = false + trailing_space = false + trailing_break = false + break_space = false + space_break = false + + preceded_by_whitespace = false + followed_by_whitespace = false + previous_space = false + previous_break = false + ) + + emitter.scalar_data.value = value + + if len(value) == 0 { + emitter.scalar_data.multiline = false + emitter.scalar_data.flow_plain_allowed = false + emitter.scalar_data.block_plain_allowed = true + emitter.scalar_data.single_quoted_allowed = true + emitter.scalar_data.block_allowed = false + return true + } + + if len(value) >= 3 && ((value[0] == '-' && value[1] == '-' && value[2] == '-') || (value[0] == '.' && value[1] == '.' && value[2] == '.')) { + block_indicators = true + flow_indicators = true + } + + preceded_by_whitespace = true + for i, w := 0, 0; i < len(value); i += w { + w = width(value[i]) + followed_by_whitespace = i+w >= len(value) || is_blank(value, i+w) + + if i == 0 { + switch value[i] { + case '#', ',', '[', ']', '{', '}', '&', '*', '!', '|', '>', '\'', '"', '%', '@', '`': + flow_indicators = true + block_indicators = true + case '?', ':': + flow_indicators = true + if followed_by_whitespace { + block_indicators = true + } + case '-': + if followed_by_whitespace { + flow_indicators = true + block_indicators = true + } + } + } else { + switch value[i] { + case ',', '?', '[', ']', '{', '}': + flow_indicators = true + case ':': + flow_indicators = true + if followed_by_whitespace { + block_indicators = true + } + case '#': + if preceded_by_whitespace { + flow_indicators = true + block_indicators = true + } + } + } + + if !is_printable(value, i) || !is_ascii(value, i) && !emitter.unicode { + special_characters = true + } + if is_space(value, i) { + if i == 0 { + leading_space = true + } + if i+width(value[i]) == len(value) { + trailing_space = true + } + if previous_break { + break_space = true + } + previous_space = true + previous_break = false + } else if is_break(value, i) { + line_breaks = true + if i == 0 { + leading_break = true + } + if i+width(value[i]) == len(value) { + trailing_break = true + } + if previous_space { + space_break = true + } + previous_space = false + previous_break = true + } else { + previous_space = false + previous_break = false + } + + // [Go]: Why 'z'? Couldn't be the end of the string as that's the loop condition. + preceded_by_whitespace = is_blankz(value, i) + } + + emitter.scalar_data.multiline = line_breaks + emitter.scalar_data.flow_plain_allowed = true + emitter.scalar_data.block_plain_allowed = true + emitter.scalar_data.single_quoted_allowed = true + emitter.scalar_data.block_allowed = true + + if leading_space || leading_break || trailing_space || trailing_break { + emitter.scalar_data.flow_plain_allowed = false + emitter.scalar_data.block_plain_allowed = false + } + if trailing_space { + emitter.scalar_data.block_allowed = false + } + if break_space { + emitter.scalar_data.flow_plain_allowed = false + emitter.scalar_data.block_plain_allowed = false + emitter.scalar_data.single_quoted_allowed = false + } + if space_break || special_characters { + emitter.scalar_data.flow_plain_allowed = false + emitter.scalar_data.block_plain_allowed = false + emitter.scalar_data.single_quoted_allowed = false + emitter.scalar_data.block_allowed = false + } + if line_breaks { + emitter.scalar_data.flow_plain_allowed = false + emitter.scalar_data.block_plain_allowed = false + } + if flow_indicators { + emitter.scalar_data.flow_plain_allowed = false + } + if block_indicators { + emitter.scalar_data.block_plain_allowed = false + } + return true +} + +// Check if the event data is valid. +func yaml_emitter_analyze_event(emitter *yaml_emitter_t, event *yaml_event_t) bool { + + emitter.anchor_data.anchor = nil + emitter.tag_data.handle = nil + emitter.tag_data.suffix = nil + emitter.scalar_data.value = nil + + switch event.typ { + case yaml_ALIAS_EVENT: + if !yaml_emitter_analyze_anchor(emitter, event.anchor, true) { + return false + } + + case yaml_SCALAR_EVENT: + if len(event.anchor) > 0 { + if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { + return false + } + } + if len(event.tag) > 0 && (emitter.canonical || (!event.implicit && !event.quoted_implicit)) { + if !yaml_emitter_analyze_tag(emitter, event.tag) { + return false + } + } + if !yaml_emitter_analyze_scalar(emitter, event.value) { + return false + } + + case yaml_SEQUENCE_START_EVENT: + if len(event.anchor) > 0 { + if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { + return false + } + } + if len(event.tag) > 0 && (emitter.canonical || !event.implicit) { + if !yaml_emitter_analyze_tag(emitter, event.tag) { + return false + } + } + + case yaml_MAPPING_START_EVENT: + if len(event.anchor) > 0 { + if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { + return false + } + } + if len(event.tag) > 0 && (emitter.canonical || !event.implicit) { + if !yaml_emitter_analyze_tag(emitter, event.tag) { + return false + } + } + } + return true +} + +// Write the BOM character. +func yaml_emitter_write_bom(emitter *yaml_emitter_t) bool { + if !flush(emitter) { + return false + } + pos := emitter.buffer_pos + emitter.buffer[pos+0] = '\xEF' + emitter.buffer[pos+1] = '\xBB' + emitter.buffer[pos+2] = '\xBF' + emitter.buffer_pos += 3 + return true +} + +func yaml_emitter_write_indent(emitter *yaml_emitter_t) bool { + indent := emitter.indent + if indent < 0 { + indent = 0 + } + if !emitter.indention || emitter.column > indent || (emitter.column == indent && !emitter.whitespace) { + if !put_break(emitter) { + return false + } + } + for emitter.column < indent { + if !put(emitter, ' ') { + return false + } + } + emitter.whitespace = true + emitter.indention = true + return true +} + +func yaml_emitter_write_indicator(emitter *yaml_emitter_t, indicator []byte, need_whitespace, is_whitespace, is_indention bool) bool { + if need_whitespace && !emitter.whitespace { + if !put(emitter, ' ') { + return false + } + } + if !write_all(emitter, indicator) { + return false + } + emitter.whitespace = is_whitespace + emitter.indention = (emitter.indention && is_indention) + emitter.open_ended = false + return true +} + +func yaml_emitter_write_anchor(emitter *yaml_emitter_t, value []byte) bool { + if !write_all(emitter, value) { + return false + } + emitter.whitespace = false + emitter.indention = false + return true +} + +func yaml_emitter_write_tag_handle(emitter *yaml_emitter_t, value []byte) bool { + if !emitter.whitespace { + if !put(emitter, ' ') { + return false + } + } + if !write_all(emitter, value) { + return false + } + emitter.whitespace = false + emitter.indention = false + return true +} + +func yaml_emitter_write_tag_content(emitter *yaml_emitter_t, value []byte, need_whitespace bool) bool { + if need_whitespace && !emitter.whitespace { + if !put(emitter, ' ') { + return false + } + } + for i := 0; i < len(value); { + var must_write bool + switch value[i] { + case ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '_', '.', '~', '*', '\'', '(', ')', '[', ']': + must_write = true + default: + must_write = is_alpha(value, i) + } + if must_write { + if !write(emitter, value, &i) { + return false + } + } else { + w := width(value[i]) + for k := 0; k < w; k++ { + octet := value[i] + i++ + if !put(emitter, '%') { + return false + } + + c := octet >> 4 + if c < 10 { + c += '0' + } else { + c += 'A' - 10 + } + if !put(emitter, c) { + return false + } + + c = octet & 0x0f + if c < 10 { + c += '0' + } else { + c += 'A' - 10 + } + if !put(emitter, c) { + return false + } + } + } + } + emitter.whitespace = false + emitter.indention = false + return true +} + +func yaml_emitter_write_plain_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { + if !emitter.whitespace { + if !put(emitter, ' ') { + return false + } + } + + spaces := false + breaks := false + for i := 0; i < len(value); { + if is_space(value, i) { + if allow_breaks && !spaces && emitter.column > emitter.best_width && !is_space(value, i+1) { + if !yaml_emitter_write_indent(emitter) { + return false + } + i += width(value[i]) + } else { + if !write(emitter, value, &i) { + return false + } + } + spaces = true + } else if is_break(value, i) { + if !breaks && value[i] == '\n' { + if !put_break(emitter) { + return false + } + } + if !write_break(emitter, value, &i) { + return false + } + emitter.indention = true + breaks = true + } else { + if breaks { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !write(emitter, value, &i) { + return false + } + emitter.indention = false + spaces = false + breaks = false + } + } + + emitter.whitespace = false + emitter.indention = false + if emitter.root_context { + emitter.open_ended = true + } + + return true +} + +func yaml_emitter_write_single_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { + + if !yaml_emitter_write_indicator(emitter, []byte{'\''}, true, false, false) { + return false + } + + spaces := false + breaks := false + for i := 0; i < len(value); { + if is_space(value, i) { + if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 && !is_space(value, i+1) { + if !yaml_emitter_write_indent(emitter) { + return false + } + i += width(value[i]) + } else { + if !write(emitter, value, &i) { + return false + } + } + spaces = true + } else if is_break(value, i) { + if !breaks && value[i] == '\n' { + if !put_break(emitter) { + return false + } + } + if !write_break(emitter, value, &i) { + return false + } + emitter.indention = true + breaks = true + } else { + if breaks { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if value[i] == '\'' { + if !put(emitter, '\'') { + return false + } + } + if !write(emitter, value, &i) { + return false + } + emitter.indention = false + spaces = false + breaks = false + } + } + if !yaml_emitter_write_indicator(emitter, []byte{'\''}, false, false, false) { + return false + } + emitter.whitespace = false + emitter.indention = false + return true +} + +func yaml_emitter_write_double_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { + spaces := false + if !yaml_emitter_write_indicator(emitter, []byte{'"'}, true, false, false) { + return false + } + + for i := 0; i < len(value); { + if !is_printable(value, i) || (!emitter.unicode && !is_ascii(value, i)) || + is_bom(value, i) || is_break(value, i) || + value[i] == '"' || value[i] == '\\' { + + octet := value[i] + + var w int + var v rune + switch { + case octet&0x80 == 0x00: + w, v = 1, rune(octet&0x7F) + case octet&0xE0 == 0xC0: + w, v = 2, rune(octet&0x1F) + case octet&0xF0 == 0xE0: + w, v = 3, rune(octet&0x0F) + case octet&0xF8 == 0xF0: + w, v = 4, rune(octet&0x07) + } + for k := 1; k < w; k++ { + octet = value[i+k] + v = (v << 6) + (rune(octet) & 0x3F) + } + i += w + + if !put(emitter, '\\') { + return false + } + + var ok bool + switch v { + case 0x00: + ok = put(emitter, '0') + case 0x07: + ok = put(emitter, 'a') + case 0x08: + ok = put(emitter, 'b') + case 0x09: + ok = put(emitter, 't') + case 0x0A: + ok = put(emitter, 'n') + case 0x0b: + ok = put(emitter, 'v') + case 0x0c: + ok = put(emitter, 'f') + case 0x0d: + ok = put(emitter, 'r') + case 0x1b: + ok = put(emitter, 'e') + case 0x22: + ok = put(emitter, '"') + case 0x5c: + ok = put(emitter, '\\') + case 0x85: + ok = put(emitter, 'N') + case 0xA0: + ok = put(emitter, '_') + case 0x2028: + ok = put(emitter, 'L') + case 0x2029: + ok = put(emitter, 'P') + default: + if v <= 0xFF { + ok = put(emitter, 'x') + w = 2 + } else if v <= 0xFFFF { + ok = put(emitter, 'u') + w = 4 + } else { + ok = put(emitter, 'U') + w = 8 + } + for k := (w - 1) * 4; ok && k >= 0; k -= 4 { + digit := byte((v >> uint(k)) & 0x0F) + if digit < 10 { + ok = put(emitter, digit+'0') + } else { + ok = put(emitter, digit+'A'-10) + } + } + } + if !ok { + return false + } + spaces = false + } else if is_space(value, i) { + if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 { + if !yaml_emitter_write_indent(emitter) { + return false + } + if is_space(value, i+1) { + if !put(emitter, '\\') { + return false + } + } + i += width(value[i]) + } else if !write(emitter, value, &i) { + return false + } + spaces = true + } else { + if !write(emitter, value, &i) { + return false + } + spaces = false + } + } + if !yaml_emitter_write_indicator(emitter, []byte{'"'}, false, false, false) { + return false + } + emitter.whitespace = false + emitter.indention = false + return true +} + +func yaml_emitter_write_block_scalar_hints(emitter *yaml_emitter_t, value []byte) bool { + if is_space(value, 0) || is_break(value, 0) { + indent_hint := []byte{'0' + byte(emitter.best_indent)} + if !yaml_emitter_write_indicator(emitter, indent_hint, false, false, false) { + return false + } + } + + emitter.open_ended = false + + var chomp_hint [1]byte + if len(value) == 0 { + chomp_hint[0] = '-' + } else { + i := len(value) - 1 + for value[i]&0xC0 == 0x80 { + i-- + } + if !is_break(value, i) { + chomp_hint[0] = '-' + } else if i == 0 { + chomp_hint[0] = '+' + emitter.open_ended = true + } else { + i-- + for value[i]&0xC0 == 0x80 { + i-- + } + if is_break(value, i) { + chomp_hint[0] = '+' + emitter.open_ended = true + } + } + } + if chomp_hint[0] != 0 { + if !yaml_emitter_write_indicator(emitter, chomp_hint[:], false, false, false) { + return false + } + } + return true +} + +func yaml_emitter_write_literal_scalar(emitter *yaml_emitter_t, value []byte) bool { + if !yaml_emitter_write_indicator(emitter, []byte{'|'}, true, false, false) { + return false + } + if !yaml_emitter_write_block_scalar_hints(emitter, value) { + return false + } + if !put_break(emitter) { + return false + } + emitter.indention = true + emitter.whitespace = true + breaks := true + for i := 0; i < len(value); { + if is_break(value, i) { + if !write_break(emitter, value, &i) { + return false + } + emitter.indention = true + breaks = true + } else { + if breaks { + if !yaml_emitter_write_indent(emitter) { + return false + } + } + if !write(emitter, value, &i) { + return false + } + emitter.indention = false + breaks = false + } + } + + return true +} + +func yaml_emitter_write_folded_scalar(emitter *yaml_emitter_t, value []byte) bool { + if !yaml_emitter_write_indicator(emitter, []byte{'>'}, true, false, false) { + return false + } + if !yaml_emitter_write_block_scalar_hints(emitter, value) { + return false + } + + if !put_break(emitter) { + return false + } + emitter.indention = true + emitter.whitespace = true + + breaks := true + leading_spaces := true + for i := 0; i < len(value); { + if is_break(value, i) { + if !breaks && !leading_spaces && value[i] == '\n' { + k := 0 + for is_break(value, k) { + k += width(value[k]) + } + if !is_blankz(value, k) { + if !put_break(emitter) { + return false + } + } + } + if !write_break(emitter, value, &i) { + return false + } + emitter.indention = true + breaks = true + } else { + if breaks { + if !yaml_emitter_write_indent(emitter) { + return false + } + leading_spaces = is_blank(value, i) + } + if !breaks && is_space(value, i) && !is_space(value, i+1) && emitter.column > emitter.best_width { + if !yaml_emitter_write_indent(emitter) { + return false + } + i += width(value[i]) + } else { + if !write(emitter, value, &i) { + return false + } + } + emitter.indention = false + breaks = false + } + } + return true +} diff --git a/vendor/gopkg.in/yaml.v2/encode.go b/vendor/gopkg.in/yaml.v2/encode.go new file mode 100644 index 00000000000..0ee738e11b6 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/encode.go @@ -0,0 +1,390 @@ +package yaml + +import ( + "encoding" + "fmt" + "io" + "reflect" + "regexp" + "sort" + "strconv" + "strings" + "time" + "unicode/utf8" +) + +// jsonNumber is the interface of the encoding/json.Number datatype. +// Repeating the interface here avoids a dependency on encoding/json, and also +// supports other libraries like jsoniter, which use a similar datatype with +// the same interface. Detecting this interface is useful when dealing with +// structures containing json.Number, which is a string under the hood. The +// encoder should prefer the use of Int64(), Float64() and string(), in that +// order, when encoding this type. +type jsonNumber interface { + Float64() (float64, error) + Int64() (int64, error) + String() string +} + +type encoder struct { + emitter yaml_emitter_t + event yaml_event_t + out []byte + flow bool + // doneInit holds whether the initial stream_start_event has been + // emitted. + doneInit bool +} + +func newEncoder() *encoder { + e := &encoder{} + yaml_emitter_initialize(&e.emitter) + yaml_emitter_set_output_string(&e.emitter, &e.out) + yaml_emitter_set_unicode(&e.emitter, true) + return e +} + +func newEncoderWithWriter(w io.Writer) *encoder { + e := &encoder{} + yaml_emitter_initialize(&e.emitter) + yaml_emitter_set_output_writer(&e.emitter, w) + yaml_emitter_set_unicode(&e.emitter, true) + return e +} + +func (e *encoder) init() { + if e.doneInit { + return + } + yaml_stream_start_event_initialize(&e.event, yaml_UTF8_ENCODING) + e.emit() + e.doneInit = true +} + +func (e *encoder) finish() { + e.emitter.open_ended = false + yaml_stream_end_event_initialize(&e.event) + e.emit() +} + +func (e *encoder) destroy() { + yaml_emitter_delete(&e.emitter) +} + +func (e *encoder) emit() { + // This will internally delete the e.event value. + e.must(yaml_emitter_emit(&e.emitter, &e.event)) +} + +func (e *encoder) must(ok bool) { + if !ok { + msg := e.emitter.problem + if msg == "" { + msg = "unknown problem generating YAML content" + } + failf("%s", msg) + } +} + +func (e *encoder) marshalDoc(tag string, in reflect.Value) { + e.init() + yaml_document_start_event_initialize(&e.event, nil, nil, true) + e.emit() + e.marshal(tag, in) + yaml_document_end_event_initialize(&e.event, true) + e.emit() +} + +func (e *encoder) marshal(tag string, in reflect.Value) { + if !in.IsValid() || in.Kind() == reflect.Ptr && in.IsNil() { + e.nilv() + return + } + iface := in.Interface() + switch m := iface.(type) { + case jsonNumber: + integer, err := m.Int64() + if err == nil { + // In this case the json.Number is a valid int64 + in = reflect.ValueOf(integer) + break + } + float, err := m.Float64() + if err == nil { + // In this case the json.Number is a valid float64 + in = reflect.ValueOf(float) + break + } + // fallback case - no number could be obtained + in = reflect.ValueOf(m.String()) + case time.Time, *time.Time: + // Although time.Time implements TextMarshaler, + // we don't want to treat it as a string for YAML + // purposes because YAML has special support for + // timestamps. + case Marshaler: + v, err := m.MarshalYAML() + if err != nil { + fail(err) + } + if v == nil { + e.nilv() + return + } + in = reflect.ValueOf(v) + case encoding.TextMarshaler: + text, err := m.MarshalText() + if err != nil { + fail(err) + } + in = reflect.ValueOf(string(text)) + case nil: + e.nilv() + return + } + switch in.Kind() { + case reflect.Interface: + e.marshal(tag, in.Elem()) + case reflect.Map: + e.mapv(tag, in) + case reflect.Ptr: + if in.Type() == ptrTimeType { + e.timev(tag, in.Elem()) + } else { + e.marshal(tag, in.Elem()) + } + case reflect.Struct: + if in.Type() == timeType { + e.timev(tag, in) + } else { + e.structv(tag, in) + } + case reflect.Slice, reflect.Array: + if in.Type().Elem() == mapItemType { + e.itemsv(tag, in) + } else { + e.slicev(tag, in) + } + case reflect.String: + e.stringv(tag, in) + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if in.Type() == durationType { + e.stringv(tag, reflect.ValueOf(iface.(time.Duration).String())) + } else { + e.intv(tag, in) + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + e.uintv(tag, in) + case reflect.Float32, reflect.Float64: + e.floatv(tag, in) + case reflect.Bool: + e.boolv(tag, in) + default: + panic("cannot marshal type: " + in.Type().String()) + } +} + +func (e *encoder) mapv(tag string, in reflect.Value) { + e.mappingv(tag, func() { + keys := keyList(in.MapKeys()) + sort.Sort(keys) + for _, k := range keys { + e.marshal("", k) + e.marshal("", in.MapIndex(k)) + } + }) +} + +func (e *encoder) itemsv(tag string, in reflect.Value) { + e.mappingv(tag, func() { + slice := in.Convert(reflect.TypeOf([]MapItem{})).Interface().([]MapItem) + for _, item := range slice { + e.marshal("", reflect.ValueOf(item.Key)) + e.marshal("", reflect.ValueOf(item.Value)) + } + }) +} + +func (e *encoder) structv(tag string, in reflect.Value) { + sinfo, err := getStructInfo(in.Type()) + if err != nil { + panic(err) + } + e.mappingv(tag, func() { + for _, info := range sinfo.FieldsList { + var value reflect.Value + if info.Inline == nil { + value = in.Field(info.Num) + } else { + value = in.FieldByIndex(info.Inline) + } + if info.OmitEmpty && isZero(value) { + continue + } + e.marshal("", reflect.ValueOf(info.Key)) + e.flow = info.Flow + e.marshal("", value) + } + if sinfo.InlineMap >= 0 { + m := in.Field(sinfo.InlineMap) + if m.Len() > 0 { + e.flow = false + keys := keyList(m.MapKeys()) + sort.Sort(keys) + for _, k := range keys { + if _, found := sinfo.FieldsMap[k.String()]; found { + panic(fmt.Sprintf("Can't have key %q in inlined map; conflicts with struct field", k.String())) + } + e.marshal("", k) + e.flow = false + e.marshal("", m.MapIndex(k)) + } + } + } + }) +} + +func (e *encoder) mappingv(tag string, f func()) { + implicit := tag == "" + style := yaml_BLOCK_MAPPING_STYLE + if e.flow { + e.flow = false + style = yaml_FLOW_MAPPING_STYLE + } + yaml_mapping_start_event_initialize(&e.event, nil, []byte(tag), implicit, style) + e.emit() + f() + yaml_mapping_end_event_initialize(&e.event) + e.emit() +} + +func (e *encoder) slicev(tag string, in reflect.Value) { + implicit := tag == "" + style := yaml_BLOCK_SEQUENCE_STYLE + if e.flow { + e.flow = false + style = yaml_FLOW_SEQUENCE_STYLE + } + e.must(yaml_sequence_start_event_initialize(&e.event, nil, []byte(tag), implicit, style)) + e.emit() + n := in.Len() + for i := 0; i < n; i++ { + e.marshal("", in.Index(i)) + } + e.must(yaml_sequence_end_event_initialize(&e.event)) + e.emit() +} + +// isBase60 returns whether s is in base 60 notation as defined in YAML 1.1. +// +// The base 60 float notation in YAML 1.1 is a terrible idea and is unsupported +// in YAML 1.2 and by this package, but these should be marshalled quoted for +// the time being for compatibility with other parsers. +func isBase60Float(s string) (result bool) { + // Fast path. + if s == "" { + return false + } + c := s[0] + if !(c == '+' || c == '-' || c >= '0' && c <= '9') || strings.IndexByte(s, ':') < 0 { + return false + } + // Do the full match. + return base60float.MatchString(s) +} + +// From http://yaml.org/type/float.html, except the regular expression there +// is bogus. In practice parsers do not enforce the "\.[0-9_]*" suffix. +var base60float = regexp.MustCompile(`^[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+(?:\.[0-9_]*)?$`) + +func (e *encoder) stringv(tag string, in reflect.Value) { + var style yaml_scalar_style_t + s := in.String() + canUsePlain := true + switch { + case !utf8.ValidString(s): + if tag == yaml_BINARY_TAG { + failf("explicitly tagged !!binary data must be base64-encoded") + } + if tag != "" { + failf("cannot marshal invalid UTF-8 data as %s", shortTag(tag)) + } + // It can't be encoded directly as YAML so use a binary tag + // and encode it as base64. + tag = yaml_BINARY_TAG + s = encodeBase64(s) + case tag == "": + // Check to see if it would resolve to a specific + // tag when encoded unquoted. If it doesn't, + // there's no need to quote it. + rtag, _ := resolve("", s) + canUsePlain = rtag == yaml_STR_TAG && !isBase60Float(s) + } + // Note: it's possible for user code to emit invalid YAML + // if they explicitly specify a tag and a string containing + // text that's incompatible with that tag. + switch { + case strings.Contains(s, "\n"): + style = yaml_LITERAL_SCALAR_STYLE + case canUsePlain: + style = yaml_PLAIN_SCALAR_STYLE + default: + style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + e.emitScalar(s, "", tag, style) +} + +func (e *encoder) boolv(tag string, in reflect.Value) { + var s string + if in.Bool() { + s = "true" + } else { + s = "false" + } + e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) intv(tag string, in reflect.Value) { + s := strconv.FormatInt(in.Int(), 10) + e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) uintv(tag string, in reflect.Value) { + s := strconv.FormatUint(in.Uint(), 10) + e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) timev(tag string, in reflect.Value) { + t := in.Interface().(time.Time) + s := t.Format(time.RFC3339Nano) + e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) floatv(tag string, in reflect.Value) { + // Issue #352: When formatting, use the precision of the underlying value + precision := 64 + if in.Kind() == reflect.Float32 { + precision = 32 + } + + s := strconv.FormatFloat(in.Float(), 'g', -1, precision) + switch s { + case "+Inf": + s = ".inf" + case "-Inf": + s = "-.inf" + case "NaN": + s = ".nan" + } + e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) nilv() { + e.emitScalar("null", "", "", yaml_PLAIN_SCALAR_STYLE) +} + +func (e *encoder) emitScalar(value, anchor, tag string, style yaml_scalar_style_t) { + implicit := tag == "" + e.must(yaml_scalar_event_initialize(&e.event, []byte(anchor), []byte(tag), []byte(value), implicit, implicit, style)) + e.emit() +} diff --git a/vendor/gopkg.in/yaml.v2/go.mod b/vendor/gopkg.in/yaml.v2/go.mod new file mode 100644 index 00000000000..1934e876945 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/go.mod @@ -0,0 +1,5 @@ +module "gopkg.in/yaml.v2" + +require ( + "gopkg.in/check.v1" v0.0.0-20161208181325-20d25e280405 +) diff --git a/vendor/gopkg.in/yaml.v2/parserc.go b/vendor/gopkg.in/yaml.v2/parserc.go new file mode 100644 index 00000000000..81d05dfe573 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/parserc.go @@ -0,0 +1,1095 @@ +package yaml + +import ( + "bytes" +) + +// The parser implements the following grammar: +// +// stream ::= STREAM-START implicit_document? explicit_document* STREAM-END +// implicit_document ::= block_node DOCUMENT-END* +// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* +// block_node_or_indentless_sequence ::= +// ALIAS +// | properties (block_content | indentless_block_sequence)? +// | block_content +// | indentless_block_sequence +// block_node ::= ALIAS +// | properties block_content? +// | block_content +// flow_node ::= ALIAS +// | properties flow_content? +// | flow_content +// properties ::= TAG ANCHOR? | ANCHOR TAG? +// block_content ::= block_collection | flow_collection | SCALAR +// flow_content ::= flow_collection | SCALAR +// block_collection ::= block_sequence | block_mapping +// flow_collection ::= flow_sequence | flow_mapping +// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END +// indentless_sequence ::= (BLOCK-ENTRY block_node?)+ +// block_mapping ::= BLOCK-MAPPING_START +// ((KEY block_node_or_indentless_sequence?)? +// (VALUE block_node_or_indentless_sequence?)?)* +// BLOCK-END +// flow_sequence ::= FLOW-SEQUENCE-START +// (flow_sequence_entry FLOW-ENTRY)* +// flow_sequence_entry? +// FLOW-SEQUENCE-END +// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// flow_mapping ::= FLOW-MAPPING-START +// (flow_mapping_entry FLOW-ENTRY)* +// flow_mapping_entry? +// FLOW-MAPPING-END +// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? + +// Peek the next token in the token queue. +func peek_token(parser *yaml_parser_t) *yaml_token_t { + if parser.token_available || yaml_parser_fetch_more_tokens(parser) { + return &parser.tokens[parser.tokens_head] + } + return nil +} + +// Remove the next token from the queue (must be called after peek_token). +func skip_token(parser *yaml_parser_t) { + parser.token_available = false + parser.tokens_parsed++ + parser.stream_end_produced = parser.tokens[parser.tokens_head].typ == yaml_STREAM_END_TOKEN + parser.tokens_head++ +} + +// Get the next event. +func yaml_parser_parse(parser *yaml_parser_t, event *yaml_event_t) bool { + // Erase the event object. + *event = yaml_event_t{} + + // No events after the end of the stream or error. + if parser.stream_end_produced || parser.error != yaml_NO_ERROR || parser.state == yaml_PARSE_END_STATE { + return true + } + + // Generate the next event. + return yaml_parser_state_machine(parser, event) +} + +// Set parser error. +func yaml_parser_set_parser_error(parser *yaml_parser_t, problem string, problem_mark yaml_mark_t) bool { + parser.error = yaml_PARSER_ERROR + parser.problem = problem + parser.problem_mark = problem_mark + return false +} + +func yaml_parser_set_parser_error_context(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string, problem_mark yaml_mark_t) bool { + parser.error = yaml_PARSER_ERROR + parser.context = context + parser.context_mark = context_mark + parser.problem = problem + parser.problem_mark = problem_mark + return false +} + +// State dispatcher. +func yaml_parser_state_machine(parser *yaml_parser_t, event *yaml_event_t) bool { + //trace("yaml_parser_state_machine", "state:", parser.state.String()) + + switch parser.state { + case yaml_PARSE_STREAM_START_STATE: + return yaml_parser_parse_stream_start(parser, event) + + case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE: + return yaml_parser_parse_document_start(parser, event, true) + + case yaml_PARSE_DOCUMENT_START_STATE: + return yaml_parser_parse_document_start(parser, event, false) + + case yaml_PARSE_DOCUMENT_CONTENT_STATE: + return yaml_parser_parse_document_content(parser, event) + + case yaml_PARSE_DOCUMENT_END_STATE: + return yaml_parser_parse_document_end(parser, event) + + case yaml_PARSE_BLOCK_NODE_STATE: + return yaml_parser_parse_node(parser, event, true, false) + + case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE: + return yaml_parser_parse_node(parser, event, true, true) + + case yaml_PARSE_FLOW_NODE_STATE: + return yaml_parser_parse_node(parser, event, false, false) + + case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE: + return yaml_parser_parse_block_sequence_entry(parser, event, true) + + case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE: + return yaml_parser_parse_block_sequence_entry(parser, event, false) + + case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE: + return yaml_parser_parse_indentless_sequence_entry(parser, event) + + case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE: + return yaml_parser_parse_block_mapping_key(parser, event, true) + + case yaml_PARSE_BLOCK_MAPPING_KEY_STATE: + return yaml_parser_parse_block_mapping_key(parser, event, false) + + case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE: + return yaml_parser_parse_block_mapping_value(parser, event) + + case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE: + return yaml_parser_parse_flow_sequence_entry(parser, event, true) + + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE: + return yaml_parser_parse_flow_sequence_entry(parser, event, false) + + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE: + return yaml_parser_parse_flow_sequence_entry_mapping_key(parser, event) + + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE: + return yaml_parser_parse_flow_sequence_entry_mapping_value(parser, event) + + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE: + return yaml_parser_parse_flow_sequence_entry_mapping_end(parser, event) + + case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE: + return yaml_parser_parse_flow_mapping_key(parser, event, true) + + case yaml_PARSE_FLOW_MAPPING_KEY_STATE: + return yaml_parser_parse_flow_mapping_key(parser, event, false) + + case yaml_PARSE_FLOW_MAPPING_VALUE_STATE: + return yaml_parser_parse_flow_mapping_value(parser, event, false) + + case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE: + return yaml_parser_parse_flow_mapping_value(parser, event, true) + + default: + panic("invalid parser state") + } +} + +// Parse the production: +// stream ::= STREAM-START implicit_document? explicit_document* STREAM-END +// ************ +func yaml_parser_parse_stream_start(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_STREAM_START_TOKEN { + return yaml_parser_set_parser_error(parser, "did not find expected ", token.start_mark) + } + parser.state = yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE + *event = yaml_event_t{ + typ: yaml_STREAM_START_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + encoding: token.encoding, + } + skip_token(parser) + return true +} + +// Parse the productions: +// implicit_document ::= block_node DOCUMENT-END* +// * +// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* +// ************************* +func yaml_parser_parse_document_start(parser *yaml_parser_t, event *yaml_event_t, implicit bool) bool { + + token := peek_token(parser) + if token == nil { + return false + } + + // Parse extra document end indicators. + if !implicit { + for token.typ == yaml_DOCUMENT_END_TOKEN { + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } + } + + if implicit && token.typ != yaml_VERSION_DIRECTIVE_TOKEN && + token.typ != yaml_TAG_DIRECTIVE_TOKEN && + token.typ != yaml_DOCUMENT_START_TOKEN && + token.typ != yaml_STREAM_END_TOKEN { + // Parse an implicit document. + if !yaml_parser_process_directives(parser, nil, nil) { + return false + } + parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE) + parser.state = yaml_PARSE_BLOCK_NODE_STATE + + *event = yaml_event_t{ + typ: yaml_DOCUMENT_START_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + + } else if token.typ != yaml_STREAM_END_TOKEN { + // Parse an explicit document. + var version_directive *yaml_version_directive_t + var tag_directives []yaml_tag_directive_t + start_mark := token.start_mark + if !yaml_parser_process_directives(parser, &version_directive, &tag_directives) { + return false + } + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_DOCUMENT_START_TOKEN { + yaml_parser_set_parser_error(parser, + "did not find expected ", token.start_mark) + return false + } + parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE) + parser.state = yaml_PARSE_DOCUMENT_CONTENT_STATE + end_mark := token.end_mark + + *event = yaml_event_t{ + typ: yaml_DOCUMENT_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + version_directive: version_directive, + tag_directives: tag_directives, + implicit: false, + } + skip_token(parser) + + } else { + // Parse the stream end. + parser.state = yaml_PARSE_END_STATE + *event = yaml_event_t{ + typ: yaml_STREAM_END_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + skip_token(parser) + } + + return true +} + +// Parse the productions: +// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* +// *********** +// +func yaml_parser_parse_document_content(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + if token.typ == yaml_VERSION_DIRECTIVE_TOKEN || + token.typ == yaml_TAG_DIRECTIVE_TOKEN || + token.typ == yaml_DOCUMENT_START_TOKEN || + token.typ == yaml_DOCUMENT_END_TOKEN || + token.typ == yaml_STREAM_END_TOKEN { + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + return yaml_parser_process_empty_scalar(parser, event, + token.start_mark) + } + return yaml_parser_parse_node(parser, event, true, false) +} + +// Parse the productions: +// implicit_document ::= block_node DOCUMENT-END* +// ************* +// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* +// +func yaml_parser_parse_document_end(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + + start_mark := token.start_mark + end_mark := token.start_mark + + implicit := true + if token.typ == yaml_DOCUMENT_END_TOKEN { + end_mark = token.end_mark + skip_token(parser) + implicit = false + } + + parser.tag_directives = parser.tag_directives[:0] + + parser.state = yaml_PARSE_DOCUMENT_START_STATE + *event = yaml_event_t{ + typ: yaml_DOCUMENT_END_EVENT, + start_mark: start_mark, + end_mark: end_mark, + implicit: implicit, + } + return true +} + +// Parse the productions: +// block_node_or_indentless_sequence ::= +// ALIAS +// ***** +// | properties (block_content | indentless_block_sequence)? +// ********** * +// | block_content | indentless_block_sequence +// * +// block_node ::= ALIAS +// ***** +// | properties block_content? +// ********** * +// | block_content +// * +// flow_node ::= ALIAS +// ***** +// | properties flow_content? +// ********** * +// | flow_content +// * +// properties ::= TAG ANCHOR? | ANCHOR TAG? +// ************************* +// block_content ::= block_collection | flow_collection | SCALAR +// ****** +// flow_content ::= flow_collection | SCALAR +// ****** +func yaml_parser_parse_node(parser *yaml_parser_t, event *yaml_event_t, block, indentless_sequence bool) bool { + //defer trace("yaml_parser_parse_node", "block:", block, "indentless_sequence:", indentless_sequence)() + + token := peek_token(parser) + if token == nil { + return false + } + + if token.typ == yaml_ALIAS_TOKEN { + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + *event = yaml_event_t{ + typ: yaml_ALIAS_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + anchor: token.value, + } + skip_token(parser) + return true + } + + start_mark := token.start_mark + end_mark := token.start_mark + + var tag_token bool + var tag_handle, tag_suffix, anchor []byte + var tag_mark yaml_mark_t + if token.typ == yaml_ANCHOR_TOKEN { + anchor = token.value + start_mark = token.start_mark + end_mark = token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ == yaml_TAG_TOKEN { + tag_token = true + tag_handle = token.value + tag_suffix = token.suffix + tag_mark = token.start_mark + end_mark = token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } + } else if token.typ == yaml_TAG_TOKEN { + tag_token = true + tag_handle = token.value + tag_suffix = token.suffix + start_mark = token.start_mark + tag_mark = token.start_mark + end_mark = token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ == yaml_ANCHOR_TOKEN { + anchor = token.value + end_mark = token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } + } + + var tag []byte + if tag_token { + if len(tag_handle) == 0 { + tag = tag_suffix + tag_suffix = nil + } else { + for i := range parser.tag_directives { + if bytes.Equal(parser.tag_directives[i].handle, tag_handle) { + tag = append([]byte(nil), parser.tag_directives[i].prefix...) + tag = append(tag, tag_suffix...) + break + } + } + if len(tag) == 0 { + yaml_parser_set_parser_error_context(parser, + "while parsing a node", start_mark, + "found undefined tag handle", tag_mark) + return false + } + } + } + + implicit := len(tag) == 0 + if indentless_sequence && token.typ == yaml_BLOCK_ENTRY_TOKEN { + end_mark = token.end_mark + parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE + *event = yaml_event_t{ + typ: yaml_SEQUENCE_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE), + } + return true + } + if token.typ == yaml_SCALAR_TOKEN { + var plain_implicit, quoted_implicit bool + end_mark = token.end_mark + if (len(tag) == 0 && token.style == yaml_PLAIN_SCALAR_STYLE) || (len(tag) == 1 && tag[0] == '!') { + plain_implicit = true + } else if len(tag) == 0 { + quoted_implicit = true + } + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + + *event = yaml_event_t{ + typ: yaml_SCALAR_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + value: token.value, + implicit: plain_implicit, + quoted_implicit: quoted_implicit, + style: yaml_style_t(token.style), + } + skip_token(parser) + return true + } + if token.typ == yaml_FLOW_SEQUENCE_START_TOKEN { + // [Go] Some of the events below can be merged as they differ only on style. + end_mark = token.end_mark + parser.state = yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE + *event = yaml_event_t{ + typ: yaml_SEQUENCE_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(yaml_FLOW_SEQUENCE_STYLE), + } + return true + } + if token.typ == yaml_FLOW_MAPPING_START_TOKEN { + end_mark = token.end_mark + parser.state = yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE + *event = yaml_event_t{ + typ: yaml_MAPPING_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(yaml_FLOW_MAPPING_STYLE), + } + return true + } + if block && token.typ == yaml_BLOCK_SEQUENCE_START_TOKEN { + end_mark = token.end_mark + parser.state = yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE + *event = yaml_event_t{ + typ: yaml_SEQUENCE_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE), + } + return true + } + if block && token.typ == yaml_BLOCK_MAPPING_START_TOKEN { + end_mark = token.end_mark + parser.state = yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE + *event = yaml_event_t{ + typ: yaml_MAPPING_START_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + style: yaml_style_t(yaml_BLOCK_MAPPING_STYLE), + } + return true + } + if len(anchor) > 0 || len(tag) > 0 { + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + + *event = yaml_event_t{ + typ: yaml_SCALAR_EVENT, + start_mark: start_mark, + end_mark: end_mark, + anchor: anchor, + tag: tag, + implicit: implicit, + quoted_implicit: false, + style: yaml_style_t(yaml_PLAIN_SCALAR_STYLE), + } + return true + } + + context := "while parsing a flow node" + if block { + context = "while parsing a block node" + } + yaml_parser_set_parser_error_context(parser, context, start_mark, + "did not find expected node content", token.start_mark) + return false +} + +// Parse the productions: +// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END +// ******************** *********** * ********* +// +func yaml_parser_parse_block_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { + if first { + token := peek_token(parser) + parser.marks = append(parser.marks, token.start_mark) + skip_token(parser) + } + + token := peek_token(parser) + if token == nil { + return false + } + + if token.typ == yaml_BLOCK_ENTRY_TOKEN { + mark := token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_BLOCK_ENTRY_TOKEN && token.typ != yaml_BLOCK_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE) + return yaml_parser_parse_node(parser, event, true, false) + } else { + parser.state = yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE + return yaml_parser_process_empty_scalar(parser, event, mark) + } + } + if token.typ == yaml_BLOCK_END_TOKEN { + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + + *event = yaml_event_t{ + typ: yaml_SEQUENCE_END_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + + skip_token(parser) + return true + } + + context_mark := parser.marks[len(parser.marks)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + return yaml_parser_set_parser_error_context(parser, + "while parsing a block collection", context_mark, + "did not find expected '-' indicator", token.start_mark) +} + +// Parse the productions: +// indentless_sequence ::= (BLOCK-ENTRY block_node?)+ +// *********** * +func yaml_parser_parse_indentless_sequence_entry(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + + if token.typ == yaml_BLOCK_ENTRY_TOKEN { + mark := token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_BLOCK_ENTRY_TOKEN && + token.typ != yaml_KEY_TOKEN && + token.typ != yaml_VALUE_TOKEN && + token.typ != yaml_BLOCK_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE) + return yaml_parser_parse_node(parser, event, true, false) + } + parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE + return yaml_parser_process_empty_scalar(parser, event, mark) + } + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + + *event = yaml_event_t{ + typ: yaml_SEQUENCE_END_EVENT, + start_mark: token.start_mark, + end_mark: token.start_mark, // [Go] Shouldn't this be token.end_mark? + } + return true +} + +// Parse the productions: +// block_mapping ::= BLOCK-MAPPING_START +// ******************* +// ((KEY block_node_or_indentless_sequence?)? +// *** * +// (VALUE block_node_or_indentless_sequence?)?)* +// +// BLOCK-END +// ********* +// +func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { + if first { + token := peek_token(parser) + parser.marks = append(parser.marks, token.start_mark) + skip_token(parser) + } + + token := peek_token(parser) + if token == nil { + return false + } + + if token.typ == yaml_KEY_TOKEN { + mark := token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_KEY_TOKEN && + token.typ != yaml_VALUE_TOKEN && + token.typ != yaml_BLOCK_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_VALUE_STATE) + return yaml_parser_parse_node(parser, event, true, true) + } else { + parser.state = yaml_PARSE_BLOCK_MAPPING_VALUE_STATE + return yaml_parser_process_empty_scalar(parser, event, mark) + } + } else if token.typ == yaml_BLOCK_END_TOKEN { + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + *event = yaml_event_t{ + typ: yaml_MAPPING_END_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + skip_token(parser) + return true + } + + context_mark := parser.marks[len(parser.marks)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + return yaml_parser_set_parser_error_context(parser, + "while parsing a block mapping", context_mark, + "did not find expected key", token.start_mark) +} + +// Parse the productions: +// block_mapping ::= BLOCK-MAPPING_START +// +// ((KEY block_node_or_indentless_sequence?)? +// +// (VALUE block_node_or_indentless_sequence?)?)* +// ***** * +// BLOCK-END +// +// +func yaml_parser_parse_block_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + if token.typ == yaml_VALUE_TOKEN { + mark := token.end_mark + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_KEY_TOKEN && + token.typ != yaml_VALUE_TOKEN && + token.typ != yaml_BLOCK_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_KEY_STATE) + return yaml_parser_parse_node(parser, event, true, true) + } + parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE + return yaml_parser_process_empty_scalar(parser, event, mark) + } + parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE + return yaml_parser_process_empty_scalar(parser, event, token.start_mark) +} + +// Parse the productions: +// flow_sequence ::= FLOW-SEQUENCE-START +// ******************* +// (flow_sequence_entry FLOW-ENTRY)* +// * ********** +// flow_sequence_entry? +// * +// FLOW-SEQUENCE-END +// ***************** +// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// * +// +func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { + if first { + token := peek_token(parser) + parser.marks = append(parser.marks, token.start_mark) + skip_token(parser) + } + token := peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { + if !first { + if token.typ == yaml_FLOW_ENTRY_TOKEN { + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } else { + context_mark := parser.marks[len(parser.marks)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + return yaml_parser_set_parser_error_context(parser, + "while parsing a flow sequence", context_mark, + "did not find expected ',' or ']'", token.start_mark) + } + } + + if token.typ == yaml_KEY_TOKEN { + parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE + *event = yaml_event_t{ + typ: yaml_MAPPING_START_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + implicit: true, + style: yaml_style_t(yaml_FLOW_MAPPING_STYLE), + } + skip_token(parser) + return true + } else if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } + } + + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + + *event = yaml_event_t{ + typ: yaml_SEQUENCE_END_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + + skip_token(parser) + return true +} + +// +// Parse the productions: +// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// *** * +// +func yaml_parser_parse_flow_sequence_entry_mapping_key(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_VALUE_TOKEN && + token.typ != yaml_FLOW_ENTRY_TOKEN && + token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } + mark := token.end_mark + skip_token(parser) + parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE + return yaml_parser_process_empty_scalar(parser, event, mark) +} + +// Parse the productions: +// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// ***** * +// +func yaml_parser_parse_flow_sequence_entry_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + if token.typ == yaml_VALUE_TOKEN { + skip_token(parser) + token := peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } + } + parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE + return yaml_parser_process_empty_scalar(parser, event, token.start_mark) +} + +// Parse the productions: +// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// * +// +func yaml_parser_parse_flow_sequence_entry_mapping_end(parser *yaml_parser_t, event *yaml_event_t) bool { + token := peek_token(parser) + if token == nil { + return false + } + parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE + *event = yaml_event_t{ + typ: yaml_MAPPING_END_EVENT, + start_mark: token.start_mark, + end_mark: token.start_mark, // [Go] Shouldn't this be end_mark? + } + return true +} + +// Parse the productions: +// flow_mapping ::= FLOW-MAPPING-START +// ****************** +// (flow_mapping_entry FLOW-ENTRY)* +// * ********** +// flow_mapping_entry? +// ****************** +// FLOW-MAPPING-END +// **************** +// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// * *** * +// +func yaml_parser_parse_flow_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { + if first { + token := peek_token(parser) + parser.marks = append(parser.marks, token.start_mark) + skip_token(parser) + } + + token := peek_token(parser) + if token == nil { + return false + } + + if token.typ != yaml_FLOW_MAPPING_END_TOKEN { + if !first { + if token.typ == yaml_FLOW_ENTRY_TOKEN { + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } else { + context_mark := parser.marks[len(parser.marks)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + return yaml_parser_set_parser_error_context(parser, + "while parsing a flow mapping", context_mark, + "did not find expected ',' or '}'", token.start_mark) + } + } + + if token.typ == yaml_KEY_TOKEN { + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_VALUE_TOKEN && + token.typ != yaml_FLOW_ENTRY_TOKEN && + token.typ != yaml_FLOW_MAPPING_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_VALUE_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } else { + parser.state = yaml_PARSE_FLOW_MAPPING_VALUE_STATE + return yaml_parser_process_empty_scalar(parser, event, token.start_mark) + } + } else if token.typ != yaml_FLOW_MAPPING_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } + } + + parser.state = parser.states[len(parser.states)-1] + parser.states = parser.states[:len(parser.states)-1] + parser.marks = parser.marks[:len(parser.marks)-1] + *event = yaml_event_t{ + typ: yaml_MAPPING_END_EVENT, + start_mark: token.start_mark, + end_mark: token.end_mark, + } + skip_token(parser) + return true +} + +// Parse the productions: +// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? +// * ***** * +// +func yaml_parser_parse_flow_mapping_value(parser *yaml_parser_t, event *yaml_event_t, empty bool) bool { + token := peek_token(parser) + if token == nil { + return false + } + if empty { + parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE + return yaml_parser_process_empty_scalar(parser, event, token.start_mark) + } + if token.typ == yaml_VALUE_TOKEN { + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_MAPPING_END_TOKEN { + parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_KEY_STATE) + return yaml_parser_parse_node(parser, event, false, false) + } + } + parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE + return yaml_parser_process_empty_scalar(parser, event, token.start_mark) +} + +// Generate an empty scalar event. +func yaml_parser_process_empty_scalar(parser *yaml_parser_t, event *yaml_event_t, mark yaml_mark_t) bool { + *event = yaml_event_t{ + typ: yaml_SCALAR_EVENT, + start_mark: mark, + end_mark: mark, + value: nil, // Empty + implicit: true, + style: yaml_style_t(yaml_PLAIN_SCALAR_STYLE), + } + return true +} + +var default_tag_directives = []yaml_tag_directive_t{ + {[]byte("!"), []byte("!")}, + {[]byte("!!"), []byte("tag:yaml.org,2002:")}, +} + +// Parse directives. +func yaml_parser_process_directives(parser *yaml_parser_t, + version_directive_ref **yaml_version_directive_t, + tag_directives_ref *[]yaml_tag_directive_t) bool { + + var version_directive *yaml_version_directive_t + var tag_directives []yaml_tag_directive_t + + token := peek_token(parser) + if token == nil { + return false + } + + for token.typ == yaml_VERSION_DIRECTIVE_TOKEN || token.typ == yaml_TAG_DIRECTIVE_TOKEN { + if token.typ == yaml_VERSION_DIRECTIVE_TOKEN { + if version_directive != nil { + yaml_parser_set_parser_error(parser, + "found duplicate %YAML directive", token.start_mark) + return false + } + if token.major != 1 || token.minor != 1 { + yaml_parser_set_parser_error(parser, + "found incompatible YAML document", token.start_mark) + return false + } + version_directive = &yaml_version_directive_t{ + major: token.major, + minor: token.minor, + } + } else if token.typ == yaml_TAG_DIRECTIVE_TOKEN { + value := yaml_tag_directive_t{ + handle: token.value, + prefix: token.prefix, + } + if !yaml_parser_append_tag_directive(parser, value, false, token.start_mark) { + return false + } + tag_directives = append(tag_directives, value) + } + + skip_token(parser) + token = peek_token(parser) + if token == nil { + return false + } + } + + for i := range default_tag_directives { + if !yaml_parser_append_tag_directive(parser, default_tag_directives[i], true, token.start_mark) { + return false + } + } + + if version_directive_ref != nil { + *version_directive_ref = version_directive + } + if tag_directives_ref != nil { + *tag_directives_ref = tag_directives + } + return true +} + +// Append a tag directive to the directives stack. +func yaml_parser_append_tag_directive(parser *yaml_parser_t, value yaml_tag_directive_t, allow_duplicates bool, mark yaml_mark_t) bool { + for i := range parser.tag_directives { + if bytes.Equal(value.handle, parser.tag_directives[i].handle) { + if allow_duplicates { + return true + } + return yaml_parser_set_parser_error(parser, "found duplicate %TAG directive", mark) + } + } + + // [Go] I suspect the copy is unnecessary. This was likely done + // because there was no way to track ownership of the data. + value_copy := yaml_tag_directive_t{ + handle: make([]byte, len(value.handle)), + prefix: make([]byte, len(value.prefix)), + } + copy(value_copy.handle, value.handle) + copy(value_copy.prefix, value.prefix) + parser.tag_directives = append(parser.tag_directives, value_copy) + return true +} diff --git a/vendor/gopkg.in/yaml.v2/readerc.go b/vendor/gopkg.in/yaml.v2/readerc.go new file mode 100644 index 00000000000..7c1f5fac3db --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/readerc.go @@ -0,0 +1,412 @@ +package yaml + +import ( + "io" +) + +// Set the reader error and return 0. +func yaml_parser_set_reader_error(parser *yaml_parser_t, problem string, offset int, value int) bool { + parser.error = yaml_READER_ERROR + parser.problem = problem + parser.problem_offset = offset + parser.problem_value = value + return false +} + +// Byte order marks. +const ( + bom_UTF8 = "\xef\xbb\xbf" + bom_UTF16LE = "\xff\xfe" + bom_UTF16BE = "\xfe\xff" +) + +// Determine the input stream encoding by checking the BOM symbol. If no BOM is +// found, the UTF-8 encoding is assumed. Return 1 on success, 0 on failure. +func yaml_parser_determine_encoding(parser *yaml_parser_t) bool { + // Ensure that we had enough bytes in the raw buffer. + for !parser.eof && len(parser.raw_buffer)-parser.raw_buffer_pos < 3 { + if !yaml_parser_update_raw_buffer(parser) { + return false + } + } + + // Determine the encoding. + buf := parser.raw_buffer + pos := parser.raw_buffer_pos + avail := len(buf) - pos + if avail >= 2 && buf[pos] == bom_UTF16LE[0] && buf[pos+1] == bom_UTF16LE[1] { + parser.encoding = yaml_UTF16LE_ENCODING + parser.raw_buffer_pos += 2 + parser.offset += 2 + } else if avail >= 2 && buf[pos] == bom_UTF16BE[0] && buf[pos+1] == bom_UTF16BE[1] { + parser.encoding = yaml_UTF16BE_ENCODING + parser.raw_buffer_pos += 2 + parser.offset += 2 + } else if avail >= 3 && buf[pos] == bom_UTF8[0] && buf[pos+1] == bom_UTF8[1] && buf[pos+2] == bom_UTF8[2] { + parser.encoding = yaml_UTF8_ENCODING + parser.raw_buffer_pos += 3 + parser.offset += 3 + } else { + parser.encoding = yaml_UTF8_ENCODING + } + return true +} + +// Update the raw buffer. +func yaml_parser_update_raw_buffer(parser *yaml_parser_t) bool { + size_read := 0 + + // Return if the raw buffer is full. + if parser.raw_buffer_pos == 0 && len(parser.raw_buffer) == cap(parser.raw_buffer) { + return true + } + + // Return on EOF. + if parser.eof { + return true + } + + // Move the remaining bytes in the raw buffer to the beginning. + if parser.raw_buffer_pos > 0 && parser.raw_buffer_pos < len(parser.raw_buffer) { + copy(parser.raw_buffer, parser.raw_buffer[parser.raw_buffer_pos:]) + } + parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)-parser.raw_buffer_pos] + parser.raw_buffer_pos = 0 + + // Call the read handler to fill the buffer. + size_read, err := parser.read_handler(parser, parser.raw_buffer[len(parser.raw_buffer):cap(parser.raw_buffer)]) + parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)+size_read] + if err == io.EOF { + parser.eof = true + } else if err != nil { + return yaml_parser_set_reader_error(parser, "input error: "+err.Error(), parser.offset, -1) + } + return true +} + +// Ensure that the buffer contains at least `length` characters. +// Return true on success, false on failure. +// +// The length is supposed to be significantly less that the buffer size. +func yaml_parser_update_buffer(parser *yaml_parser_t, length int) bool { + if parser.read_handler == nil { + panic("read handler must be set") + } + + // [Go] This function was changed to guarantee the requested length size at EOF. + // The fact we need to do this is pretty awful, but the description above implies + // for that to be the case, and there are tests + + // If the EOF flag is set and the raw buffer is empty, do nothing. + if parser.eof && parser.raw_buffer_pos == len(parser.raw_buffer) { + // [Go] ACTUALLY! Read the documentation of this function above. + // This is just broken. To return true, we need to have the + // given length in the buffer. Not doing that means every single + // check that calls this function to make sure the buffer has a + // given length is Go) panicking; or C) accessing invalid memory. + //return true + } + + // Return if the buffer contains enough characters. + if parser.unread >= length { + return true + } + + // Determine the input encoding if it is not known yet. + if parser.encoding == yaml_ANY_ENCODING { + if !yaml_parser_determine_encoding(parser) { + return false + } + } + + // Move the unread characters to the beginning of the buffer. + buffer_len := len(parser.buffer) + if parser.buffer_pos > 0 && parser.buffer_pos < buffer_len { + copy(parser.buffer, parser.buffer[parser.buffer_pos:]) + buffer_len -= parser.buffer_pos + parser.buffer_pos = 0 + } else if parser.buffer_pos == buffer_len { + buffer_len = 0 + parser.buffer_pos = 0 + } + + // Open the whole buffer for writing, and cut it before returning. + parser.buffer = parser.buffer[:cap(parser.buffer)] + + // Fill the buffer until it has enough characters. + first := true + for parser.unread < length { + + // Fill the raw buffer if necessary. + if !first || parser.raw_buffer_pos == len(parser.raw_buffer) { + if !yaml_parser_update_raw_buffer(parser) { + parser.buffer = parser.buffer[:buffer_len] + return false + } + } + first = false + + // Decode the raw buffer. + inner: + for parser.raw_buffer_pos != len(parser.raw_buffer) { + var value rune + var width int + + raw_unread := len(parser.raw_buffer) - parser.raw_buffer_pos + + // Decode the next character. + switch parser.encoding { + case yaml_UTF8_ENCODING: + // Decode a UTF-8 character. Check RFC 3629 + // (http://www.ietf.org/rfc/rfc3629.txt) for more details. + // + // The following table (taken from the RFC) is used for + // decoding. + // + // Char. number range | UTF-8 octet sequence + // (hexadecimal) | (binary) + // --------------------+------------------------------------ + // 0000 0000-0000 007F | 0xxxxxxx + // 0000 0080-0000 07FF | 110xxxxx 10xxxxxx + // 0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx + // 0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx + // + // Additionally, the characters in the range 0xD800-0xDFFF + // are prohibited as they are reserved for use with UTF-16 + // surrogate pairs. + + // Determine the length of the UTF-8 sequence. + octet := parser.raw_buffer[parser.raw_buffer_pos] + switch { + case octet&0x80 == 0x00: + width = 1 + case octet&0xE0 == 0xC0: + width = 2 + case octet&0xF0 == 0xE0: + width = 3 + case octet&0xF8 == 0xF0: + width = 4 + default: + // The leading octet is invalid. + return yaml_parser_set_reader_error(parser, + "invalid leading UTF-8 octet", + parser.offset, int(octet)) + } + + // Check if the raw buffer contains an incomplete character. + if width > raw_unread { + if parser.eof { + return yaml_parser_set_reader_error(parser, + "incomplete UTF-8 octet sequence", + parser.offset, -1) + } + break inner + } + + // Decode the leading octet. + switch { + case octet&0x80 == 0x00: + value = rune(octet & 0x7F) + case octet&0xE0 == 0xC0: + value = rune(octet & 0x1F) + case octet&0xF0 == 0xE0: + value = rune(octet & 0x0F) + case octet&0xF8 == 0xF0: + value = rune(octet & 0x07) + default: + value = 0 + } + + // Check and decode the trailing octets. + for k := 1; k < width; k++ { + octet = parser.raw_buffer[parser.raw_buffer_pos+k] + + // Check if the octet is valid. + if (octet & 0xC0) != 0x80 { + return yaml_parser_set_reader_error(parser, + "invalid trailing UTF-8 octet", + parser.offset+k, int(octet)) + } + + // Decode the octet. + value = (value << 6) + rune(octet&0x3F) + } + + // Check the length of the sequence against the value. + switch { + case width == 1: + case width == 2 && value >= 0x80: + case width == 3 && value >= 0x800: + case width == 4 && value >= 0x10000: + default: + return yaml_parser_set_reader_error(parser, + "invalid length of a UTF-8 sequence", + parser.offset, -1) + } + + // Check the range of the value. + if value >= 0xD800 && value <= 0xDFFF || value > 0x10FFFF { + return yaml_parser_set_reader_error(parser, + "invalid Unicode character", + parser.offset, int(value)) + } + + case yaml_UTF16LE_ENCODING, yaml_UTF16BE_ENCODING: + var low, high int + if parser.encoding == yaml_UTF16LE_ENCODING { + low, high = 0, 1 + } else { + low, high = 1, 0 + } + + // The UTF-16 encoding is not as simple as one might + // naively think. Check RFC 2781 + // (http://www.ietf.org/rfc/rfc2781.txt). + // + // Normally, two subsequent bytes describe a Unicode + // character. However a special technique (called a + // surrogate pair) is used for specifying character + // values larger than 0xFFFF. + // + // A surrogate pair consists of two pseudo-characters: + // high surrogate area (0xD800-0xDBFF) + // low surrogate area (0xDC00-0xDFFF) + // + // The following formulas are used for decoding + // and encoding characters using surrogate pairs: + // + // U = U' + 0x10000 (0x01 00 00 <= U <= 0x10 FF FF) + // U' = yyyyyyyyyyxxxxxxxxxx (0 <= U' <= 0x0F FF FF) + // W1 = 110110yyyyyyyyyy + // W2 = 110111xxxxxxxxxx + // + // where U is the character value, W1 is the high surrogate + // area, W2 is the low surrogate area. + + // Check for incomplete UTF-16 character. + if raw_unread < 2 { + if parser.eof { + return yaml_parser_set_reader_error(parser, + "incomplete UTF-16 character", + parser.offset, -1) + } + break inner + } + + // Get the character. + value = rune(parser.raw_buffer[parser.raw_buffer_pos+low]) + + (rune(parser.raw_buffer[parser.raw_buffer_pos+high]) << 8) + + // Check for unexpected low surrogate area. + if value&0xFC00 == 0xDC00 { + return yaml_parser_set_reader_error(parser, + "unexpected low surrogate area", + parser.offset, int(value)) + } + + // Check for a high surrogate area. + if value&0xFC00 == 0xD800 { + width = 4 + + // Check for incomplete surrogate pair. + if raw_unread < 4 { + if parser.eof { + return yaml_parser_set_reader_error(parser, + "incomplete UTF-16 surrogate pair", + parser.offset, -1) + } + break inner + } + + // Get the next character. + value2 := rune(parser.raw_buffer[parser.raw_buffer_pos+low+2]) + + (rune(parser.raw_buffer[parser.raw_buffer_pos+high+2]) << 8) + + // Check for a low surrogate area. + if value2&0xFC00 != 0xDC00 { + return yaml_parser_set_reader_error(parser, + "expected low surrogate area", + parser.offset+2, int(value2)) + } + + // Generate the value of the surrogate pair. + value = 0x10000 + ((value & 0x3FF) << 10) + (value2 & 0x3FF) + } else { + width = 2 + } + + default: + panic("impossible") + } + + // Check if the character is in the allowed range: + // #x9 | #xA | #xD | [#x20-#x7E] (8 bit) + // | #x85 | [#xA0-#xD7FF] | [#xE000-#xFFFD] (16 bit) + // | [#x10000-#x10FFFF] (32 bit) + switch { + case value == 0x09: + case value == 0x0A: + case value == 0x0D: + case value >= 0x20 && value <= 0x7E: + case value == 0x85: + case value >= 0xA0 && value <= 0xD7FF: + case value >= 0xE000 && value <= 0xFFFD: + case value >= 0x10000 && value <= 0x10FFFF: + default: + return yaml_parser_set_reader_error(parser, + "control characters are not allowed", + parser.offset, int(value)) + } + + // Move the raw pointers. + parser.raw_buffer_pos += width + parser.offset += width + + // Finally put the character into the buffer. + if value <= 0x7F { + // 0000 0000-0000 007F . 0xxxxxxx + parser.buffer[buffer_len+0] = byte(value) + buffer_len += 1 + } else if value <= 0x7FF { + // 0000 0080-0000 07FF . 110xxxxx 10xxxxxx + parser.buffer[buffer_len+0] = byte(0xC0 + (value >> 6)) + parser.buffer[buffer_len+1] = byte(0x80 + (value & 0x3F)) + buffer_len += 2 + } else if value <= 0xFFFF { + // 0000 0800-0000 FFFF . 1110xxxx 10xxxxxx 10xxxxxx + parser.buffer[buffer_len+0] = byte(0xE0 + (value >> 12)) + parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 6) & 0x3F)) + parser.buffer[buffer_len+2] = byte(0x80 + (value & 0x3F)) + buffer_len += 3 + } else { + // 0001 0000-0010 FFFF . 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx + parser.buffer[buffer_len+0] = byte(0xF0 + (value >> 18)) + parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 12) & 0x3F)) + parser.buffer[buffer_len+2] = byte(0x80 + ((value >> 6) & 0x3F)) + parser.buffer[buffer_len+3] = byte(0x80 + (value & 0x3F)) + buffer_len += 4 + } + + parser.unread++ + } + + // On EOF, put NUL into the buffer and return. + if parser.eof { + parser.buffer[buffer_len] = 0 + buffer_len++ + parser.unread++ + break + } + } + // [Go] Read the documentation of this function above. To return true, + // we need to have the given length in the buffer. Not doing that means + // every single check that calls this function to make sure the buffer + // has a given length is Go) panicking; or C) accessing invalid memory. + // This happens here due to the EOF above breaking early. + for buffer_len < length { + parser.buffer[buffer_len] = 0 + buffer_len++ + } + parser.buffer = parser.buffer[:buffer_len] + return true +} diff --git a/vendor/gopkg.in/yaml.v2/resolve.go b/vendor/gopkg.in/yaml.v2/resolve.go new file mode 100644 index 00000000000..4120e0c9160 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/resolve.go @@ -0,0 +1,258 @@ +package yaml + +import ( + "encoding/base64" + "math" + "regexp" + "strconv" + "strings" + "time" +) + +type resolveMapItem struct { + value interface{} + tag string +} + +var resolveTable = make([]byte, 256) +var resolveMap = make(map[string]resolveMapItem) + +func init() { + t := resolveTable + t[int('+')] = 'S' // Sign + t[int('-')] = 'S' + for _, c := range "0123456789" { + t[int(c)] = 'D' // Digit + } + for _, c := range "yYnNtTfFoO~" { + t[int(c)] = 'M' // In map + } + t[int('.')] = '.' // Float (potentially in map) + + var resolveMapList = []struct { + v interface{} + tag string + l []string + }{ + {true, yaml_BOOL_TAG, []string{"y", "Y", "yes", "Yes", "YES"}}, + {true, yaml_BOOL_TAG, []string{"true", "True", "TRUE"}}, + {true, yaml_BOOL_TAG, []string{"on", "On", "ON"}}, + {false, yaml_BOOL_TAG, []string{"n", "N", "no", "No", "NO"}}, + {false, yaml_BOOL_TAG, []string{"false", "False", "FALSE"}}, + {false, yaml_BOOL_TAG, []string{"off", "Off", "OFF"}}, + {nil, yaml_NULL_TAG, []string{"", "~", "null", "Null", "NULL"}}, + {math.NaN(), yaml_FLOAT_TAG, []string{".nan", ".NaN", ".NAN"}}, + {math.Inf(+1), yaml_FLOAT_TAG, []string{".inf", ".Inf", ".INF"}}, + {math.Inf(+1), yaml_FLOAT_TAG, []string{"+.inf", "+.Inf", "+.INF"}}, + {math.Inf(-1), yaml_FLOAT_TAG, []string{"-.inf", "-.Inf", "-.INF"}}, + {"<<", yaml_MERGE_TAG, []string{"<<"}}, + } + + m := resolveMap + for _, item := range resolveMapList { + for _, s := range item.l { + m[s] = resolveMapItem{item.v, item.tag} + } + } +} + +const longTagPrefix = "tag:yaml.org,2002:" + +func shortTag(tag string) string { + // TODO This can easily be made faster and produce less garbage. + if strings.HasPrefix(tag, longTagPrefix) { + return "!!" + tag[len(longTagPrefix):] + } + return tag +} + +func longTag(tag string) string { + if strings.HasPrefix(tag, "!!") { + return longTagPrefix + tag[2:] + } + return tag +} + +func resolvableTag(tag string) bool { + switch tag { + case "", yaml_STR_TAG, yaml_BOOL_TAG, yaml_INT_TAG, yaml_FLOAT_TAG, yaml_NULL_TAG, yaml_TIMESTAMP_TAG: + return true + } + return false +} + +var yamlStyleFloat = regexp.MustCompile(`^[-+]?(\.[0-9]+|[0-9]+(\.[0-9]*)?)([eE][-+]?[0-9]+)?$`) + +func resolve(tag string, in string) (rtag string, out interface{}) { + if !resolvableTag(tag) { + return tag, in + } + + defer func() { + switch tag { + case "", rtag, yaml_STR_TAG, yaml_BINARY_TAG: + return + case yaml_FLOAT_TAG: + if rtag == yaml_INT_TAG { + switch v := out.(type) { + case int64: + rtag = yaml_FLOAT_TAG + out = float64(v) + return + case int: + rtag = yaml_FLOAT_TAG + out = float64(v) + return + } + } + } + failf("cannot decode %s `%s` as a %s", shortTag(rtag), in, shortTag(tag)) + }() + + // Any data is accepted as a !!str or !!binary. + // Otherwise, the prefix is enough of a hint about what it might be. + hint := byte('N') + if in != "" { + hint = resolveTable[in[0]] + } + if hint != 0 && tag != yaml_STR_TAG && tag != yaml_BINARY_TAG { + // Handle things we can lookup in a map. + if item, ok := resolveMap[in]; ok { + return item.tag, item.value + } + + // Base 60 floats are a bad idea, were dropped in YAML 1.2, and + // are purposefully unsupported here. They're still quoted on + // the way out for compatibility with other parser, though. + + switch hint { + case 'M': + // We've already checked the map above. + + case '.': + // Not in the map, so maybe a normal float. + floatv, err := strconv.ParseFloat(in, 64) + if err == nil { + return yaml_FLOAT_TAG, floatv + } + + case 'D', 'S': + // Int, float, or timestamp. + // Only try values as a timestamp if the value is unquoted or there's an explicit + // !!timestamp tag. + if tag == "" || tag == yaml_TIMESTAMP_TAG { + t, ok := parseTimestamp(in) + if ok { + return yaml_TIMESTAMP_TAG, t + } + } + + plain := strings.Replace(in, "_", "", -1) + intv, err := strconv.ParseInt(plain, 0, 64) + if err == nil { + if intv == int64(int(intv)) { + return yaml_INT_TAG, int(intv) + } else { + return yaml_INT_TAG, intv + } + } + uintv, err := strconv.ParseUint(plain, 0, 64) + if err == nil { + return yaml_INT_TAG, uintv + } + if yamlStyleFloat.MatchString(plain) { + floatv, err := strconv.ParseFloat(plain, 64) + if err == nil { + return yaml_FLOAT_TAG, floatv + } + } + if strings.HasPrefix(plain, "0b") { + intv, err := strconv.ParseInt(plain[2:], 2, 64) + if err == nil { + if intv == int64(int(intv)) { + return yaml_INT_TAG, int(intv) + } else { + return yaml_INT_TAG, intv + } + } + uintv, err := strconv.ParseUint(plain[2:], 2, 64) + if err == nil { + return yaml_INT_TAG, uintv + } + } else if strings.HasPrefix(plain, "-0b") { + intv, err := strconv.ParseInt("-" + plain[3:], 2, 64) + if err == nil { + if true || intv == int64(int(intv)) { + return yaml_INT_TAG, int(intv) + } else { + return yaml_INT_TAG, intv + } + } + } + default: + panic("resolveTable item not yet handled: " + string(rune(hint)) + " (with " + in + ")") + } + } + return yaml_STR_TAG, in +} + +// encodeBase64 encodes s as base64 that is broken up into multiple lines +// as appropriate for the resulting length. +func encodeBase64(s string) string { + const lineLen = 70 + encLen := base64.StdEncoding.EncodedLen(len(s)) + lines := encLen/lineLen + 1 + buf := make([]byte, encLen*2+lines) + in := buf[0:encLen] + out := buf[encLen:] + base64.StdEncoding.Encode(in, []byte(s)) + k := 0 + for i := 0; i < len(in); i += lineLen { + j := i + lineLen + if j > len(in) { + j = len(in) + } + k += copy(out[k:], in[i:j]) + if lines > 1 { + out[k] = '\n' + k++ + } + } + return string(out[:k]) +} + +// This is a subset of the formats allowed by the regular expression +// defined at http://yaml.org/type/timestamp.html. +var allowedTimestampFormats = []string{ + "2006-1-2T15:4:5.999999999Z07:00", // RCF3339Nano with short date fields. + "2006-1-2t15:4:5.999999999Z07:00", // RFC3339Nano with short date fields and lower-case "t". + "2006-1-2 15:4:5.999999999", // space separated with no time zone + "2006-1-2", // date only + // Notable exception: time.Parse cannot handle: "2001-12-14 21:59:43.10 -5" + // from the set of examples. +} + +// parseTimestamp parses s as a timestamp string and +// returns the timestamp and reports whether it succeeded. +// Timestamp formats are defined at http://yaml.org/type/timestamp.html +func parseTimestamp(s string) (time.Time, bool) { + // TODO write code to check all the formats supported by + // http://yaml.org/type/timestamp.html instead of using time.Parse. + + // Quick check: all date formats start with YYYY-. + i := 0 + for ; i < len(s); i++ { + if c := s[i]; c < '0' || c > '9' { + break + } + } + if i != 4 || i == len(s) || s[i] != '-' { + return time.Time{}, false + } + for _, format := range allowedTimestampFormats { + if t, err := time.Parse(format, s); err == nil { + return t, true + } + } + return time.Time{}, false +} diff --git a/vendor/gopkg.in/yaml.v2/scannerc.go b/vendor/gopkg.in/yaml.v2/scannerc.go new file mode 100644 index 00000000000..0b9bb6030a0 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/scannerc.go @@ -0,0 +1,2711 @@ +package yaml + +import ( + "bytes" + "fmt" +) + +// Introduction +// ************ +// +// The following notes assume that you are familiar with the YAML specification +// (http://yaml.org/spec/1.2/spec.html). We mostly follow it, although in +// some cases we are less restrictive that it requires. +// +// The process of transforming a YAML stream into a sequence of events is +// divided on two steps: Scanning and Parsing. +// +// The Scanner transforms the input stream into a sequence of tokens, while the +// parser transform the sequence of tokens produced by the Scanner into a +// sequence of parsing events. +// +// The Scanner is rather clever and complicated. The Parser, on the contrary, +// is a straightforward implementation of a recursive-descendant parser (or, +// LL(1) parser, as it is usually called). +// +// Actually there are two issues of Scanning that might be called "clever", the +// rest is quite straightforward. The issues are "block collection start" and +// "simple keys". Both issues are explained below in details. +// +// Here the Scanning step is explained and implemented. We start with the list +// of all the tokens produced by the Scanner together with short descriptions. +// +// Now, tokens: +// +// STREAM-START(encoding) # The stream start. +// STREAM-END # The stream end. +// VERSION-DIRECTIVE(major,minor) # The '%YAML' directive. +// TAG-DIRECTIVE(handle,prefix) # The '%TAG' directive. +// DOCUMENT-START # '---' +// DOCUMENT-END # '...' +// BLOCK-SEQUENCE-START # Indentation increase denoting a block +// BLOCK-MAPPING-START # sequence or a block mapping. +// BLOCK-END # Indentation decrease. +// FLOW-SEQUENCE-START # '[' +// FLOW-SEQUENCE-END # ']' +// BLOCK-SEQUENCE-START # '{' +// BLOCK-SEQUENCE-END # '}' +// BLOCK-ENTRY # '-' +// FLOW-ENTRY # ',' +// KEY # '?' or nothing (simple keys). +// VALUE # ':' +// ALIAS(anchor) # '*anchor' +// ANCHOR(anchor) # '&anchor' +// TAG(handle,suffix) # '!handle!suffix' +// SCALAR(value,style) # A scalar. +// +// The following two tokens are "virtual" tokens denoting the beginning and the +// end of the stream: +// +// STREAM-START(encoding) +// STREAM-END +// +// We pass the information about the input stream encoding with the +// STREAM-START token. +// +// The next two tokens are responsible for tags: +// +// VERSION-DIRECTIVE(major,minor) +// TAG-DIRECTIVE(handle,prefix) +// +// Example: +// +// %YAML 1.1 +// %TAG ! !foo +// %TAG !yaml! tag:yaml.org,2002: +// --- +// +// The correspoding sequence of tokens: +// +// STREAM-START(utf-8) +// VERSION-DIRECTIVE(1,1) +// TAG-DIRECTIVE("!","!foo") +// TAG-DIRECTIVE("!yaml","tag:yaml.org,2002:") +// DOCUMENT-START +// STREAM-END +// +// Note that the VERSION-DIRECTIVE and TAG-DIRECTIVE tokens occupy a whole +// line. +// +// The document start and end indicators are represented by: +// +// DOCUMENT-START +// DOCUMENT-END +// +// Note that if a YAML stream contains an implicit document (without '---' +// and '...' indicators), no DOCUMENT-START and DOCUMENT-END tokens will be +// produced. +// +// In the following examples, we present whole documents together with the +// produced tokens. +// +// 1. An implicit document: +// +// 'a scalar' +// +// Tokens: +// +// STREAM-START(utf-8) +// SCALAR("a scalar",single-quoted) +// STREAM-END +// +// 2. An explicit document: +// +// --- +// 'a scalar' +// ... +// +// Tokens: +// +// STREAM-START(utf-8) +// DOCUMENT-START +// SCALAR("a scalar",single-quoted) +// DOCUMENT-END +// STREAM-END +// +// 3. Several documents in a stream: +// +// 'a scalar' +// --- +// 'another scalar' +// --- +// 'yet another scalar' +// +// Tokens: +// +// STREAM-START(utf-8) +// SCALAR("a scalar",single-quoted) +// DOCUMENT-START +// SCALAR("another scalar",single-quoted) +// DOCUMENT-START +// SCALAR("yet another scalar",single-quoted) +// STREAM-END +// +// We have already introduced the SCALAR token above. The following tokens are +// used to describe aliases, anchors, tag, and scalars: +// +// ALIAS(anchor) +// ANCHOR(anchor) +// TAG(handle,suffix) +// SCALAR(value,style) +// +// The following series of examples illustrate the usage of these tokens: +// +// 1. A recursive sequence: +// +// &A [ *A ] +// +// Tokens: +// +// STREAM-START(utf-8) +// ANCHOR("A") +// FLOW-SEQUENCE-START +// ALIAS("A") +// FLOW-SEQUENCE-END +// STREAM-END +// +// 2. A tagged scalar: +// +// !!float "3.14" # A good approximation. +// +// Tokens: +// +// STREAM-START(utf-8) +// TAG("!!","float") +// SCALAR("3.14",double-quoted) +// STREAM-END +// +// 3. Various scalar styles: +// +// --- # Implicit empty plain scalars do not produce tokens. +// --- a plain scalar +// --- 'a single-quoted scalar' +// --- "a double-quoted scalar" +// --- |- +// a literal scalar +// --- >- +// a folded +// scalar +// +// Tokens: +// +// STREAM-START(utf-8) +// DOCUMENT-START +// DOCUMENT-START +// SCALAR("a plain scalar",plain) +// DOCUMENT-START +// SCALAR("a single-quoted scalar",single-quoted) +// DOCUMENT-START +// SCALAR("a double-quoted scalar",double-quoted) +// DOCUMENT-START +// SCALAR("a literal scalar",literal) +// DOCUMENT-START +// SCALAR("a folded scalar",folded) +// STREAM-END +// +// Now it's time to review collection-related tokens. We will start with +// flow collections: +// +// FLOW-SEQUENCE-START +// FLOW-SEQUENCE-END +// FLOW-MAPPING-START +// FLOW-MAPPING-END +// FLOW-ENTRY +// KEY +// VALUE +// +// The tokens FLOW-SEQUENCE-START, FLOW-SEQUENCE-END, FLOW-MAPPING-START, and +// FLOW-MAPPING-END represent the indicators '[', ']', '{', and '}' +// correspondingly. FLOW-ENTRY represent the ',' indicator. Finally the +// indicators '?' and ':', which are used for denoting mapping keys and values, +// are represented by the KEY and VALUE tokens. +// +// The following examples show flow collections: +// +// 1. A flow sequence: +// +// [item 1, item 2, item 3] +// +// Tokens: +// +// STREAM-START(utf-8) +// FLOW-SEQUENCE-START +// SCALAR("item 1",plain) +// FLOW-ENTRY +// SCALAR("item 2",plain) +// FLOW-ENTRY +// SCALAR("item 3",plain) +// FLOW-SEQUENCE-END +// STREAM-END +// +// 2. A flow mapping: +// +// { +// a simple key: a value, # Note that the KEY token is produced. +// ? a complex key: another value, +// } +// +// Tokens: +// +// STREAM-START(utf-8) +// FLOW-MAPPING-START +// KEY +// SCALAR("a simple key",plain) +// VALUE +// SCALAR("a value",plain) +// FLOW-ENTRY +// KEY +// SCALAR("a complex key",plain) +// VALUE +// SCALAR("another value",plain) +// FLOW-ENTRY +// FLOW-MAPPING-END +// STREAM-END +// +// A simple key is a key which is not denoted by the '?' indicator. Note that +// the Scanner still produce the KEY token whenever it encounters a simple key. +// +// For scanning block collections, the following tokens are used (note that we +// repeat KEY and VALUE here): +// +// BLOCK-SEQUENCE-START +// BLOCK-MAPPING-START +// BLOCK-END +// BLOCK-ENTRY +// KEY +// VALUE +// +// The tokens BLOCK-SEQUENCE-START and BLOCK-MAPPING-START denote indentation +// increase that precedes a block collection (cf. the INDENT token in Python). +// The token BLOCK-END denote indentation decrease that ends a block collection +// (cf. the DEDENT token in Python). However YAML has some syntax pecularities +// that makes detections of these tokens more complex. +// +// The tokens BLOCK-ENTRY, KEY, and VALUE are used to represent the indicators +// '-', '?', and ':' correspondingly. +// +// The following examples show how the tokens BLOCK-SEQUENCE-START, +// BLOCK-MAPPING-START, and BLOCK-END are emitted by the Scanner: +// +// 1. Block sequences: +// +// - item 1 +// - item 2 +// - +// - item 3.1 +// - item 3.2 +// - +// key 1: value 1 +// key 2: value 2 +// +// Tokens: +// +// STREAM-START(utf-8) +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// SCALAR("item 1",plain) +// BLOCK-ENTRY +// SCALAR("item 2",plain) +// BLOCK-ENTRY +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// SCALAR("item 3.1",plain) +// BLOCK-ENTRY +// SCALAR("item 3.2",plain) +// BLOCK-END +// BLOCK-ENTRY +// BLOCK-MAPPING-START +// KEY +// SCALAR("key 1",plain) +// VALUE +// SCALAR("value 1",plain) +// KEY +// SCALAR("key 2",plain) +// VALUE +// SCALAR("value 2",plain) +// BLOCK-END +// BLOCK-END +// STREAM-END +// +// 2. Block mappings: +// +// a simple key: a value # The KEY token is produced here. +// ? a complex key +// : another value +// a mapping: +// key 1: value 1 +// key 2: value 2 +// a sequence: +// - item 1 +// - item 2 +// +// Tokens: +// +// STREAM-START(utf-8) +// BLOCK-MAPPING-START +// KEY +// SCALAR("a simple key",plain) +// VALUE +// SCALAR("a value",plain) +// KEY +// SCALAR("a complex key",plain) +// VALUE +// SCALAR("another value",plain) +// KEY +// SCALAR("a mapping",plain) +// BLOCK-MAPPING-START +// KEY +// SCALAR("key 1",plain) +// VALUE +// SCALAR("value 1",plain) +// KEY +// SCALAR("key 2",plain) +// VALUE +// SCALAR("value 2",plain) +// BLOCK-END +// KEY +// SCALAR("a sequence",plain) +// VALUE +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// SCALAR("item 1",plain) +// BLOCK-ENTRY +// SCALAR("item 2",plain) +// BLOCK-END +// BLOCK-END +// STREAM-END +// +// YAML does not always require to start a new block collection from a new +// line. If the current line contains only '-', '?', and ':' indicators, a new +// block collection may start at the current line. The following examples +// illustrate this case: +// +// 1. Collections in a sequence: +// +// - - item 1 +// - item 2 +// - key 1: value 1 +// key 2: value 2 +// - ? complex key +// : complex value +// +// Tokens: +// +// STREAM-START(utf-8) +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// SCALAR("item 1",plain) +// BLOCK-ENTRY +// SCALAR("item 2",plain) +// BLOCK-END +// BLOCK-ENTRY +// BLOCK-MAPPING-START +// KEY +// SCALAR("key 1",plain) +// VALUE +// SCALAR("value 1",plain) +// KEY +// SCALAR("key 2",plain) +// VALUE +// SCALAR("value 2",plain) +// BLOCK-END +// BLOCK-ENTRY +// BLOCK-MAPPING-START +// KEY +// SCALAR("complex key") +// VALUE +// SCALAR("complex value") +// BLOCK-END +// BLOCK-END +// STREAM-END +// +// 2. Collections in a mapping: +// +// ? a sequence +// : - item 1 +// - item 2 +// ? a mapping +// : key 1: value 1 +// key 2: value 2 +// +// Tokens: +// +// STREAM-START(utf-8) +// BLOCK-MAPPING-START +// KEY +// SCALAR("a sequence",plain) +// VALUE +// BLOCK-SEQUENCE-START +// BLOCK-ENTRY +// SCALAR("item 1",plain) +// BLOCK-ENTRY +// SCALAR("item 2",plain) +// BLOCK-END +// KEY +// SCALAR("a mapping",plain) +// VALUE +// BLOCK-MAPPING-START +// KEY +// SCALAR("key 1",plain) +// VALUE +// SCALAR("value 1",plain) +// KEY +// SCALAR("key 2",plain) +// VALUE +// SCALAR("value 2",plain) +// BLOCK-END +// BLOCK-END +// STREAM-END +// +// YAML also permits non-indented sequences if they are included into a block +// mapping. In this case, the token BLOCK-SEQUENCE-START is not produced: +// +// key: +// - item 1 # BLOCK-SEQUENCE-START is NOT produced here. +// - item 2 +// +// Tokens: +// +// STREAM-START(utf-8) +// BLOCK-MAPPING-START +// KEY +// SCALAR("key",plain) +// VALUE +// BLOCK-ENTRY +// SCALAR("item 1",plain) +// BLOCK-ENTRY +// SCALAR("item 2",plain) +// BLOCK-END +// + +// Ensure that the buffer contains the required number of characters. +// Return true on success, false on failure (reader error or memory error). +func cache(parser *yaml_parser_t, length int) bool { + // [Go] This was inlined: !cache(A, B) -> unread < B && !update(A, B) + return parser.unread >= length || yaml_parser_update_buffer(parser, length) +} + +// Advance the buffer pointer. +func skip(parser *yaml_parser_t) { + parser.mark.index++ + parser.mark.column++ + parser.unread-- + parser.buffer_pos += width(parser.buffer[parser.buffer_pos]) +} + +func skip_line(parser *yaml_parser_t) { + if is_crlf(parser.buffer, parser.buffer_pos) { + parser.mark.index += 2 + parser.mark.column = 0 + parser.mark.line++ + parser.unread -= 2 + parser.buffer_pos += 2 + } else if is_break(parser.buffer, parser.buffer_pos) { + parser.mark.index++ + parser.mark.column = 0 + parser.mark.line++ + parser.unread-- + parser.buffer_pos += width(parser.buffer[parser.buffer_pos]) + } +} + +// Copy a character to a string buffer and advance pointers. +func read(parser *yaml_parser_t, s []byte) []byte { + w := width(parser.buffer[parser.buffer_pos]) + if w == 0 { + panic("invalid character sequence") + } + if len(s) == 0 { + s = make([]byte, 0, 32) + } + if w == 1 && len(s)+w <= cap(s) { + s = s[:len(s)+1] + s[len(s)-1] = parser.buffer[parser.buffer_pos] + parser.buffer_pos++ + } else { + s = append(s, parser.buffer[parser.buffer_pos:parser.buffer_pos+w]...) + parser.buffer_pos += w + } + parser.mark.index++ + parser.mark.column++ + parser.unread-- + return s +} + +// Copy a line break character to a string buffer and advance pointers. +func read_line(parser *yaml_parser_t, s []byte) []byte { + buf := parser.buffer + pos := parser.buffer_pos + switch { + case buf[pos] == '\r' && buf[pos+1] == '\n': + // CR LF . LF + s = append(s, '\n') + parser.buffer_pos += 2 + parser.mark.index++ + parser.unread-- + case buf[pos] == '\r' || buf[pos] == '\n': + // CR|LF . LF + s = append(s, '\n') + parser.buffer_pos += 1 + case buf[pos] == '\xC2' && buf[pos+1] == '\x85': + // NEL . LF + s = append(s, '\n') + parser.buffer_pos += 2 + case buf[pos] == '\xE2' && buf[pos+1] == '\x80' && (buf[pos+2] == '\xA8' || buf[pos+2] == '\xA9'): + // LS|PS . LS|PS + s = append(s, buf[parser.buffer_pos:pos+3]...) + parser.buffer_pos += 3 + default: + return s + } + parser.mark.index++ + parser.mark.column = 0 + parser.mark.line++ + parser.unread-- + return s +} + +// Get the next token. +func yaml_parser_scan(parser *yaml_parser_t, token *yaml_token_t) bool { + // Erase the token object. + *token = yaml_token_t{} // [Go] Is this necessary? + + // No tokens after STREAM-END or error. + if parser.stream_end_produced || parser.error != yaml_NO_ERROR { + return true + } + + // Ensure that the tokens queue contains enough tokens. + if !parser.token_available { + if !yaml_parser_fetch_more_tokens(parser) { + return false + } + } + + // Fetch the next token from the queue. + *token = parser.tokens[parser.tokens_head] + parser.tokens_head++ + parser.tokens_parsed++ + parser.token_available = false + + if token.typ == yaml_STREAM_END_TOKEN { + parser.stream_end_produced = true + } + return true +} + +// Set the scanner error and return false. +func yaml_parser_set_scanner_error(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string) bool { + parser.error = yaml_SCANNER_ERROR + parser.context = context + parser.context_mark = context_mark + parser.problem = problem + parser.problem_mark = parser.mark + return false +} + +func yaml_parser_set_scanner_tag_error(parser *yaml_parser_t, directive bool, context_mark yaml_mark_t, problem string) bool { + context := "while parsing a tag" + if directive { + context = "while parsing a %TAG directive" + } + return yaml_parser_set_scanner_error(parser, context, context_mark, problem) +} + +func trace(args ...interface{}) func() { + pargs := append([]interface{}{"+++"}, args...) + fmt.Println(pargs...) + pargs = append([]interface{}{"---"}, args...) + return func() { fmt.Println(pargs...) } +} + +// Ensure that the tokens queue contains at least one token which can be +// returned to the Parser. +func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool { + // While we need more tokens to fetch, do it. + for { + if parser.tokens_head != len(parser.tokens) { + // If queue is non-empty, check if any potential simple key may + // occupy the head position. + head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed] + if !ok { + break + } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok { + return false + } else if !valid { + break + } + } + // Fetch the next token. + if !yaml_parser_fetch_next_token(parser) { + return false + } + } + + parser.token_available = true + return true +} + +// The dispatcher for token fetchers. +func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool { + // Ensure that the buffer is initialized. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + // Check if we just started scanning. Fetch STREAM-START then. + if !parser.stream_start_produced { + return yaml_parser_fetch_stream_start(parser) + } + + // Eat whitespaces and comments until we reach the next token. + if !yaml_parser_scan_to_next_token(parser) { + return false + } + + // Check the indentation level against the current column. + if !yaml_parser_unroll_indent(parser, parser.mark.column) { + return false + } + + // Ensure that the buffer contains at least 4 characters. 4 is the length + // of the longest indicators ('--- ' and '... '). + if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { + return false + } + + // Is it the end of the stream? + if is_z(parser.buffer, parser.buffer_pos) { + return yaml_parser_fetch_stream_end(parser) + } + + // Is it a directive? + if parser.mark.column == 0 && parser.buffer[parser.buffer_pos] == '%' { + return yaml_parser_fetch_directive(parser) + } + + buf := parser.buffer + pos := parser.buffer_pos + + // Is it the document start indicator? + if parser.mark.column == 0 && buf[pos] == '-' && buf[pos+1] == '-' && buf[pos+2] == '-' && is_blankz(buf, pos+3) { + return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_START_TOKEN) + } + + // Is it the document end indicator? + if parser.mark.column == 0 && buf[pos] == '.' && buf[pos+1] == '.' && buf[pos+2] == '.' && is_blankz(buf, pos+3) { + return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_END_TOKEN) + } + + // Is it the flow sequence start indicator? + if buf[pos] == '[' { + return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_SEQUENCE_START_TOKEN) + } + + // Is it the flow mapping start indicator? + if parser.buffer[parser.buffer_pos] == '{' { + return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_MAPPING_START_TOKEN) + } + + // Is it the flow sequence end indicator? + if parser.buffer[parser.buffer_pos] == ']' { + return yaml_parser_fetch_flow_collection_end(parser, + yaml_FLOW_SEQUENCE_END_TOKEN) + } + + // Is it the flow mapping end indicator? + if parser.buffer[parser.buffer_pos] == '}' { + return yaml_parser_fetch_flow_collection_end(parser, + yaml_FLOW_MAPPING_END_TOKEN) + } + + // Is it the flow entry indicator? + if parser.buffer[parser.buffer_pos] == ',' { + return yaml_parser_fetch_flow_entry(parser) + } + + // Is it the block entry indicator? + if parser.buffer[parser.buffer_pos] == '-' && is_blankz(parser.buffer, parser.buffer_pos+1) { + return yaml_parser_fetch_block_entry(parser) + } + + // Is it the key indicator? + if parser.buffer[parser.buffer_pos] == '?' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) { + return yaml_parser_fetch_key(parser) + } + + // Is it the value indicator? + if parser.buffer[parser.buffer_pos] == ':' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) { + return yaml_parser_fetch_value(parser) + } + + // Is it an alias? + if parser.buffer[parser.buffer_pos] == '*' { + return yaml_parser_fetch_anchor(parser, yaml_ALIAS_TOKEN) + } + + // Is it an anchor? + if parser.buffer[parser.buffer_pos] == '&' { + return yaml_parser_fetch_anchor(parser, yaml_ANCHOR_TOKEN) + } + + // Is it a tag? + if parser.buffer[parser.buffer_pos] == '!' { + return yaml_parser_fetch_tag(parser) + } + + // Is it a literal scalar? + if parser.buffer[parser.buffer_pos] == '|' && parser.flow_level == 0 { + return yaml_parser_fetch_block_scalar(parser, true) + } + + // Is it a folded scalar? + if parser.buffer[parser.buffer_pos] == '>' && parser.flow_level == 0 { + return yaml_parser_fetch_block_scalar(parser, false) + } + + // Is it a single-quoted scalar? + if parser.buffer[parser.buffer_pos] == '\'' { + return yaml_parser_fetch_flow_scalar(parser, true) + } + + // Is it a double-quoted scalar? + if parser.buffer[parser.buffer_pos] == '"' { + return yaml_parser_fetch_flow_scalar(parser, false) + } + + // Is it a plain scalar? + // + // A plain scalar may start with any non-blank characters except + // + // '-', '?', ':', ',', '[', ']', '{', '}', + // '#', '&', '*', '!', '|', '>', '\'', '\"', + // '%', '@', '`'. + // + // In the block context (and, for the '-' indicator, in the flow context + // too), it may also start with the characters + // + // '-', '?', ':' + // + // if it is followed by a non-space character. + // + // The last rule is more restrictive than the specification requires. + // [Go] Make this logic more reasonable. + //switch parser.buffer[parser.buffer_pos] { + //case '-', '?', ':', ',', '?', '-', ',', ':', ']', '[', '}', '{', '&', '#', '!', '*', '>', '|', '"', '\'', '@', '%', '-', '`': + //} + if !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '-' || + parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':' || + parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '[' || + parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' || + parser.buffer[parser.buffer_pos] == '}' || parser.buffer[parser.buffer_pos] == '#' || + parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '*' || + parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '|' || + parser.buffer[parser.buffer_pos] == '>' || parser.buffer[parser.buffer_pos] == '\'' || + parser.buffer[parser.buffer_pos] == '"' || parser.buffer[parser.buffer_pos] == '%' || + parser.buffer[parser.buffer_pos] == '@' || parser.buffer[parser.buffer_pos] == '`') || + (parser.buffer[parser.buffer_pos] == '-' && !is_blank(parser.buffer, parser.buffer_pos+1)) || + (parser.flow_level == 0 && + (parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':') && + !is_blankz(parser.buffer, parser.buffer_pos+1)) { + return yaml_parser_fetch_plain_scalar(parser) + } + + // If we don't determine the token type so far, it is an error. + return yaml_parser_set_scanner_error(parser, + "while scanning for the next token", parser.mark, + "found character that cannot start any token") +} + +func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) { + if !simple_key.possible { + return false, true + } + + // The 1.2 specification says: + // + // "If the ? indicator is omitted, parsing needs to see past the + // implicit key to recognize it as such. To limit the amount of + // lookahead required, the “:” indicator must appear at most 1024 + // Unicode characters beyond the start of the key. In addition, the key + // is restricted to a single line." + // + if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index { + // Check if the potential simple key to be removed is required. + if simple_key.required { + return false, yaml_parser_set_scanner_error(parser, + "while scanning a simple key", simple_key.mark, + "could not find expected ':'") + } + simple_key.possible = false + return false, true + } + return true, true +} + +// Check if a simple key may start at the current position and add it if +// needed. +func yaml_parser_save_simple_key(parser *yaml_parser_t) bool { + // A simple key is required at the current position if the scanner is in + // the block context and the current column coincides with the indentation + // level. + + required := parser.flow_level == 0 && parser.indent == parser.mark.column + + // + // If the current position may start a simple key, save it. + // + if parser.simple_key_allowed { + simple_key := yaml_simple_key_t{ + possible: true, + required: required, + token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head), + mark: parser.mark, + } + + if !yaml_parser_remove_simple_key(parser) { + return false + } + parser.simple_keys[len(parser.simple_keys)-1] = simple_key + parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1 + } + return true +} + +// Remove a potential simple key at the current flow level. +func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool { + i := len(parser.simple_keys) - 1 + if parser.simple_keys[i].possible { + // If the key is required, it is an error. + if parser.simple_keys[i].required { + return yaml_parser_set_scanner_error(parser, + "while scanning a simple key", parser.simple_keys[i].mark, + "could not find expected ':'") + } + // Remove the key from the stack. + parser.simple_keys[i].possible = false + delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number) + } + return true +} + +// max_flow_level limits the flow_level +const max_flow_level = 10000 + +// Increase the flow level and resize the simple key list if needed. +func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool { + // Reset the simple key on the next level. + parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{ + possible: false, + required: false, + token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head), + mark: parser.mark, + }) + + // Increase the flow level. + parser.flow_level++ + if parser.flow_level > max_flow_level { + return yaml_parser_set_scanner_error(parser, + "while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark, + fmt.Sprintf("exceeded max depth of %d", max_flow_level)) + } + return true +} + +// Decrease the flow level. +func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool { + if parser.flow_level > 0 { + parser.flow_level-- + last := len(parser.simple_keys) - 1 + delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number) + parser.simple_keys = parser.simple_keys[:last] + } + return true +} + +// max_indents limits the indents stack size +const max_indents = 10000 + +// Push the current indentation level to the stack and set the new level +// the current column is greater than the indentation level. In this case, +// append or insert the specified token into the token queue. +func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml_token_type_t, mark yaml_mark_t) bool { + // In the flow context, do nothing. + if parser.flow_level > 0 { + return true + } + + if parser.indent < column { + // Push the current indentation level to the stack and set the new + // indentation level. + parser.indents = append(parser.indents, parser.indent) + parser.indent = column + if len(parser.indents) > max_indents { + return yaml_parser_set_scanner_error(parser, + "while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark, + fmt.Sprintf("exceeded max depth of %d", max_indents)) + } + + // Create a token and insert it into the queue. + token := yaml_token_t{ + typ: typ, + start_mark: mark, + end_mark: mark, + } + if number > -1 { + number -= parser.tokens_parsed + } + yaml_insert_token(parser, number, &token) + } + return true +} + +// Pop indentation levels from the indents stack until the current level +// becomes less or equal to the column. For each indentation level, append +// the BLOCK-END token. +func yaml_parser_unroll_indent(parser *yaml_parser_t, column int) bool { + // In the flow context, do nothing. + if parser.flow_level > 0 { + return true + } + + // Loop through the indentation levels in the stack. + for parser.indent > column { + // Create a token and append it to the queue. + token := yaml_token_t{ + typ: yaml_BLOCK_END_TOKEN, + start_mark: parser.mark, + end_mark: parser.mark, + } + yaml_insert_token(parser, -1, &token) + + // Pop the indentation level. + parser.indent = parser.indents[len(parser.indents)-1] + parser.indents = parser.indents[:len(parser.indents)-1] + } + return true +} + +// Initialize the scanner and produce the STREAM-START token. +func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool { + + // Set the initial indentation. + parser.indent = -1 + + // Initialize the simple key stack. + parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{}) + + parser.simple_keys_by_tok = make(map[int]int) + + // A simple key is allowed at the beginning of the stream. + parser.simple_key_allowed = true + + // We have started. + parser.stream_start_produced = true + + // Create the STREAM-START token and append it to the queue. + token := yaml_token_t{ + typ: yaml_STREAM_START_TOKEN, + start_mark: parser.mark, + end_mark: parser.mark, + encoding: parser.encoding, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the STREAM-END token and shut down the scanner. +func yaml_parser_fetch_stream_end(parser *yaml_parser_t) bool { + + // Force new line. + if parser.mark.column != 0 { + parser.mark.column = 0 + parser.mark.line++ + } + + // Reset the indentation level. + if !yaml_parser_unroll_indent(parser, -1) { + return false + } + + // Reset simple keys. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + parser.simple_key_allowed = false + + // Create the STREAM-END token and append it to the queue. + token := yaml_token_t{ + typ: yaml_STREAM_END_TOKEN, + start_mark: parser.mark, + end_mark: parser.mark, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce a VERSION-DIRECTIVE or TAG-DIRECTIVE token. +func yaml_parser_fetch_directive(parser *yaml_parser_t) bool { + // Reset the indentation level. + if !yaml_parser_unroll_indent(parser, -1) { + return false + } + + // Reset simple keys. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + parser.simple_key_allowed = false + + // Create the YAML-DIRECTIVE or TAG-DIRECTIVE token. + token := yaml_token_t{} + if !yaml_parser_scan_directive(parser, &token) { + return false + } + // Append the token to the queue. + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the DOCUMENT-START or DOCUMENT-END token. +func yaml_parser_fetch_document_indicator(parser *yaml_parser_t, typ yaml_token_type_t) bool { + // Reset the indentation level. + if !yaml_parser_unroll_indent(parser, -1) { + return false + } + + // Reset simple keys. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + parser.simple_key_allowed = false + + // Consume the token. + start_mark := parser.mark + + skip(parser) + skip(parser) + skip(parser) + + end_mark := parser.mark + + // Create the DOCUMENT-START or DOCUMENT-END token. + token := yaml_token_t{ + typ: typ, + start_mark: start_mark, + end_mark: end_mark, + } + // Append the token to the queue. + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the FLOW-SEQUENCE-START or FLOW-MAPPING-START token. +func yaml_parser_fetch_flow_collection_start(parser *yaml_parser_t, typ yaml_token_type_t) bool { + // The indicators '[' and '{' may start a simple key. + if !yaml_parser_save_simple_key(parser) { + return false + } + + // Increase the flow level. + if !yaml_parser_increase_flow_level(parser) { + return false + } + + // A simple key may follow the indicators '[' and '{'. + parser.simple_key_allowed = true + + // Consume the token. + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the FLOW-SEQUENCE-START of FLOW-MAPPING-START token. + token := yaml_token_t{ + typ: typ, + start_mark: start_mark, + end_mark: end_mark, + } + // Append the token to the queue. + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the FLOW-SEQUENCE-END or FLOW-MAPPING-END token. +func yaml_parser_fetch_flow_collection_end(parser *yaml_parser_t, typ yaml_token_type_t) bool { + // Reset any potential simple key on the current flow level. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + // Decrease the flow level. + if !yaml_parser_decrease_flow_level(parser) { + return false + } + + // No simple keys after the indicators ']' and '}'. + parser.simple_key_allowed = false + + // Consume the token. + + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the FLOW-SEQUENCE-END of FLOW-MAPPING-END token. + token := yaml_token_t{ + typ: typ, + start_mark: start_mark, + end_mark: end_mark, + } + // Append the token to the queue. + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the FLOW-ENTRY token. +func yaml_parser_fetch_flow_entry(parser *yaml_parser_t) bool { + // Reset any potential simple keys on the current flow level. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + // Simple keys are allowed after ','. + parser.simple_key_allowed = true + + // Consume the token. + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the FLOW-ENTRY token and append it to the queue. + token := yaml_token_t{ + typ: yaml_FLOW_ENTRY_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the BLOCK-ENTRY token. +func yaml_parser_fetch_block_entry(parser *yaml_parser_t) bool { + // Check if the scanner is in the block context. + if parser.flow_level == 0 { + // Check if we are allowed to start a new entry. + if !parser.simple_key_allowed { + return yaml_parser_set_scanner_error(parser, "", parser.mark, + "block sequence entries are not allowed in this context") + } + // Add the BLOCK-SEQUENCE-START token if needed. + if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_SEQUENCE_START_TOKEN, parser.mark) { + return false + } + } else { + // It is an error for the '-' indicator to occur in the flow context, + // but we let the Parser detect and report about it because the Parser + // is able to point to the context. + } + + // Reset any potential simple keys on the current flow level. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + // Simple keys are allowed after '-'. + parser.simple_key_allowed = true + + // Consume the token. + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the BLOCK-ENTRY token and append it to the queue. + token := yaml_token_t{ + typ: yaml_BLOCK_ENTRY_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the KEY token. +func yaml_parser_fetch_key(parser *yaml_parser_t) bool { + + // In the block context, additional checks are required. + if parser.flow_level == 0 { + // Check if we are allowed to start a new key (not nessesary simple). + if !parser.simple_key_allowed { + return yaml_parser_set_scanner_error(parser, "", parser.mark, + "mapping keys are not allowed in this context") + } + // Add the BLOCK-MAPPING-START token if needed. + if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) { + return false + } + } + + // Reset any potential simple keys on the current flow level. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + // Simple keys are allowed after '?' in the block context. + parser.simple_key_allowed = parser.flow_level == 0 + + // Consume the token. + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the KEY token and append it to the queue. + token := yaml_token_t{ + typ: yaml_KEY_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the VALUE token. +func yaml_parser_fetch_value(parser *yaml_parser_t) bool { + + simple_key := &parser.simple_keys[len(parser.simple_keys)-1] + + // Have we found a simple key? + if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok { + return false + + } else if valid { + + // Create the KEY token and insert it into the queue. + token := yaml_token_t{ + typ: yaml_KEY_TOKEN, + start_mark: simple_key.mark, + end_mark: simple_key.mark, + } + yaml_insert_token(parser, simple_key.token_number-parser.tokens_parsed, &token) + + // In the block context, we may need to add the BLOCK-MAPPING-START token. + if !yaml_parser_roll_indent(parser, simple_key.mark.column, + simple_key.token_number, + yaml_BLOCK_MAPPING_START_TOKEN, simple_key.mark) { + return false + } + + // Remove the simple key. + simple_key.possible = false + delete(parser.simple_keys_by_tok, simple_key.token_number) + + // A simple key cannot follow another simple key. + parser.simple_key_allowed = false + + } else { + // The ':' indicator follows a complex key. + + // In the block context, extra checks are required. + if parser.flow_level == 0 { + + // Check if we are allowed to start a complex value. + if !parser.simple_key_allowed { + return yaml_parser_set_scanner_error(parser, "", parser.mark, + "mapping values are not allowed in this context") + } + + // Add the BLOCK-MAPPING-START token if needed. + if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) { + return false + } + } + + // Simple keys after ':' are allowed in the block context. + parser.simple_key_allowed = parser.flow_level == 0 + } + + // Consume the token. + start_mark := parser.mark + skip(parser) + end_mark := parser.mark + + // Create the VALUE token and append it to the queue. + token := yaml_token_t{ + typ: yaml_VALUE_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the ALIAS or ANCHOR token. +func yaml_parser_fetch_anchor(parser *yaml_parser_t, typ yaml_token_type_t) bool { + // An anchor or an alias could be a simple key. + if !yaml_parser_save_simple_key(parser) { + return false + } + + // A simple key cannot follow an anchor or an alias. + parser.simple_key_allowed = false + + // Create the ALIAS or ANCHOR token and append it to the queue. + var token yaml_token_t + if !yaml_parser_scan_anchor(parser, &token, typ) { + return false + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the TAG token. +func yaml_parser_fetch_tag(parser *yaml_parser_t) bool { + // A tag could be a simple key. + if !yaml_parser_save_simple_key(parser) { + return false + } + + // A simple key cannot follow a tag. + parser.simple_key_allowed = false + + // Create the TAG token and append it to the queue. + var token yaml_token_t + if !yaml_parser_scan_tag(parser, &token) { + return false + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the SCALAR(...,literal) or SCALAR(...,folded) tokens. +func yaml_parser_fetch_block_scalar(parser *yaml_parser_t, literal bool) bool { + // Remove any potential simple keys. + if !yaml_parser_remove_simple_key(parser) { + return false + } + + // A simple key may follow a block scalar. + parser.simple_key_allowed = true + + // Create the SCALAR token and append it to the queue. + var token yaml_token_t + if !yaml_parser_scan_block_scalar(parser, &token, literal) { + return false + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the SCALAR(...,single-quoted) or SCALAR(...,double-quoted) tokens. +func yaml_parser_fetch_flow_scalar(parser *yaml_parser_t, single bool) bool { + // A plain scalar could be a simple key. + if !yaml_parser_save_simple_key(parser) { + return false + } + + // A simple key cannot follow a flow scalar. + parser.simple_key_allowed = false + + // Create the SCALAR token and append it to the queue. + var token yaml_token_t + if !yaml_parser_scan_flow_scalar(parser, &token, single) { + return false + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Produce the SCALAR(...,plain) token. +func yaml_parser_fetch_plain_scalar(parser *yaml_parser_t) bool { + // A plain scalar could be a simple key. + if !yaml_parser_save_simple_key(parser) { + return false + } + + // A simple key cannot follow a flow scalar. + parser.simple_key_allowed = false + + // Create the SCALAR token and append it to the queue. + var token yaml_token_t + if !yaml_parser_scan_plain_scalar(parser, &token) { + return false + } + yaml_insert_token(parser, -1, &token) + return true +} + +// Eat whitespaces and comments until the next token is found. +func yaml_parser_scan_to_next_token(parser *yaml_parser_t) bool { + + // Until the next token is not found. + for { + // Allow the BOM mark to start a line. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if parser.mark.column == 0 && is_bom(parser.buffer, parser.buffer_pos) { + skip(parser) + } + + // Eat whitespaces. + // Tabs are allowed: + // - in the flow context + // - in the block context, but not at the beginning of the line or + // after '-', '?', or ':' (complex value). + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + for parser.buffer[parser.buffer_pos] == ' ' || ((parser.flow_level > 0 || !parser.simple_key_allowed) && parser.buffer[parser.buffer_pos] == '\t') { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Eat a comment until a line break. + if parser.buffer[parser.buffer_pos] == '#' { + for !is_breakz(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + } + + // If it is a line break, eat it. + if is_break(parser.buffer, parser.buffer_pos) { + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + skip_line(parser) + + // In the block context, a new line may start a simple key. + if parser.flow_level == 0 { + parser.simple_key_allowed = true + } + } else { + break // We have found a token. + } + } + + return true +} + +// Scan a YAML-DIRECTIVE or TAG-DIRECTIVE token. +// +// Scope: +// %YAML 1.1 # a comment \n +// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +// %TAG !yaml! tag:yaml.org,2002: \n +// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +// +func yaml_parser_scan_directive(parser *yaml_parser_t, token *yaml_token_t) bool { + // Eat '%'. + start_mark := parser.mark + skip(parser) + + // Scan the directive name. + var name []byte + if !yaml_parser_scan_directive_name(parser, start_mark, &name) { + return false + } + + // Is it a YAML directive? + if bytes.Equal(name, []byte("YAML")) { + // Scan the VERSION directive value. + var major, minor int8 + if !yaml_parser_scan_version_directive_value(parser, start_mark, &major, &minor) { + return false + } + end_mark := parser.mark + + // Create a VERSION-DIRECTIVE token. + *token = yaml_token_t{ + typ: yaml_VERSION_DIRECTIVE_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + major: major, + minor: minor, + } + + // Is it a TAG directive? + } else if bytes.Equal(name, []byte("TAG")) { + // Scan the TAG directive value. + var handle, prefix []byte + if !yaml_parser_scan_tag_directive_value(parser, start_mark, &handle, &prefix) { + return false + } + end_mark := parser.mark + + // Create a TAG-DIRECTIVE token. + *token = yaml_token_t{ + typ: yaml_TAG_DIRECTIVE_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + value: handle, + prefix: prefix, + } + + // Unknown directive. + } else { + yaml_parser_set_scanner_error(parser, "while scanning a directive", + start_mark, "found unknown directive name") + return false + } + + // Eat the rest of the line including any comments. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + for is_blank(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + if parser.buffer[parser.buffer_pos] == '#' { + for !is_breakz(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + } + + // Check if we are at the end of the line. + if !is_breakz(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a directive", + start_mark, "did not find expected comment or line break") + return false + } + + // Eat a line break. + if is_break(parser.buffer, parser.buffer_pos) { + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + skip_line(parser) + } + + return true +} + +// Scan the directive name. +// +// Scope: +// %YAML 1.1 # a comment \n +// ^^^^ +// %TAG !yaml! tag:yaml.org,2002: \n +// ^^^ +// +func yaml_parser_scan_directive_name(parser *yaml_parser_t, start_mark yaml_mark_t, name *[]byte) bool { + // Consume the directive name. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + var s []byte + for is_alpha(parser.buffer, parser.buffer_pos) { + s = read(parser, s) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Check if the name is empty. + if len(s) == 0 { + yaml_parser_set_scanner_error(parser, "while scanning a directive", + start_mark, "could not find expected directive name") + return false + } + + // Check for an blank character after the name. + if !is_blankz(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a directive", + start_mark, "found unexpected non-alphabetical character") + return false + } + *name = s + return true +} + +// Scan the value of VERSION-DIRECTIVE. +// +// Scope: +// %YAML 1.1 # a comment \n +// ^^^^^^ +func yaml_parser_scan_version_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, major, minor *int8) bool { + // Eat whitespaces. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + for is_blank(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Consume the major version number. + if !yaml_parser_scan_version_directive_number(parser, start_mark, major) { + return false + } + + // Eat '.'. + if parser.buffer[parser.buffer_pos] != '.' { + return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", + start_mark, "did not find expected digit or '.' character") + } + + skip(parser) + + // Consume the minor version number. + if !yaml_parser_scan_version_directive_number(parser, start_mark, minor) { + return false + } + return true +} + +const max_number_length = 2 + +// Scan the version number of VERSION-DIRECTIVE. +// +// Scope: +// %YAML 1.1 # a comment \n +// ^ +// %YAML 1.1 # a comment \n +// ^ +func yaml_parser_scan_version_directive_number(parser *yaml_parser_t, start_mark yaml_mark_t, number *int8) bool { + + // Repeat while the next character is digit. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + var value, length int8 + for is_digit(parser.buffer, parser.buffer_pos) { + // Check if the number is too long. + length++ + if length > max_number_length { + return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", + start_mark, "found extremely long version number") + } + value = value*10 + int8(as_digit(parser.buffer, parser.buffer_pos)) + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Check if the number was present. + if length == 0 { + return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", + start_mark, "did not find expected version number") + } + *number = value + return true +} + +// Scan the value of a TAG-DIRECTIVE token. +// +// Scope: +// %TAG !yaml! tag:yaml.org,2002: \n +// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +// +func yaml_parser_scan_tag_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, handle, prefix *[]byte) bool { + var handle_value, prefix_value []byte + + // Eat whitespaces. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + for is_blank(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Scan a handle. + if !yaml_parser_scan_tag_handle(parser, true, start_mark, &handle_value) { + return false + } + + // Expect a whitespace. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if !is_blank(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive", + start_mark, "did not find expected whitespace") + return false + } + + // Eat whitespaces. + for is_blank(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Scan a prefix. + if !yaml_parser_scan_tag_uri(parser, true, nil, start_mark, &prefix_value) { + return false + } + + // Expect a whitespace or line break. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if !is_blankz(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive", + start_mark, "did not find expected whitespace or line break") + return false + } + + *handle = handle_value + *prefix = prefix_value + return true +} + +func yaml_parser_scan_anchor(parser *yaml_parser_t, token *yaml_token_t, typ yaml_token_type_t) bool { + var s []byte + + // Eat the indicator character. + start_mark := parser.mark + skip(parser) + + // Consume the value. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + for is_alpha(parser.buffer, parser.buffer_pos) { + s = read(parser, s) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + end_mark := parser.mark + + /* + * Check if length of the anchor is greater than 0 and it is followed by + * a whitespace character or one of the indicators: + * + * '?', ':', ',', ']', '}', '%', '@', '`'. + */ + + if len(s) == 0 || + !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '?' || + parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == ',' || + parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '}' || + parser.buffer[parser.buffer_pos] == '%' || parser.buffer[parser.buffer_pos] == '@' || + parser.buffer[parser.buffer_pos] == '`') { + context := "while scanning an alias" + if typ == yaml_ANCHOR_TOKEN { + context = "while scanning an anchor" + } + yaml_parser_set_scanner_error(parser, context, start_mark, + "did not find expected alphabetic or numeric character") + return false + } + + // Create a token. + *token = yaml_token_t{ + typ: typ, + start_mark: start_mark, + end_mark: end_mark, + value: s, + } + + return true +} + +/* + * Scan a TAG token. + */ + +func yaml_parser_scan_tag(parser *yaml_parser_t, token *yaml_token_t) bool { + var handle, suffix []byte + + start_mark := parser.mark + + // Check if the tag is in the canonical form. + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + + if parser.buffer[parser.buffer_pos+1] == '<' { + // Keep the handle as '' + + // Eat '!<' + skip(parser) + skip(parser) + + // Consume the tag value. + if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) { + return false + } + + // Check for '>' and eat it. + if parser.buffer[parser.buffer_pos] != '>' { + yaml_parser_set_scanner_error(parser, "while scanning a tag", + start_mark, "did not find the expected '>'") + return false + } + + skip(parser) + } else { + // The tag has either the '!suffix' or the '!handle!suffix' form. + + // First, try to scan a handle. + if !yaml_parser_scan_tag_handle(parser, false, start_mark, &handle) { + return false + } + + // Check if it is, indeed, handle. + if handle[0] == '!' && len(handle) > 1 && handle[len(handle)-1] == '!' { + // Scan the suffix now. + if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) { + return false + } + } else { + // It wasn't a handle after all. Scan the rest of the tag. + if !yaml_parser_scan_tag_uri(parser, false, handle, start_mark, &suffix) { + return false + } + + // Set the handle to '!'. + handle = []byte{'!'} + + // A special case: the '!' tag. Set the handle to '' and the + // suffix to '!'. + if len(suffix) == 0 { + handle, suffix = suffix, handle + } + } + } + + // Check the character which ends the tag. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if !is_blankz(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a tag", + start_mark, "did not find expected whitespace or line break") + return false + } + + end_mark := parser.mark + + // Create a token. + *token = yaml_token_t{ + typ: yaml_TAG_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + value: handle, + suffix: suffix, + } + return true +} + +// Scan a tag handle. +func yaml_parser_scan_tag_handle(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, handle *[]byte) bool { + // Check the initial '!' character. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if parser.buffer[parser.buffer_pos] != '!' { + yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "did not find expected '!'") + return false + } + + var s []byte + + // Copy the '!' character. + s = read(parser, s) + + // Copy all subsequent alphabetical and numerical characters. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + for is_alpha(parser.buffer, parser.buffer_pos) { + s = read(parser, s) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Check if the trailing character is '!' and copy it. + if parser.buffer[parser.buffer_pos] == '!' { + s = read(parser, s) + } else { + // It's either the '!' tag or not really a tag handle. If it's a %TAG + // directive, it's an error. If it's a tag token, it must be a part of URI. + if directive && string(s) != "!" { + yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "did not find expected '!'") + return false + } + } + + *handle = s + return true +} + +// Scan a tag. +func yaml_parser_scan_tag_uri(parser *yaml_parser_t, directive bool, head []byte, start_mark yaml_mark_t, uri *[]byte) bool { + //size_t length = head ? strlen((char *)head) : 0 + var s []byte + hasTag := len(head) > 0 + + // Copy the head if needed. + // + // Note that we don't copy the leading '!' character. + if len(head) > 1 { + s = append(s, head[1:]...) + } + + // Scan the tag. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + // The set of characters that may appear in URI is as follows: + // + // '0'-'9', 'A'-'Z', 'a'-'z', '_', '-', ';', '/', '?', ':', '@', '&', + // '=', '+', '$', ',', '.', '!', '~', '*', '\'', '(', ')', '[', ']', + // '%'. + // [Go] Convert this into more reasonable logic. + for is_alpha(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == ';' || + parser.buffer[parser.buffer_pos] == '/' || parser.buffer[parser.buffer_pos] == '?' || + parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == '@' || + parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '=' || + parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '$' || + parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '.' || + parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '~' || + parser.buffer[parser.buffer_pos] == '*' || parser.buffer[parser.buffer_pos] == '\'' || + parser.buffer[parser.buffer_pos] == '(' || parser.buffer[parser.buffer_pos] == ')' || + parser.buffer[parser.buffer_pos] == '[' || parser.buffer[parser.buffer_pos] == ']' || + parser.buffer[parser.buffer_pos] == '%' { + // Check if it is a URI-escape sequence. + if parser.buffer[parser.buffer_pos] == '%' { + if !yaml_parser_scan_uri_escapes(parser, directive, start_mark, &s) { + return false + } + } else { + s = read(parser, s) + } + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + hasTag = true + } + + if !hasTag { + yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "did not find expected tag URI") + return false + } + *uri = s + return true +} + +// Decode an URI-escape sequence corresponding to a single UTF-8 character. +func yaml_parser_scan_uri_escapes(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, s *[]byte) bool { + + // Decode the required number of characters. + w := 1024 + for w > 0 { + // Check for a URI-escaped octet. + if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) { + return false + } + + if !(parser.buffer[parser.buffer_pos] == '%' && + is_hex(parser.buffer, parser.buffer_pos+1) && + is_hex(parser.buffer, parser.buffer_pos+2)) { + return yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "did not find URI escaped octet") + } + + // Get the octet. + octet := byte((as_hex(parser.buffer, parser.buffer_pos+1) << 4) + as_hex(parser.buffer, parser.buffer_pos+2)) + + // If it is the leading octet, determine the length of the UTF-8 sequence. + if w == 1024 { + w = width(octet) + if w == 0 { + return yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "found an incorrect leading UTF-8 octet") + } + } else { + // Check if the trailing octet is correct. + if octet&0xC0 != 0x80 { + return yaml_parser_set_scanner_tag_error(parser, directive, + start_mark, "found an incorrect trailing UTF-8 octet") + } + } + + // Copy the octet and move the pointers. + *s = append(*s, octet) + skip(parser) + skip(parser) + skip(parser) + w-- + } + return true +} + +// Scan a block scalar. +func yaml_parser_scan_block_scalar(parser *yaml_parser_t, token *yaml_token_t, literal bool) bool { + // Eat the indicator '|' or '>'. + start_mark := parser.mark + skip(parser) + + // Scan the additional block scalar indicators. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + // Check for a chomping indicator. + var chomping, increment int + if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' { + // Set the chomping method and eat the indicator. + if parser.buffer[parser.buffer_pos] == '+' { + chomping = +1 + } else { + chomping = -1 + } + skip(parser) + + // Check for an indentation indicator. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if is_digit(parser.buffer, parser.buffer_pos) { + // Check that the indentation is greater than 0. + if parser.buffer[parser.buffer_pos] == '0' { + yaml_parser_set_scanner_error(parser, "while scanning a block scalar", + start_mark, "found an indentation indicator equal to 0") + return false + } + + // Get the indentation level and eat the indicator. + increment = as_digit(parser.buffer, parser.buffer_pos) + skip(parser) + } + + } else if is_digit(parser.buffer, parser.buffer_pos) { + // Do the same as above, but in the opposite order. + + if parser.buffer[parser.buffer_pos] == '0' { + yaml_parser_set_scanner_error(parser, "while scanning a block scalar", + start_mark, "found an indentation indicator equal to 0") + return false + } + increment = as_digit(parser.buffer, parser.buffer_pos) + skip(parser) + + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' { + if parser.buffer[parser.buffer_pos] == '+' { + chomping = +1 + } else { + chomping = -1 + } + skip(parser) + } + } + + // Eat whitespaces and comments to the end of the line. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + for is_blank(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + if parser.buffer[parser.buffer_pos] == '#' { + for !is_breakz(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + } + + // Check if we are at the end of the line. + if !is_breakz(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a block scalar", + start_mark, "did not find expected comment or line break") + return false + } + + // Eat a line break. + if is_break(parser.buffer, parser.buffer_pos) { + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + skip_line(parser) + } + + end_mark := parser.mark + + // Set the indentation level if it was specified. + var indent int + if increment > 0 { + if parser.indent >= 0 { + indent = parser.indent + increment + } else { + indent = increment + } + } + + // Scan the leading line breaks and determine the indentation level if needed. + var s, leading_break, trailing_breaks []byte + if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) { + return false + } + + // Scan the block scalar content. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + var leading_blank, trailing_blank bool + for parser.mark.column == indent && !is_z(parser.buffer, parser.buffer_pos) { + // We are at the beginning of a non-empty line. + + // Is it a trailing whitespace? + trailing_blank = is_blank(parser.buffer, parser.buffer_pos) + + // Check if we need to fold the leading line break. + if !literal && !leading_blank && !trailing_blank && len(leading_break) > 0 && leading_break[0] == '\n' { + // Do we need to join the lines by space? + if len(trailing_breaks) == 0 { + s = append(s, ' ') + } + } else { + s = append(s, leading_break...) + } + leading_break = leading_break[:0] + + // Append the remaining line breaks. + s = append(s, trailing_breaks...) + trailing_breaks = trailing_breaks[:0] + + // Is it a leading whitespace? + leading_blank = is_blank(parser.buffer, parser.buffer_pos) + + // Consume the current line. + for !is_breakz(parser.buffer, parser.buffer_pos) { + s = read(parser, s) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Consume the line break. + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + + leading_break = read_line(parser, leading_break) + + // Eat the following indentation spaces and line breaks. + if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) { + return false + } + } + + // Chomp the tail. + if chomping != -1 { + s = append(s, leading_break...) + } + if chomping == 1 { + s = append(s, trailing_breaks...) + } + + // Create a token. + *token = yaml_token_t{ + typ: yaml_SCALAR_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + value: s, + style: yaml_LITERAL_SCALAR_STYLE, + } + if !literal { + token.style = yaml_FOLDED_SCALAR_STYLE + } + return true +} + +// Scan indentation spaces and line breaks for a block scalar. Determine the +// indentation level if needed. +func yaml_parser_scan_block_scalar_breaks(parser *yaml_parser_t, indent *int, breaks *[]byte, start_mark yaml_mark_t, end_mark *yaml_mark_t) bool { + *end_mark = parser.mark + + // Eat the indentation spaces and line breaks. + max_indent := 0 + for { + // Eat the indentation spaces. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + for (*indent == 0 || parser.mark.column < *indent) && is_space(parser.buffer, parser.buffer_pos) { + skip(parser) + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + if parser.mark.column > max_indent { + max_indent = parser.mark.column + } + + // Check for a tab character messing the indentation. + if (*indent == 0 || parser.mark.column < *indent) && is_tab(parser.buffer, parser.buffer_pos) { + return yaml_parser_set_scanner_error(parser, "while scanning a block scalar", + start_mark, "found a tab character where an indentation space is expected") + } + + // Have we found a non-empty line? + if !is_break(parser.buffer, parser.buffer_pos) { + break + } + + // Consume the line break. + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + // [Go] Should really be returning breaks instead. + *breaks = read_line(parser, *breaks) + *end_mark = parser.mark + } + + // Determine the indentation level if needed. + if *indent == 0 { + *indent = max_indent + if *indent < parser.indent+1 { + *indent = parser.indent + 1 + } + if *indent < 1 { + *indent = 1 + } + } + return true +} + +// Scan a quoted scalar. +func yaml_parser_scan_flow_scalar(parser *yaml_parser_t, token *yaml_token_t, single bool) bool { + // Eat the left quote. + start_mark := parser.mark + skip(parser) + + // Consume the content of the quoted scalar. + var s, leading_break, trailing_breaks, whitespaces []byte + for { + // Check that there are no document indicators at the beginning of the line. + if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { + return false + } + + if parser.mark.column == 0 && + ((parser.buffer[parser.buffer_pos+0] == '-' && + parser.buffer[parser.buffer_pos+1] == '-' && + parser.buffer[parser.buffer_pos+2] == '-') || + (parser.buffer[parser.buffer_pos+0] == '.' && + parser.buffer[parser.buffer_pos+1] == '.' && + parser.buffer[parser.buffer_pos+2] == '.')) && + is_blankz(parser.buffer, parser.buffer_pos+3) { + yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar", + start_mark, "found unexpected document indicator") + return false + } + + // Check for EOF. + if is_z(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar", + start_mark, "found unexpected end of stream") + return false + } + + // Consume non-blank characters. + leading_blanks := false + for !is_blankz(parser.buffer, parser.buffer_pos) { + if single && parser.buffer[parser.buffer_pos] == '\'' && parser.buffer[parser.buffer_pos+1] == '\'' { + // Is is an escaped single quote. + s = append(s, '\'') + skip(parser) + skip(parser) + + } else if single && parser.buffer[parser.buffer_pos] == '\'' { + // It is a right single quote. + break + } else if !single && parser.buffer[parser.buffer_pos] == '"' { + // It is a right double quote. + break + + } else if !single && parser.buffer[parser.buffer_pos] == '\\' && is_break(parser.buffer, parser.buffer_pos+1) { + // It is an escaped line break. + if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) { + return false + } + skip(parser) + skip_line(parser) + leading_blanks = true + break + + } else if !single && parser.buffer[parser.buffer_pos] == '\\' { + // It is an escape sequence. + code_length := 0 + + // Check the escape character. + switch parser.buffer[parser.buffer_pos+1] { + case '0': + s = append(s, 0) + case 'a': + s = append(s, '\x07') + case 'b': + s = append(s, '\x08') + case 't', '\t': + s = append(s, '\x09') + case 'n': + s = append(s, '\x0A') + case 'v': + s = append(s, '\x0B') + case 'f': + s = append(s, '\x0C') + case 'r': + s = append(s, '\x0D') + case 'e': + s = append(s, '\x1B') + case ' ': + s = append(s, '\x20') + case '"': + s = append(s, '"') + case '\'': + s = append(s, '\'') + case '\\': + s = append(s, '\\') + case 'N': // NEL (#x85) + s = append(s, '\xC2') + s = append(s, '\x85') + case '_': // #xA0 + s = append(s, '\xC2') + s = append(s, '\xA0') + case 'L': // LS (#x2028) + s = append(s, '\xE2') + s = append(s, '\x80') + s = append(s, '\xA8') + case 'P': // PS (#x2029) + s = append(s, '\xE2') + s = append(s, '\x80') + s = append(s, '\xA9') + case 'x': + code_length = 2 + case 'u': + code_length = 4 + case 'U': + code_length = 8 + default: + yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", + start_mark, "found unknown escape character") + return false + } + + skip(parser) + skip(parser) + + // Consume an arbitrary escape code. + if code_length > 0 { + var value int + + // Scan the character value. + if parser.unread < code_length && !yaml_parser_update_buffer(parser, code_length) { + return false + } + for k := 0; k < code_length; k++ { + if !is_hex(parser.buffer, parser.buffer_pos+k) { + yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", + start_mark, "did not find expected hexdecimal number") + return false + } + value = (value << 4) + as_hex(parser.buffer, parser.buffer_pos+k) + } + + // Check the value and write the character. + if (value >= 0xD800 && value <= 0xDFFF) || value > 0x10FFFF { + yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", + start_mark, "found invalid Unicode character escape code") + return false + } + if value <= 0x7F { + s = append(s, byte(value)) + } else if value <= 0x7FF { + s = append(s, byte(0xC0+(value>>6))) + s = append(s, byte(0x80+(value&0x3F))) + } else if value <= 0xFFFF { + s = append(s, byte(0xE0+(value>>12))) + s = append(s, byte(0x80+((value>>6)&0x3F))) + s = append(s, byte(0x80+(value&0x3F))) + } else { + s = append(s, byte(0xF0+(value>>18))) + s = append(s, byte(0x80+((value>>12)&0x3F))) + s = append(s, byte(0x80+((value>>6)&0x3F))) + s = append(s, byte(0x80+(value&0x3F))) + } + + // Advance the pointer. + for k := 0; k < code_length; k++ { + skip(parser) + } + } + } else { + // It is a non-escaped non-blank character. + s = read(parser, s) + } + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + } + + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + // Check if we are at the end of the scalar. + if single { + if parser.buffer[parser.buffer_pos] == '\'' { + break + } + } else { + if parser.buffer[parser.buffer_pos] == '"' { + break + } + } + + // Consume blank characters. + for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) { + if is_blank(parser.buffer, parser.buffer_pos) { + // Consume a space or a tab character. + if !leading_blanks { + whitespaces = read(parser, whitespaces) + } else { + skip(parser) + } + } else { + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + + // Check if it is a first line break. + if !leading_blanks { + whitespaces = whitespaces[:0] + leading_break = read_line(parser, leading_break) + leading_blanks = true + } else { + trailing_breaks = read_line(parser, trailing_breaks) + } + } + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Join the whitespaces or fold line breaks. + if leading_blanks { + // Do we need to fold line breaks? + if len(leading_break) > 0 && leading_break[0] == '\n' { + if len(trailing_breaks) == 0 { + s = append(s, ' ') + } else { + s = append(s, trailing_breaks...) + } + } else { + s = append(s, leading_break...) + s = append(s, trailing_breaks...) + } + trailing_breaks = trailing_breaks[:0] + leading_break = leading_break[:0] + } else { + s = append(s, whitespaces...) + whitespaces = whitespaces[:0] + } + } + + // Eat the right quote. + skip(parser) + end_mark := parser.mark + + // Create a token. + *token = yaml_token_t{ + typ: yaml_SCALAR_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + value: s, + style: yaml_SINGLE_QUOTED_SCALAR_STYLE, + } + if !single { + token.style = yaml_DOUBLE_QUOTED_SCALAR_STYLE + } + return true +} + +// Scan a plain scalar. +func yaml_parser_scan_plain_scalar(parser *yaml_parser_t, token *yaml_token_t) bool { + + var s, leading_break, trailing_breaks, whitespaces []byte + var leading_blanks bool + var indent = parser.indent + 1 + + start_mark := parser.mark + end_mark := parser.mark + + // Consume the content of the plain scalar. + for { + // Check for a document indicator. + if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { + return false + } + if parser.mark.column == 0 && + ((parser.buffer[parser.buffer_pos+0] == '-' && + parser.buffer[parser.buffer_pos+1] == '-' && + parser.buffer[parser.buffer_pos+2] == '-') || + (parser.buffer[parser.buffer_pos+0] == '.' && + parser.buffer[parser.buffer_pos+1] == '.' && + parser.buffer[parser.buffer_pos+2] == '.')) && + is_blankz(parser.buffer, parser.buffer_pos+3) { + break + } + + // Check for a comment. + if parser.buffer[parser.buffer_pos] == '#' { + break + } + + // Consume non-blank characters. + for !is_blankz(parser.buffer, parser.buffer_pos) { + + // Check for indicators that may end a plain scalar. + if (parser.buffer[parser.buffer_pos] == ':' && is_blankz(parser.buffer, parser.buffer_pos+1)) || + (parser.flow_level > 0 && + (parser.buffer[parser.buffer_pos] == ',' || + parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == '[' || + parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' || + parser.buffer[parser.buffer_pos] == '}')) { + break + } + + // Check if we need to join whitespaces and breaks. + if leading_blanks || len(whitespaces) > 0 { + if leading_blanks { + // Do we need to fold line breaks? + if leading_break[0] == '\n' { + if len(trailing_breaks) == 0 { + s = append(s, ' ') + } else { + s = append(s, trailing_breaks...) + } + } else { + s = append(s, leading_break...) + s = append(s, trailing_breaks...) + } + trailing_breaks = trailing_breaks[:0] + leading_break = leading_break[:0] + leading_blanks = false + } else { + s = append(s, whitespaces...) + whitespaces = whitespaces[:0] + } + } + + // Copy the character. + s = read(parser, s) + + end_mark = parser.mark + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + } + + // Is it the end? + if !(is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos)) { + break + } + + // Consume blank characters. + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + + for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) { + if is_blank(parser.buffer, parser.buffer_pos) { + + // Check for tab characters that abuse indentation. + if leading_blanks && parser.mark.column < indent && is_tab(parser.buffer, parser.buffer_pos) { + yaml_parser_set_scanner_error(parser, "while scanning a plain scalar", + start_mark, "found a tab character that violates indentation") + return false + } + + // Consume a space or a tab character. + if !leading_blanks { + whitespaces = read(parser, whitespaces) + } else { + skip(parser) + } + } else { + if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { + return false + } + + // Check if it is a first line break. + if !leading_blanks { + whitespaces = whitespaces[:0] + leading_break = read_line(parser, leading_break) + leading_blanks = true + } else { + trailing_breaks = read_line(parser, trailing_breaks) + } + } + if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { + return false + } + } + + // Check indentation level. + if parser.flow_level == 0 && parser.mark.column < indent { + break + } + } + + // Create a token. + *token = yaml_token_t{ + typ: yaml_SCALAR_TOKEN, + start_mark: start_mark, + end_mark: end_mark, + value: s, + style: yaml_PLAIN_SCALAR_STYLE, + } + + // Note that we change the 'simple_key_allowed' flag. + if leading_blanks { + parser.simple_key_allowed = true + } + return true +} diff --git a/vendor/gopkg.in/yaml.v2/sorter.go b/vendor/gopkg.in/yaml.v2/sorter.go new file mode 100644 index 00000000000..4c45e660a8f --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/sorter.go @@ -0,0 +1,113 @@ +package yaml + +import ( + "reflect" + "unicode" +) + +type keyList []reflect.Value + +func (l keyList) Len() int { return len(l) } +func (l keyList) Swap(i, j int) { l[i], l[j] = l[j], l[i] } +func (l keyList) Less(i, j int) bool { + a := l[i] + b := l[j] + ak := a.Kind() + bk := b.Kind() + for (ak == reflect.Interface || ak == reflect.Ptr) && !a.IsNil() { + a = a.Elem() + ak = a.Kind() + } + for (bk == reflect.Interface || bk == reflect.Ptr) && !b.IsNil() { + b = b.Elem() + bk = b.Kind() + } + af, aok := keyFloat(a) + bf, bok := keyFloat(b) + if aok && bok { + if af != bf { + return af < bf + } + if ak != bk { + return ak < bk + } + return numLess(a, b) + } + if ak != reflect.String || bk != reflect.String { + return ak < bk + } + ar, br := []rune(a.String()), []rune(b.String()) + for i := 0; i < len(ar) && i < len(br); i++ { + if ar[i] == br[i] { + continue + } + al := unicode.IsLetter(ar[i]) + bl := unicode.IsLetter(br[i]) + if al && bl { + return ar[i] < br[i] + } + if al || bl { + return bl + } + var ai, bi int + var an, bn int64 + if ar[i] == '0' || br[i] == '0' { + for j := i-1; j >= 0 && unicode.IsDigit(ar[j]); j-- { + if ar[j] != '0' { + an = 1 + bn = 1 + break + } + } + } + for ai = i; ai < len(ar) && unicode.IsDigit(ar[ai]); ai++ { + an = an*10 + int64(ar[ai]-'0') + } + for bi = i; bi < len(br) && unicode.IsDigit(br[bi]); bi++ { + bn = bn*10 + int64(br[bi]-'0') + } + if an != bn { + return an < bn + } + if ai != bi { + return ai < bi + } + return ar[i] < br[i] + } + return len(ar) < len(br) +} + +// keyFloat returns a float value for v if it is a number/bool +// and whether it is a number/bool or not. +func keyFloat(v reflect.Value) (f float64, ok bool) { + switch v.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return float64(v.Int()), true + case reflect.Float32, reflect.Float64: + return v.Float(), true + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return float64(v.Uint()), true + case reflect.Bool: + if v.Bool() { + return 1, true + } + return 0, true + } + return 0, false +} + +// numLess returns whether a < b. +// a and b must necessarily have the same kind. +func numLess(a, b reflect.Value) bool { + switch a.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return a.Int() < b.Int() + case reflect.Float32, reflect.Float64: + return a.Float() < b.Float() + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return a.Uint() < b.Uint() + case reflect.Bool: + return !a.Bool() && b.Bool() + } + panic("not a number") +} diff --git a/vendor/gopkg.in/yaml.v2/writerc.go b/vendor/gopkg.in/yaml.v2/writerc.go new file mode 100644 index 00000000000..a2dde608cb7 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/writerc.go @@ -0,0 +1,26 @@ +package yaml + +// Set the writer error and return false. +func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool { + emitter.error = yaml_WRITER_ERROR + emitter.problem = problem + return false +} + +// Flush the output buffer. +func yaml_emitter_flush(emitter *yaml_emitter_t) bool { + if emitter.write_handler == nil { + panic("write handler not set") + } + + // Check if the buffer is empty. + if emitter.buffer_pos == 0 { + return true + } + + if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil { + return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error()) + } + emitter.buffer_pos = 0 + return true +} diff --git a/vendor/gopkg.in/yaml.v2/yaml.go b/vendor/gopkg.in/yaml.v2/yaml.go new file mode 100644 index 00000000000..89650e293ac --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/yaml.go @@ -0,0 +1,466 @@ +// Package yaml implements YAML support for the Go language. +// +// Source code and other details for the project are available at GitHub: +// +// https://github.com/go-yaml/yaml +// +package yaml + +import ( + "errors" + "fmt" + "io" + "reflect" + "strings" + "sync" +) + +// MapSlice encodes and decodes as a YAML map. +// The order of keys is preserved when encoding and decoding. +type MapSlice []MapItem + +// MapItem is an item in a MapSlice. +type MapItem struct { + Key, Value interface{} +} + +// The Unmarshaler interface may be implemented by types to customize their +// behavior when being unmarshaled from a YAML document. The UnmarshalYAML +// method receives a function that may be called to unmarshal the original +// YAML value into a field or variable. It is safe to call the unmarshal +// function parameter more than once if necessary. +type Unmarshaler interface { + UnmarshalYAML(unmarshal func(interface{}) error) error +} + +// The Marshaler interface may be implemented by types to customize their +// behavior when being marshaled into a YAML document. The returned value +// is marshaled in place of the original value implementing Marshaler. +// +// If an error is returned by MarshalYAML, the marshaling procedure stops +// and returns with the provided error. +type Marshaler interface { + MarshalYAML() (interface{}, error) +} + +// Unmarshal decodes the first document found within the in byte slice +// and assigns decoded values into the out value. +// +// Maps and pointers (to a struct, string, int, etc) are accepted as out +// values. If an internal pointer within a struct is not initialized, +// the yaml package will initialize it if necessary for unmarshalling +// the provided data. The out parameter must not be nil. +// +// The type of the decoded values should be compatible with the respective +// values in out. If one or more values cannot be decoded due to a type +// mismatches, decoding continues partially until the end of the YAML +// content, and a *yaml.TypeError is returned with details for all +// missed values. +// +// Struct fields are only unmarshalled if they are exported (have an +// upper case first letter), and are unmarshalled using the field name +// lowercased as the default key. Custom keys may be defined via the +// "yaml" name in the field tag: the content preceding the first comma +// is used as the key, and the following comma-separated options are +// used to tweak the marshalling process (see Marshal). +// Conflicting names result in a runtime error. +// +// For example: +// +// type T struct { +// F int `yaml:"a,omitempty"` +// B int +// } +// var t T +// yaml.Unmarshal([]byte("a: 1\nb: 2"), &t) +// +// See the documentation of Marshal for the format of tags and a list of +// supported tag options. +// +func Unmarshal(in []byte, out interface{}) (err error) { + return unmarshal(in, out, false) +} + +// UnmarshalStrict is like Unmarshal except that any fields that are found +// in the data that do not have corresponding struct members, or mapping +// keys that are duplicates, will result in +// an error. +func UnmarshalStrict(in []byte, out interface{}) (err error) { + return unmarshal(in, out, true) +} + +// A Decoder reads and decodes YAML values from an input stream. +type Decoder struct { + strict bool + parser *parser +} + +// NewDecoder returns a new decoder that reads from r. +// +// The decoder introduces its own buffering and may read +// data from r beyond the YAML values requested. +func NewDecoder(r io.Reader) *Decoder { + return &Decoder{ + parser: newParserFromReader(r), + } +} + +// SetStrict sets whether strict decoding behaviour is enabled when +// decoding items in the data (see UnmarshalStrict). By default, decoding is not strict. +func (dec *Decoder) SetStrict(strict bool) { + dec.strict = strict +} + +// Decode reads the next YAML-encoded value from its input +// and stores it in the value pointed to by v. +// +// See the documentation for Unmarshal for details about the +// conversion of YAML into a Go value. +func (dec *Decoder) Decode(v interface{}) (err error) { + d := newDecoder(dec.strict) + defer handleErr(&err) + node := dec.parser.parse() + if node == nil { + return io.EOF + } + out := reflect.ValueOf(v) + if out.Kind() == reflect.Ptr && !out.IsNil() { + out = out.Elem() + } + d.unmarshal(node, out) + if len(d.terrors) > 0 { + return &TypeError{d.terrors} + } + return nil +} + +func unmarshal(in []byte, out interface{}, strict bool) (err error) { + defer handleErr(&err) + d := newDecoder(strict) + p := newParser(in) + defer p.destroy() + node := p.parse() + if node != nil { + v := reflect.ValueOf(out) + if v.Kind() == reflect.Ptr && !v.IsNil() { + v = v.Elem() + } + d.unmarshal(node, v) + } + if len(d.terrors) > 0 { + return &TypeError{d.terrors} + } + return nil +} + +// Marshal serializes the value provided into a YAML document. The structure +// of the generated document will reflect the structure of the value itself. +// Maps and pointers (to struct, string, int, etc) are accepted as the in value. +// +// Struct fields are only marshalled if they are exported (have an upper case +// first letter), and are marshalled using the field name lowercased as the +// default key. Custom keys may be defined via the "yaml" name in the field +// tag: the content preceding the first comma is used as the key, and the +// following comma-separated options are used to tweak the marshalling process. +// Conflicting names result in a runtime error. +// +// The field tag format accepted is: +// +// `(...) yaml:"[][,[,]]" (...)` +// +// The following flags are currently supported: +// +// omitempty Only include the field if it's not set to the zero +// value for the type or to empty slices or maps. +// Zero valued structs will be omitted if all their public +// fields are zero, unless they implement an IsZero +// method (see the IsZeroer interface type), in which +// case the field will be included if that method returns true. +// +// flow Marshal using a flow style (useful for structs, +// sequences and maps). +// +// inline Inline the field, which must be a struct or a map, +// causing all of its fields or keys to be processed as if +// they were part of the outer struct. For maps, keys must +// not conflict with the yaml keys of other struct fields. +// +// In addition, if the key is "-", the field is ignored. +// +// For example: +// +// type T struct { +// F int `yaml:"a,omitempty"` +// B int +// } +// yaml.Marshal(&T{B: 2}) // Returns "b: 2\n" +// yaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n" +// +func Marshal(in interface{}) (out []byte, err error) { + defer handleErr(&err) + e := newEncoder() + defer e.destroy() + e.marshalDoc("", reflect.ValueOf(in)) + e.finish() + out = e.out + return +} + +// An Encoder writes YAML values to an output stream. +type Encoder struct { + encoder *encoder +} + +// NewEncoder returns a new encoder that writes to w. +// The Encoder should be closed after use to flush all data +// to w. +func NewEncoder(w io.Writer) *Encoder { + return &Encoder{ + encoder: newEncoderWithWriter(w), + } +} + +// Encode writes the YAML encoding of v to the stream. +// If multiple items are encoded to the stream, the +// second and subsequent document will be preceded +// with a "---" document separator, but the first will not. +// +// See the documentation for Marshal for details about the conversion of Go +// values to YAML. +func (e *Encoder) Encode(v interface{}) (err error) { + defer handleErr(&err) + e.encoder.marshalDoc("", reflect.ValueOf(v)) + return nil +} + +// Close closes the encoder by writing any remaining data. +// It does not write a stream terminating string "...". +func (e *Encoder) Close() (err error) { + defer handleErr(&err) + e.encoder.finish() + return nil +} + +func handleErr(err *error) { + if v := recover(); v != nil { + if e, ok := v.(yamlError); ok { + *err = e.err + } else { + panic(v) + } + } +} + +type yamlError struct { + err error +} + +func fail(err error) { + panic(yamlError{err}) +} + +func failf(format string, args ...interface{}) { + panic(yamlError{fmt.Errorf("yaml: "+format, args...)}) +} + +// A TypeError is returned by Unmarshal when one or more fields in +// the YAML document cannot be properly decoded into the requested +// types. When this error is returned, the value is still +// unmarshaled partially. +type TypeError struct { + Errors []string +} + +func (e *TypeError) Error() string { + return fmt.Sprintf("yaml: unmarshal errors:\n %s", strings.Join(e.Errors, "\n ")) +} + +// -------------------------------------------------------------------------- +// Maintain a mapping of keys to structure field indexes + +// The code in this section was copied from mgo/bson. + +// structInfo holds details for the serialization of fields of +// a given struct. +type structInfo struct { + FieldsMap map[string]fieldInfo + FieldsList []fieldInfo + + // InlineMap is the number of the field in the struct that + // contains an ,inline map, or -1 if there's none. + InlineMap int +} + +type fieldInfo struct { + Key string + Num int + OmitEmpty bool + Flow bool + // Id holds the unique field identifier, so we can cheaply + // check for field duplicates without maintaining an extra map. + Id int + + // Inline holds the field index if the field is part of an inlined struct. + Inline []int +} + +var structMap = make(map[reflect.Type]*structInfo) +var fieldMapMutex sync.RWMutex + +func getStructInfo(st reflect.Type) (*structInfo, error) { + fieldMapMutex.RLock() + sinfo, found := structMap[st] + fieldMapMutex.RUnlock() + if found { + return sinfo, nil + } + + n := st.NumField() + fieldsMap := make(map[string]fieldInfo) + fieldsList := make([]fieldInfo, 0, n) + inlineMap := -1 + for i := 0; i != n; i++ { + field := st.Field(i) + if field.PkgPath != "" && !field.Anonymous { + continue // Private field + } + + info := fieldInfo{Num: i} + + tag := field.Tag.Get("yaml") + if tag == "" && strings.Index(string(field.Tag), ":") < 0 { + tag = string(field.Tag) + } + if tag == "-" { + continue + } + + inline := false + fields := strings.Split(tag, ",") + if len(fields) > 1 { + for _, flag := range fields[1:] { + switch flag { + case "omitempty": + info.OmitEmpty = true + case "flow": + info.Flow = true + case "inline": + inline = true + default: + return nil, errors.New(fmt.Sprintf("Unsupported flag %q in tag %q of type %s", flag, tag, st)) + } + } + tag = fields[0] + } + + if inline { + switch field.Type.Kind() { + case reflect.Map: + if inlineMap >= 0 { + return nil, errors.New("Multiple ,inline maps in struct " + st.String()) + } + if field.Type.Key() != reflect.TypeOf("") { + return nil, errors.New("Option ,inline needs a map with string keys in struct " + st.String()) + } + inlineMap = info.Num + case reflect.Struct: + sinfo, err := getStructInfo(field.Type) + if err != nil { + return nil, err + } + for _, finfo := range sinfo.FieldsList { + if _, found := fieldsMap[finfo.Key]; found { + msg := "Duplicated key '" + finfo.Key + "' in struct " + st.String() + return nil, errors.New(msg) + } + if finfo.Inline == nil { + finfo.Inline = []int{i, finfo.Num} + } else { + finfo.Inline = append([]int{i}, finfo.Inline...) + } + finfo.Id = len(fieldsList) + fieldsMap[finfo.Key] = finfo + fieldsList = append(fieldsList, finfo) + } + default: + //return nil, errors.New("Option ,inline needs a struct value or map field") + return nil, errors.New("Option ,inline needs a struct value field") + } + continue + } + + if tag != "" { + info.Key = tag + } else { + info.Key = strings.ToLower(field.Name) + } + + if _, found = fieldsMap[info.Key]; found { + msg := "Duplicated key '" + info.Key + "' in struct " + st.String() + return nil, errors.New(msg) + } + + info.Id = len(fieldsList) + fieldsList = append(fieldsList, info) + fieldsMap[info.Key] = info + } + + sinfo = &structInfo{ + FieldsMap: fieldsMap, + FieldsList: fieldsList, + InlineMap: inlineMap, + } + + fieldMapMutex.Lock() + structMap[st] = sinfo + fieldMapMutex.Unlock() + return sinfo, nil +} + +// IsZeroer is used to check whether an object is zero to +// determine whether it should be omitted when marshaling +// with the omitempty flag. One notable implementation +// is time.Time. +type IsZeroer interface { + IsZero() bool +} + +func isZero(v reflect.Value) bool { + kind := v.Kind() + if z, ok := v.Interface().(IsZeroer); ok { + if (kind == reflect.Ptr || kind == reflect.Interface) && v.IsNil() { + return true + } + return z.IsZero() + } + switch kind { + case reflect.String: + return len(v.String()) == 0 + case reflect.Interface, reflect.Ptr: + return v.IsNil() + case reflect.Slice: + return v.Len() == 0 + case reflect.Map: + return v.Len() == 0 + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return v.Int() == 0 + case reflect.Float32, reflect.Float64: + return v.Float() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return v.Uint() == 0 + case reflect.Bool: + return !v.Bool() + case reflect.Struct: + vt := v.Type() + for i := v.NumField() - 1; i >= 0; i-- { + if vt.Field(i).PkgPath != "" { + continue // Private field + } + if !isZero(v.Field(i)) { + return false + } + } + return true + } + return false +} diff --git a/vendor/gopkg.in/yaml.v2/yamlh.go b/vendor/gopkg.in/yaml.v2/yamlh.go new file mode 100644 index 00000000000..f6a9c8e34b1 --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/yamlh.go @@ -0,0 +1,739 @@ +package yaml + +import ( + "fmt" + "io" +) + +// The version directive data. +type yaml_version_directive_t struct { + major int8 // The major version number. + minor int8 // The minor version number. +} + +// The tag directive data. +type yaml_tag_directive_t struct { + handle []byte // The tag handle. + prefix []byte // The tag prefix. +} + +type yaml_encoding_t int + +// The stream encoding. +const ( + // Let the parser choose the encoding. + yaml_ANY_ENCODING yaml_encoding_t = iota + + yaml_UTF8_ENCODING // The default UTF-8 encoding. + yaml_UTF16LE_ENCODING // The UTF-16-LE encoding with BOM. + yaml_UTF16BE_ENCODING // The UTF-16-BE encoding with BOM. +) + +type yaml_break_t int + +// Line break types. +const ( + // Let the parser choose the break type. + yaml_ANY_BREAK yaml_break_t = iota + + yaml_CR_BREAK // Use CR for line breaks (Mac style). + yaml_LN_BREAK // Use LN for line breaks (Unix style). + yaml_CRLN_BREAK // Use CR LN for line breaks (DOS style). +) + +type yaml_error_type_t int + +// Many bad things could happen with the parser and emitter. +const ( + // No error is produced. + yaml_NO_ERROR yaml_error_type_t = iota + + yaml_MEMORY_ERROR // Cannot allocate or reallocate a block of memory. + yaml_READER_ERROR // Cannot read or decode the input stream. + yaml_SCANNER_ERROR // Cannot scan the input stream. + yaml_PARSER_ERROR // Cannot parse the input stream. + yaml_COMPOSER_ERROR // Cannot compose a YAML document. + yaml_WRITER_ERROR // Cannot write to the output stream. + yaml_EMITTER_ERROR // Cannot emit a YAML stream. +) + +// The pointer position. +type yaml_mark_t struct { + index int // The position index. + line int // The position line. + column int // The position column. +} + +// Node Styles + +type yaml_style_t int8 + +type yaml_scalar_style_t yaml_style_t + +// Scalar styles. +const ( + // Let the emitter choose the style. + yaml_ANY_SCALAR_STYLE yaml_scalar_style_t = iota + + yaml_PLAIN_SCALAR_STYLE // The plain scalar style. + yaml_SINGLE_QUOTED_SCALAR_STYLE // The single-quoted scalar style. + yaml_DOUBLE_QUOTED_SCALAR_STYLE // The double-quoted scalar style. + yaml_LITERAL_SCALAR_STYLE // The literal scalar style. + yaml_FOLDED_SCALAR_STYLE // The folded scalar style. +) + +type yaml_sequence_style_t yaml_style_t + +// Sequence styles. +const ( + // Let the emitter choose the style. + yaml_ANY_SEQUENCE_STYLE yaml_sequence_style_t = iota + + yaml_BLOCK_SEQUENCE_STYLE // The block sequence style. + yaml_FLOW_SEQUENCE_STYLE // The flow sequence style. +) + +type yaml_mapping_style_t yaml_style_t + +// Mapping styles. +const ( + // Let the emitter choose the style. + yaml_ANY_MAPPING_STYLE yaml_mapping_style_t = iota + + yaml_BLOCK_MAPPING_STYLE // The block mapping style. + yaml_FLOW_MAPPING_STYLE // The flow mapping style. +) + +// Tokens + +type yaml_token_type_t int + +// Token types. +const ( + // An empty token. + yaml_NO_TOKEN yaml_token_type_t = iota + + yaml_STREAM_START_TOKEN // A STREAM-START token. + yaml_STREAM_END_TOKEN // A STREAM-END token. + + yaml_VERSION_DIRECTIVE_TOKEN // A VERSION-DIRECTIVE token. + yaml_TAG_DIRECTIVE_TOKEN // A TAG-DIRECTIVE token. + yaml_DOCUMENT_START_TOKEN // A DOCUMENT-START token. + yaml_DOCUMENT_END_TOKEN // A DOCUMENT-END token. + + yaml_BLOCK_SEQUENCE_START_TOKEN // A BLOCK-SEQUENCE-START token. + yaml_BLOCK_MAPPING_START_TOKEN // A BLOCK-SEQUENCE-END token. + yaml_BLOCK_END_TOKEN // A BLOCK-END token. + + yaml_FLOW_SEQUENCE_START_TOKEN // A FLOW-SEQUENCE-START token. + yaml_FLOW_SEQUENCE_END_TOKEN // A FLOW-SEQUENCE-END token. + yaml_FLOW_MAPPING_START_TOKEN // A FLOW-MAPPING-START token. + yaml_FLOW_MAPPING_END_TOKEN // A FLOW-MAPPING-END token. + + yaml_BLOCK_ENTRY_TOKEN // A BLOCK-ENTRY token. + yaml_FLOW_ENTRY_TOKEN // A FLOW-ENTRY token. + yaml_KEY_TOKEN // A KEY token. + yaml_VALUE_TOKEN // A VALUE token. + + yaml_ALIAS_TOKEN // An ALIAS token. + yaml_ANCHOR_TOKEN // An ANCHOR token. + yaml_TAG_TOKEN // A TAG token. + yaml_SCALAR_TOKEN // A SCALAR token. +) + +func (tt yaml_token_type_t) String() string { + switch tt { + case yaml_NO_TOKEN: + return "yaml_NO_TOKEN" + case yaml_STREAM_START_TOKEN: + return "yaml_STREAM_START_TOKEN" + case yaml_STREAM_END_TOKEN: + return "yaml_STREAM_END_TOKEN" + case yaml_VERSION_DIRECTIVE_TOKEN: + return "yaml_VERSION_DIRECTIVE_TOKEN" + case yaml_TAG_DIRECTIVE_TOKEN: + return "yaml_TAG_DIRECTIVE_TOKEN" + case yaml_DOCUMENT_START_TOKEN: + return "yaml_DOCUMENT_START_TOKEN" + case yaml_DOCUMENT_END_TOKEN: + return "yaml_DOCUMENT_END_TOKEN" + case yaml_BLOCK_SEQUENCE_START_TOKEN: + return "yaml_BLOCK_SEQUENCE_START_TOKEN" + case yaml_BLOCK_MAPPING_START_TOKEN: + return "yaml_BLOCK_MAPPING_START_TOKEN" + case yaml_BLOCK_END_TOKEN: + return "yaml_BLOCK_END_TOKEN" + case yaml_FLOW_SEQUENCE_START_TOKEN: + return "yaml_FLOW_SEQUENCE_START_TOKEN" + case yaml_FLOW_SEQUENCE_END_TOKEN: + return "yaml_FLOW_SEQUENCE_END_TOKEN" + case yaml_FLOW_MAPPING_START_TOKEN: + return "yaml_FLOW_MAPPING_START_TOKEN" + case yaml_FLOW_MAPPING_END_TOKEN: + return "yaml_FLOW_MAPPING_END_TOKEN" + case yaml_BLOCK_ENTRY_TOKEN: + return "yaml_BLOCK_ENTRY_TOKEN" + case yaml_FLOW_ENTRY_TOKEN: + return "yaml_FLOW_ENTRY_TOKEN" + case yaml_KEY_TOKEN: + return "yaml_KEY_TOKEN" + case yaml_VALUE_TOKEN: + return "yaml_VALUE_TOKEN" + case yaml_ALIAS_TOKEN: + return "yaml_ALIAS_TOKEN" + case yaml_ANCHOR_TOKEN: + return "yaml_ANCHOR_TOKEN" + case yaml_TAG_TOKEN: + return "yaml_TAG_TOKEN" + case yaml_SCALAR_TOKEN: + return "yaml_SCALAR_TOKEN" + } + return "" +} + +// The token structure. +type yaml_token_t struct { + // The token type. + typ yaml_token_type_t + + // The start/end of the token. + start_mark, end_mark yaml_mark_t + + // The stream encoding (for yaml_STREAM_START_TOKEN). + encoding yaml_encoding_t + + // The alias/anchor/scalar value or tag/tag directive handle + // (for yaml_ALIAS_TOKEN, yaml_ANCHOR_TOKEN, yaml_SCALAR_TOKEN, yaml_TAG_TOKEN, yaml_TAG_DIRECTIVE_TOKEN). + value []byte + + // The tag suffix (for yaml_TAG_TOKEN). + suffix []byte + + // The tag directive prefix (for yaml_TAG_DIRECTIVE_TOKEN). + prefix []byte + + // The scalar style (for yaml_SCALAR_TOKEN). + style yaml_scalar_style_t + + // The version directive major/minor (for yaml_VERSION_DIRECTIVE_TOKEN). + major, minor int8 +} + +// Events + +type yaml_event_type_t int8 + +// Event types. +const ( + // An empty event. + yaml_NO_EVENT yaml_event_type_t = iota + + yaml_STREAM_START_EVENT // A STREAM-START event. + yaml_STREAM_END_EVENT // A STREAM-END event. + yaml_DOCUMENT_START_EVENT // A DOCUMENT-START event. + yaml_DOCUMENT_END_EVENT // A DOCUMENT-END event. + yaml_ALIAS_EVENT // An ALIAS event. + yaml_SCALAR_EVENT // A SCALAR event. + yaml_SEQUENCE_START_EVENT // A SEQUENCE-START event. + yaml_SEQUENCE_END_EVENT // A SEQUENCE-END event. + yaml_MAPPING_START_EVENT // A MAPPING-START event. + yaml_MAPPING_END_EVENT // A MAPPING-END event. +) + +var eventStrings = []string{ + yaml_NO_EVENT: "none", + yaml_STREAM_START_EVENT: "stream start", + yaml_STREAM_END_EVENT: "stream end", + yaml_DOCUMENT_START_EVENT: "document start", + yaml_DOCUMENT_END_EVENT: "document end", + yaml_ALIAS_EVENT: "alias", + yaml_SCALAR_EVENT: "scalar", + yaml_SEQUENCE_START_EVENT: "sequence start", + yaml_SEQUENCE_END_EVENT: "sequence end", + yaml_MAPPING_START_EVENT: "mapping start", + yaml_MAPPING_END_EVENT: "mapping end", +} + +func (e yaml_event_type_t) String() string { + if e < 0 || int(e) >= len(eventStrings) { + return fmt.Sprintf("unknown event %d", e) + } + return eventStrings[e] +} + +// The event structure. +type yaml_event_t struct { + + // The event type. + typ yaml_event_type_t + + // The start and end of the event. + start_mark, end_mark yaml_mark_t + + // The document encoding (for yaml_STREAM_START_EVENT). + encoding yaml_encoding_t + + // The version directive (for yaml_DOCUMENT_START_EVENT). + version_directive *yaml_version_directive_t + + // The list of tag directives (for yaml_DOCUMENT_START_EVENT). + tag_directives []yaml_tag_directive_t + + // The anchor (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_ALIAS_EVENT). + anchor []byte + + // The tag (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT). + tag []byte + + // The scalar value (for yaml_SCALAR_EVENT). + value []byte + + // Is the document start/end indicator implicit, or the tag optional? + // (for yaml_DOCUMENT_START_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_SCALAR_EVENT). + implicit bool + + // Is the tag optional for any non-plain style? (for yaml_SCALAR_EVENT). + quoted_implicit bool + + // The style (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT). + style yaml_style_t +} + +func (e *yaml_event_t) scalar_style() yaml_scalar_style_t { return yaml_scalar_style_t(e.style) } +func (e *yaml_event_t) sequence_style() yaml_sequence_style_t { return yaml_sequence_style_t(e.style) } +func (e *yaml_event_t) mapping_style() yaml_mapping_style_t { return yaml_mapping_style_t(e.style) } + +// Nodes + +const ( + yaml_NULL_TAG = "tag:yaml.org,2002:null" // The tag !!null with the only possible value: null. + yaml_BOOL_TAG = "tag:yaml.org,2002:bool" // The tag !!bool with the values: true and false. + yaml_STR_TAG = "tag:yaml.org,2002:str" // The tag !!str for string values. + yaml_INT_TAG = "tag:yaml.org,2002:int" // The tag !!int for integer values. + yaml_FLOAT_TAG = "tag:yaml.org,2002:float" // The tag !!float for float values. + yaml_TIMESTAMP_TAG = "tag:yaml.org,2002:timestamp" // The tag !!timestamp for date and time values. + + yaml_SEQ_TAG = "tag:yaml.org,2002:seq" // The tag !!seq is used to denote sequences. + yaml_MAP_TAG = "tag:yaml.org,2002:map" // The tag !!map is used to denote mapping. + + // Not in original libyaml. + yaml_BINARY_TAG = "tag:yaml.org,2002:binary" + yaml_MERGE_TAG = "tag:yaml.org,2002:merge" + + yaml_DEFAULT_SCALAR_TAG = yaml_STR_TAG // The default scalar tag is !!str. + yaml_DEFAULT_SEQUENCE_TAG = yaml_SEQ_TAG // The default sequence tag is !!seq. + yaml_DEFAULT_MAPPING_TAG = yaml_MAP_TAG // The default mapping tag is !!map. +) + +type yaml_node_type_t int + +// Node types. +const ( + // An empty node. + yaml_NO_NODE yaml_node_type_t = iota + + yaml_SCALAR_NODE // A scalar node. + yaml_SEQUENCE_NODE // A sequence node. + yaml_MAPPING_NODE // A mapping node. +) + +// An element of a sequence node. +type yaml_node_item_t int + +// An element of a mapping node. +type yaml_node_pair_t struct { + key int // The key of the element. + value int // The value of the element. +} + +// The node structure. +type yaml_node_t struct { + typ yaml_node_type_t // The node type. + tag []byte // The node tag. + + // The node data. + + // The scalar parameters (for yaml_SCALAR_NODE). + scalar struct { + value []byte // The scalar value. + length int // The length of the scalar value. + style yaml_scalar_style_t // The scalar style. + } + + // The sequence parameters (for YAML_SEQUENCE_NODE). + sequence struct { + items_data []yaml_node_item_t // The stack of sequence items. + style yaml_sequence_style_t // The sequence style. + } + + // The mapping parameters (for yaml_MAPPING_NODE). + mapping struct { + pairs_data []yaml_node_pair_t // The stack of mapping pairs (key, value). + pairs_start *yaml_node_pair_t // The beginning of the stack. + pairs_end *yaml_node_pair_t // The end of the stack. + pairs_top *yaml_node_pair_t // The top of the stack. + style yaml_mapping_style_t // The mapping style. + } + + start_mark yaml_mark_t // The beginning of the node. + end_mark yaml_mark_t // The end of the node. + +} + +// The document structure. +type yaml_document_t struct { + + // The document nodes. + nodes []yaml_node_t + + // The version directive. + version_directive *yaml_version_directive_t + + // The list of tag directives. + tag_directives_data []yaml_tag_directive_t + tag_directives_start int // The beginning of the tag directives list. + tag_directives_end int // The end of the tag directives list. + + start_implicit int // Is the document start indicator implicit? + end_implicit int // Is the document end indicator implicit? + + // The start/end of the document. + start_mark, end_mark yaml_mark_t +} + +// The prototype of a read handler. +// +// The read handler is called when the parser needs to read more bytes from the +// source. The handler should write not more than size bytes to the buffer. +// The number of written bytes should be set to the size_read variable. +// +// [in,out] data A pointer to an application data specified by +// yaml_parser_set_input(). +// [out] buffer The buffer to write the data from the source. +// [in] size The size of the buffer. +// [out] size_read The actual number of bytes read from the source. +// +// On success, the handler should return 1. If the handler failed, +// the returned value should be 0. On EOF, the handler should set the +// size_read to 0 and return 1. +type yaml_read_handler_t func(parser *yaml_parser_t, buffer []byte) (n int, err error) + +// This structure holds information about a potential simple key. +type yaml_simple_key_t struct { + possible bool // Is a simple key possible? + required bool // Is a simple key required? + token_number int // The number of the token. + mark yaml_mark_t // The position mark. +} + +// The states of the parser. +type yaml_parser_state_t int + +const ( + yaml_PARSE_STREAM_START_STATE yaml_parser_state_t = iota + + yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE // Expect the beginning of an implicit document. + yaml_PARSE_DOCUMENT_START_STATE // Expect DOCUMENT-START. + yaml_PARSE_DOCUMENT_CONTENT_STATE // Expect the content of a document. + yaml_PARSE_DOCUMENT_END_STATE // Expect DOCUMENT-END. + yaml_PARSE_BLOCK_NODE_STATE // Expect a block node. + yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE // Expect a block node or indentless sequence. + yaml_PARSE_FLOW_NODE_STATE // Expect a flow node. + yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE // Expect the first entry of a block sequence. + yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE // Expect an entry of a block sequence. + yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE // Expect an entry of an indentless sequence. + yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE // Expect the first key of a block mapping. + yaml_PARSE_BLOCK_MAPPING_KEY_STATE // Expect a block mapping key. + yaml_PARSE_BLOCK_MAPPING_VALUE_STATE // Expect a block mapping value. + yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE // Expect the first entry of a flow sequence. + yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE // Expect an entry of a flow sequence. + yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE // Expect a key of an ordered mapping. + yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE // Expect a value of an ordered mapping. + yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE // Expect the and of an ordered mapping entry. + yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE // Expect the first key of a flow mapping. + yaml_PARSE_FLOW_MAPPING_KEY_STATE // Expect a key of a flow mapping. + yaml_PARSE_FLOW_MAPPING_VALUE_STATE // Expect a value of a flow mapping. + yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE // Expect an empty value of a flow mapping. + yaml_PARSE_END_STATE // Expect nothing. +) + +func (ps yaml_parser_state_t) String() string { + switch ps { + case yaml_PARSE_STREAM_START_STATE: + return "yaml_PARSE_STREAM_START_STATE" + case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE: + return "yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE" + case yaml_PARSE_DOCUMENT_START_STATE: + return "yaml_PARSE_DOCUMENT_START_STATE" + case yaml_PARSE_DOCUMENT_CONTENT_STATE: + return "yaml_PARSE_DOCUMENT_CONTENT_STATE" + case yaml_PARSE_DOCUMENT_END_STATE: + return "yaml_PARSE_DOCUMENT_END_STATE" + case yaml_PARSE_BLOCK_NODE_STATE: + return "yaml_PARSE_BLOCK_NODE_STATE" + case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE: + return "yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE" + case yaml_PARSE_FLOW_NODE_STATE: + return "yaml_PARSE_FLOW_NODE_STATE" + case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE: + return "yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE" + case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE: + return "yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE" + case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE: + return "yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE" + case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE: + return "yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE" + case yaml_PARSE_BLOCK_MAPPING_KEY_STATE: + return "yaml_PARSE_BLOCK_MAPPING_KEY_STATE" + case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE: + return "yaml_PARSE_BLOCK_MAPPING_VALUE_STATE" + case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE: + return "yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE" + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE: + return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE" + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE: + return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE" + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE: + return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE" + case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE: + return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE" + case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE: + return "yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE" + case yaml_PARSE_FLOW_MAPPING_KEY_STATE: + return "yaml_PARSE_FLOW_MAPPING_KEY_STATE" + case yaml_PARSE_FLOW_MAPPING_VALUE_STATE: + return "yaml_PARSE_FLOW_MAPPING_VALUE_STATE" + case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE: + return "yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE" + case yaml_PARSE_END_STATE: + return "yaml_PARSE_END_STATE" + } + return "" +} + +// This structure holds aliases data. +type yaml_alias_data_t struct { + anchor []byte // The anchor. + index int // The node id. + mark yaml_mark_t // The anchor mark. +} + +// The parser structure. +// +// All members are internal. Manage the structure using the +// yaml_parser_ family of functions. +type yaml_parser_t struct { + + // Error handling + + error yaml_error_type_t // Error type. + + problem string // Error description. + + // The byte about which the problem occurred. + problem_offset int + problem_value int + problem_mark yaml_mark_t + + // The error context. + context string + context_mark yaml_mark_t + + // Reader stuff + + read_handler yaml_read_handler_t // Read handler. + + input_reader io.Reader // File input data. + input []byte // String input data. + input_pos int + + eof bool // EOF flag + + buffer []byte // The working buffer. + buffer_pos int // The current position of the buffer. + + unread int // The number of unread characters in the buffer. + + raw_buffer []byte // The raw buffer. + raw_buffer_pos int // The current position of the buffer. + + encoding yaml_encoding_t // The input encoding. + + offset int // The offset of the current position (in bytes). + mark yaml_mark_t // The mark of the current position. + + // Scanner stuff + + stream_start_produced bool // Have we started to scan the input stream? + stream_end_produced bool // Have we reached the end of the input stream? + + flow_level int // The number of unclosed '[' and '{' indicators. + + tokens []yaml_token_t // The tokens queue. + tokens_head int // The head of the tokens queue. + tokens_parsed int // The number of tokens fetched from the queue. + token_available bool // Does the tokens queue contain a token ready for dequeueing. + + indent int // The current indentation level. + indents []int // The indentation levels stack. + + simple_key_allowed bool // May a simple key occur at the current position? + simple_keys []yaml_simple_key_t // The stack of simple keys. + simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number + + // Parser stuff + + state yaml_parser_state_t // The current parser state. + states []yaml_parser_state_t // The parser states stack. + marks []yaml_mark_t // The stack of marks. + tag_directives []yaml_tag_directive_t // The list of TAG directives. + + // Dumper stuff + + aliases []yaml_alias_data_t // The alias data. + + document *yaml_document_t // The currently parsed document. +} + +// Emitter Definitions + +// The prototype of a write handler. +// +// The write handler is called when the emitter needs to flush the accumulated +// characters to the output. The handler should write @a size bytes of the +// @a buffer to the output. +// +// @param[in,out] data A pointer to an application data specified by +// yaml_emitter_set_output(). +// @param[in] buffer The buffer with bytes to be written. +// @param[in] size The size of the buffer. +// +// @returns On success, the handler should return @c 1. If the handler failed, +// the returned value should be @c 0. +// +type yaml_write_handler_t func(emitter *yaml_emitter_t, buffer []byte) error + +type yaml_emitter_state_t int + +// The emitter states. +const ( + // Expect STREAM-START. + yaml_EMIT_STREAM_START_STATE yaml_emitter_state_t = iota + + yaml_EMIT_FIRST_DOCUMENT_START_STATE // Expect the first DOCUMENT-START or STREAM-END. + yaml_EMIT_DOCUMENT_START_STATE // Expect DOCUMENT-START or STREAM-END. + yaml_EMIT_DOCUMENT_CONTENT_STATE // Expect the content of a document. + yaml_EMIT_DOCUMENT_END_STATE // Expect DOCUMENT-END. + yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE // Expect the first item of a flow sequence. + yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE // Expect an item of a flow sequence. + yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE // Expect the first key of a flow mapping. + yaml_EMIT_FLOW_MAPPING_KEY_STATE // Expect a key of a flow mapping. + yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a flow mapping. + yaml_EMIT_FLOW_MAPPING_VALUE_STATE // Expect a value of a flow mapping. + yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE // Expect the first item of a block sequence. + yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE // Expect an item of a block sequence. + yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE // Expect the first key of a block mapping. + yaml_EMIT_BLOCK_MAPPING_KEY_STATE // Expect the key of a block mapping. + yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a block mapping. + yaml_EMIT_BLOCK_MAPPING_VALUE_STATE // Expect a value of a block mapping. + yaml_EMIT_END_STATE // Expect nothing. +) + +// The emitter structure. +// +// All members are internal. Manage the structure using the @c yaml_emitter_ +// family of functions. +type yaml_emitter_t struct { + + // Error handling + + error yaml_error_type_t // Error type. + problem string // Error description. + + // Writer stuff + + write_handler yaml_write_handler_t // Write handler. + + output_buffer *[]byte // String output data. + output_writer io.Writer // File output data. + + buffer []byte // The working buffer. + buffer_pos int // The current position of the buffer. + + raw_buffer []byte // The raw buffer. + raw_buffer_pos int // The current position of the buffer. + + encoding yaml_encoding_t // The stream encoding. + + // Emitter stuff + + canonical bool // If the output is in the canonical style? + best_indent int // The number of indentation spaces. + best_width int // The preferred width of the output lines. + unicode bool // Allow unescaped non-ASCII characters? + line_break yaml_break_t // The preferred line break. + + state yaml_emitter_state_t // The current emitter state. + states []yaml_emitter_state_t // The stack of states. + + events []yaml_event_t // The event queue. + events_head int // The head of the event queue. + + indents []int // The stack of indentation levels. + + tag_directives []yaml_tag_directive_t // The list of tag directives. + + indent int // The current indentation level. + + flow_level int // The current flow level. + + root_context bool // Is it the document root context? + sequence_context bool // Is it a sequence context? + mapping_context bool // Is it a mapping context? + simple_key_context bool // Is it a simple mapping key context? + + line int // The current line. + column int // The current column. + whitespace bool // If the last character was a whitespace? + indention bool // If the last character was an indentation character (' ', '-', '?', ':')? + open_ended bool // If an explicit document end is required? + + // Anchor analysis. + anchor_data struct { + anchor []byte // The anchor value. + alias bool // Is it an alias? + } + + // Tag analysis. + tag_data struct { + handle []byte // The tag handle. + suffix []byte // The tag suffix. + } + + // Scalar analysis. + scalar_data struct { + value []byte // The scalar value. + multiline bool // Does the scalar contain line breaks? + flow_plain_allowed bool // Can the scalar be expessed in the flow plain style? + block_plain_allowed bool // Can the scalar be expressed in the block plain style? + single_quoted_allowed bool // Can the scalar be expressed in the single quoted style? + block_allowed bool // Can the scalar be expressed in the literal or folded styles? + style yaml_scalar_style_t // The output style. + } + + // Dumper stuff + + opened bool // If the stream was already opened? + closed bool // If the stream was already closed? + + // The information associated with the document nodes. + anchors *struct { + references int // The number of references. + anchor int // The anchor id. + serialized bool // If the node has been emitted? + } + + last_anchor_id int // The last assigned anchor id. + + document *yaml_document_t // The currently emitted document. +} diff --git a/vendor/gopkg.in/yaml.v2/yamlprivateh.go b/vendor/gopkg.in/yaml.v2/yamlprivateh.go new file mode 100644 index 00000000000..8110ce3c37a --- /dev/null +++ b/vendor/gopkg.in/yaml.v2/yamlprivateh.go @@ -0,0 +1,173 @@ +package yaml + +const ( + // The size of the input raw buffer. + input_raw_buffer_size = 512 + + // The size of the input buffer. + // It should be possible to decode the whole raw buffer. + input_buffer_size = input_raw_buffer_size * 3 + + // The size of the output buffer. + output_buffer_size = 128 + + // The size of the output raw buffer. + // It should be possible to encode the whole output buffer. + output_raw_buffer_size = (output_buffer_size*2 + 2) + + // The size of other stacks and queues. + initial_stack_size = 16 + initial_queue_size = 16 + initial_string_size = 16 +) + +// Check if the character at the specified position is an alphabetical +// character, a digit, '_', or '-'. +func is_alpha(b []byte, i int) bool { + return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'Z' || b[i] >= 'a' && b[i] <= 'z' || b[i] == '_' || b[i] == '-' +} + +// Check if the character at the specified position is a digit. +func is_digit(b []byte, i int) bool { + return b[i] >= '0' && b[i] <= '9' +} + +// Get the value of a digit. +func as_digit(b []byte, i int) int { + return int(b[i]) - '0' +} + +// Check if the character at the specified position is a hex-digit. +func is_hex(b []byte, i int) bool { + return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'F' || b[i] >= 'a' && b[i] <= 'f' +} + +// Get the value of a hex-digit. +func as_hex(b []byte, i int) int { + bi := b[i] + if bi >= 'A' && bi <= 'F' { + return int(bi) - 'A' + 10 + } + if bi >= 'a' && bi <= 'f' { + return int(bi) - 'a' + 10 + } + return int(bi) - '0' +} + +// Check if the character is ASCII. +func is_ascii(b []byte, i int) bool { + return b[i] <= 0x7F +} + +// Check if the character at the start of the buffer can be printed unescaped. +func is_printable(b []byte, i int) bool { + return ((b[i] == 0x0A) || // . == #x0A + (b[i] >= 0x20 && b[i] <= 0x7E) || // #x20 <= . <= #x7E + (b[i] == 0xC2 && b[i+1] >= 0xA0) || // #0xA0 <= . <= #xD7FF + (b[i] > 0xC2 && b[i] < 0xED) || + (b[i] == 0xED && b[i+1] < 0xA0) || + (b[i] == 0xEE) || + (b[i] == 0xEF && // #xE000 <= . <= #xFFFD + !(b[i+1] == 0xBB && b[i+2] == 0xBF) && // && . != #xFEFF + !(b[i+1] == 0xBF && (b[i+2] == 0xBE || b[i+2] == 0xBF)))) +} + +// Check if the character at the specified position is NUL. +func is_z(b []byte, i int) bool { + return b[i] == 0x00 +} + +// Check if the beginning of the buffer is a BOM. +func is_bom(b []byte, i int) bool { + return b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF +} + +// Check if the character at the specified position is space. +func is_space(b []byte, i int) bool { + return b[i] == ' ' +} + +// Check if the character at the specified position is tab. +func is_tab(b []byte, i int) bool { + return b[i] == '\t' +} + +// Check if the character at the specified position is blank (space or tab). +func is_blank(b []byte, i int) bool { + //return is_space(b, i) || is_tab(b, i) + return b[i] == ' ' || b[i] == '\t' +} + +// Check if the character at the specified position is a line break. +func is_break(b []byte, i int) bool { + return (b[i] == '\r' || // CR (#xD) + b[i] == '\n' || // LF (#xA) + b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9) // PS (#x2029) +} + +func is_crlf(b []byte, i int) bool { + return b[i] == '\r' && b[i+1] == '\n' +} + +// Check if the character is a line break or NUL. +func is_breakz(b []byte, i int) bool { + //return is_break(b, i) || is_z(b, i) + return ( // is_break: + b[i] == '\r' || // CR (#xD) + b[i] == '\n' || // LF (#xA) + b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) + // is_z: + b[i] == 0) +} + +// Check if the character is a line break, space, or NUL. +func is_spacez(b []byte, i int) bool { + //return is_space(b, i) || is_breakz(b, i) + return ( // is_space: + b[i] == ' ' || + // is_breakz: + b[i] == '\r' || // CR (#xD) + b[i] == '\n' || // LF (#xA) + b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) + b[i] == 0) +} + +// Check if the character is a line break, space, tab, or NUL. +func is_blankz(b []byte, i int) bool { + //return is_blank(b, i) || is_breakz(b, i) + return ( // is_blank: + b[i] == ' ' || b[i] == '\t' || + // is_breakz: + b[i] == '\r' || // CR (#xD) + b[i] == '\n' || // LF (#xA) + b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) + b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) + b[i] == 0) +} + +// Determine the width of the character. +func width(b byte) int { + // Don't replace these by a switch without first + // confirming that it is being inlined. + if b&0x80 == 0x00 { + return 1 + } + if b&0xE0 == 0xC0 { + return 2 + } + if b&0xF0 == 0xE0 { + return 3 + } + if b&0xF8 == 0xF0 { + return 4 + } + return 0 + +} diff --git a/vendor/modules.txt b/vendor/modules.txt new file mode 100644 index 00000000000..c26047188b0 --- /dev/null +++ b/vendor/modules.txt @@ -0,0 +1,15 @@ +# github.com/blang/semver v3.5.1+incompatible +github.com/blang/semver +# github.com/elastic/go-ucfg v0.8.4-0.20200415140258-1232bd4774a6 +github.com/elastic/go-ucfg +github.com/elastic/go-ucfg/parse +github.com/elastic/go-ucfg/yaml +# github.com/elastic/package-registry v0.2.1-0.20200505085109-20f433bd57ec +github.com/elastic/package-registry/util +# github.com/magefile/mage v1.9.0 +github.com/magefile/mage/mg +github.com/magefile/mage/sh +# github.com/pkg/errors v0.9.1 +github.com/pkg/errors +# gopkg.in/yaml.v2 v2.2.8 +gopkg.in/yaml.v2