diff --git a/packages/arista_ngfw/changelog.yml b/packages/arista_ngfw/changelog.yml index 6937b58e109d..0387506dd0bc 100755 --- a/packages/arista_ngfw/changelog.yml +++ b/packages/arista_ngfw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.0" + changes: + - description: Add dashboards to integration + type: enhancement + link: https://github.com/elastic/integrations/pull/6954 - version: 0.9.0 changes: - description: ECS version updated to 8.11.0. diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-090e6d40-1dc4-11ee-b346-5b9e0073e798.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-090e6d40-1dc4-11ee-b346-5b9e0073e798.json new file mode 100755 index 000000000000..f4de6981ff65 --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-090e6d40-1dc4-11ee-b346-5b9e0073e798.json @@ -0,0 +1,1500 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "id": "dc4434d9-3a31-4df7-b875-b726f49a102c", + "index_pattern_ref_name": "metrics_20d48459-770b-4cde-8ede-72b084ea1772_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Session Stats", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e2da5a78-2bd6-49ff-8240-091ebc45248e", + "line_width": 1, + "metrics": [ + { + "id": "a439a889-439a-4525-8eb1-23ff8739fdd9", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "20d48459-770b-4cde-8ede-72b084ea1772", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "20d48459-770b-4cde-8ede-72b084ea1772", + "type": "visualization", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "13262519-30cf-49ea-a20e-e68cd2ed1a44", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "13262519-30cf-49ea-a20e-e68cd2ed1a44", + "panelRefName": "panel_13262519-30cf-49ea-a20e-e68cd2ed1a44", + "type": "visualization", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "849c92e9-e717-45dc-88e0-2a79c97a3c45", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0bc18d47-c998-4416-b28e-3d4aa6f10a3a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "17697112-4022-42c3-b0b9-0d825b94b360": { + "columnOrder": [ + "d96448a6-a204-4654-9781-02ab8b54b006" + ], + "columns": { + "d96448a6-a204-4654-9781-02ab8b54b006": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Network Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": false, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "849c92e9-e717-45dc-88e0-2a79c97a3c45", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "0bc18d47-c998-4416-b28e-3d4aa6f10a3a", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "d96448a6-a204-4654-9781-02ab8b54b006", + "layerId": "17697112-4022-42c3-b0b9-0d825b94b360", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "07dd66c3-cfbf-450e-835d-a2d1d15560b3", + "w": 9, + "x": 0, + "y": 8 + }, + "panelIndex": "07dd66c3-cfbf-450e-835d-a2d1d15560b3", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e2cef2bf-4e08-4478-bd21-b8910160f1da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a52f24ad-33f5-469d-a823-5892a03a1594", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "17697112-4022-42c3-b0b9-0d825b94b360": { + "columnOrder": [ + "d96448a6-a204-4654-9781-02ab8b54b006" + ], + "columns": { + "d96448a6-a204-4654-9781-02ab8b54b006": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source IP Addresses", + "operationType": "unique_count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "e2cef2bf-4e08-4478-bd21-b8910160f1da", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "a52f24ad-33f5-469d-a823-5892a03a1594", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "d96448a6-a204-4654-9781-02ab8b54b006", + "layerId": "17697112-4022-42c3-b0b9-0d825b94b360", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "ff518a08-7f9c-439b-92e1-488179e73e27", + "w": 9, + "x": 9, + "y": 8 + }, + "panelIndex": "ff518a08-7f9c-439b-92e1-488179e73e27", + "title": "", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-02bfb9a7-a251-4db6-9dcc-eb9f921b17d5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01a7c08d-a971-44de-85ca-694539d55351", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "64d05723-a8ae-4658-9d37-11231fa0cddb", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "02bfb9a7-a251-4db6-9dcc-eb9f921b17d5": { + "columnOrder": [ + "81024927-fbb8-4a6d-bf7f-0e7dc615f5fc", + "4f50aab4-4d49-4b40-962e-54a3e928383b" + ], + "columns": { + "4f50aab4-4d49-4b40-962e-54a3e928383b": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "network.bytes: *" + }, + "isBucketed": false, + "label": "Network Bytes", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + }, + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "network.bytes" + }, + "81024927-fbb8-4a6d-bf7f-0e7dc615f5fc": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "01a7c08d-a971-44de-85ca-694539d55351", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "64d05723-a8ae-4658-9d37-11231fa0cddb", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fillOpacity": 1, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "4f50aab4-4d49-4b40-962e-54a3e928383b" + ], + "layerId": "02bfb9a7-a251-4db6-9dcc-eb9f921b17d5", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "xAccessor": "81024927-fbb8-4a6d-bf7f-0e7dc615f5fc", + "yConfig": [ + { + "axisMode": "left", + "color": "#54b399", + "forAccessor": "4f50aab4-4d49-4b40-962e-54a3e928383b" + } + ] + } + ], + "legend": { + "isVisible": false, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "showSingleSeries": false + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yRightExtent": { + "mode": "full" + }, + "yRightScale": "linear" + } + }, + "title": "Session Transfer Rates Over Time (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "e13dda86-df4f-4f15-842c-dc5c757c36f5", + "w": 30, + "x": 18, + "y": 8 + }, + "panelIndex": "e13dda86-df4f-4f15-842c-dc5c757c36f5", + "title": "Bytes Transferred Over Time", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9e38f9db-7af9-40ec-b6e9-9932306bd70d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "75685a95-34a6-42c6-8de9-b1f3357815c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9cbffd8-0315-490a-be5b-81dbde235c32", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "9e38f9db-7af9-40ec-b6e9-9932306bd70d": { + "columnOrder": [ + "3e8455ec-c26c-4317-a1a0-71a17480e7b4" + ], + "columns": { + "3e8455ec-c26c-4317-a1a0-71a17480e7b4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Sessions", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "event.id" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "75685a95-34a6-42c6-8de9-b1f3357815c0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "c9cbffd8-0315-490a-be5b-81dbde235c32", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "3e8455ec-c26c-4317-a1a0-71a17480e7b4", + "layerId": "9e38f9db-7af9-40ec-b6e9-9932306bd70d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "6d7ec786-8684-41e7-bee4-fcb34344e506", + "w": 9, + "x": 0, + "y": 16 + }, + "panelIndex": "6d7ec786-8684-41e7-bee4-fcb34344e506", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d7570988-8159-41a0-ae31-21fe5e75f78e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "419cec79-b582-431d-93a8-6a659fa8bb01", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "17697112-4022-42c3-b0b9-0d825b94b360": { + "columnOrder": [ + "d96448a6-a204-4654-9781-02ab8b54b006" + ], + "columns": { + "d96448a6-a204-4654-9781-02ab8b54b006": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination IP Addresses", + "operationType": "unique_count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "d7570988-8159-41a0-ae31-21fe5e75f78e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "419cec79-b582-431d-93a8-6a659fa8bb01", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "d96448a6-a204-4654-9781-02ab8b54b006", + "layerId": "17697112-4022-42c3-b0b9-0d825b94b360", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "fc886fe0-c926-430c-b91d-2d5dde9f4ccf", + "w": 9, + "x": 9, + "y": 16 + }, + "panelIndex": "fc886fe0-c926-430c-b91d-2d5dde9f4ccf", + "title": "", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "238fbd5c-0f25-47e8-b505-a324f85abb88", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "867afe8c-8677-4055-9aa3-db86e0f1ce84", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "b14288d9-dfdf-4497-beca-3eeb4f36f34f": { + "columnOrder": [ + "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f", + "3dad14ca-3b80-4d0d-a983-2ede1f5e5867" + ], + "columns": { + "3dad14ca-3b80-4d0d-a983-2ede1f5e5867": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Source Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "source.bytes" + }, + "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "3dad14ca-3b80-4d0d-a983-2ede1f5e5867", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "238fbd5c-0f25-47e8-b505-a324f85abb88", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "867afe8c-8677-4055-9aa3-db86e0f1ce84", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f", + "isTransposed": false + }, + { + "columnId": "3dad14ca-3b80-4d0d-a983-2ede1f5e5867", + "isTransposed": false + } + ], + "layerId": "b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 24, + "i": "86e18a08-a067-481c-a16c-af7ae7d17eec", + "w": 11, + "x": 0, + "y": 24 + }, + "panelIndex": "86e18a08-a067-481c-a16c-af7ae7d17eec", + "title": "Top 500 Source IP's by Bytes Transferred", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "080c0120-8f76-413e-8b55-858d5b6bd92d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec867263-bba7-45bf-a627-0303111d34b4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "b14288d9-dfdf-4497-beca-3eeb4f36f34f": { + "columnOrder": [ + "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f", + "3dad14ca-3b80-4d0d-a983-2ede1f5e5867" + ], + "columns": { + "3dad14ca-3b80-4d0d-a983-2ede1f5e5867": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Destination Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "destination.bytes" + }, + "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "3dad14ca-3b80-4d0d-a983-2ede1f5e5867", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 500 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "080c0120-8f76-413e-8b55-858d5b6bd92d", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "ec867263-bba7-45bf-a627-0303111d34b4", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "9ff47ef0-cef4-46d8-8e04-eb10a1da1e2f", + "isTransposed": false + }, + { + "columnId": "3dad14ca-3b80-4d0d-a983-2ede1f5e5867", + "isTransposed": false + } + ], + "layerId": "b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 24, + "i": "5b9db7a3-da2a-4bbf-b828-26c28337a81c", + "w": 11, + "x": 11, + "y": 24 + }, + "panelIndex": "5b9db7a3-da2a-4bbf-b828-26c28337a81c", + "title": "Top 500 Destination IP's by Bytes Transferred", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "rowsPerPage": 10 + }, + "gridData": { + "h": 40, + "i": "7355a77d-85cd-41ed-b1da-f238a3ea84bd", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "7355a77d-85cd-41ed-b1da-f238a3ea84bd", + "panelRefName": "panel_7355a77d-85cd-41ed-b1da-f238a3ea84bd", + "type": "search", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "layerListJSON": "[{\"locale\":\"autoselect\",\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6d75d136-032b-4d3c-b7c0-d9e6e555abdb\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"EMS_VECTOR_TILE\",\"color\":\"\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"id\":\"f7b967b2-16b2-4bfd-8055-56582c71af20\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":10,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"id\":\"ec7dec9b-853f-400a-8a7b-047da8221fd0\",\"label\":\"Connecting Lines\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.25,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"scalingType\":\"CLUSTERS\",\"id\":\"06b8ea49-eed3-4a87-b80e-3fc9b966dd18\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"e40d58a1-9dab-4f86-b388-53120b8266a1\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#4379aa\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"scalingType\":\"CLUSTERS\",\"id\":\"3124c3a4-116a-43ac-8e24-70e9767c8d90\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"beb16b38-fb95-4d6a-952e-8fe33d33a568\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"circle\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"disableTooltips\":false}]", + "mapStateJSON": "{\"adHocDataViews\":[],\"zoom\":0.87,\"center\":{\"lon\":14.4084,\"lat\":0},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":10000},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"field\":\"data_stream.dataset\",\"params\":{\"query\":\"arista_ngfw.log\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"arista_ngfw.log\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"logs-*\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"session_stats\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.provider\":\"session_stats\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#1d1e24\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"keydownScrollZoom\":false,\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_3_source_index_pattern", + "type": "index-pattern" + } + ], + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -360 + }, + "mapCenter": { + "lat": 0, + "lon": 14.4084, + "zoom": 0.87 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 24, + "i": "6ae5c6ae-a667-49e2-aa53-2fe5a2d5b6d8", + "w": 26, + "x": 22, + "y": 24 + }, + "panelIndex": "6ae5c6ae-a667-49e2-aa53-2fe5a2d5b6d8", + "title": "Events by Source to Destination GeoLocation", + "type": "map", + "version": "8.7.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Session Stats", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-090e6d40-1dc4-11ee-b346-5b9e0073e798", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "20d48459-770b-4cde-8ede-72b084ea1772:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "20d48459-770b-4cde-8ede-72b084ea1772:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "20d48459-770b-4cde-8ede-72b084ea1772:metrics_20d48459-770b-4cde-8ede-72b084ea1772_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "13262519-30cf-49ea-a20e-e68cd2ed1a44:panel_13262519-30cf-49ea-a20e-e68cd2ed1a44", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "07dd66c3-cfbf-450e-835d-a2d1d15560b3:indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07dd66c3-cfbf-450e-835d-a2d1d15560b3:849c92e9-e717-45dc-88e0-2a79c97a3c45", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07dd66c3-cfbf-450e-835d-a2d1d15560b3:0bc18d47-c998-4416-b28e-3d4aa6f10a3a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff518a08-7f9c-439b-92e1-488179e73e27:indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff518a08-7f9c-439b-92e1-488179e73e27:e2cef2bf-4e08-4478-bd21-b8910160f1da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff518a08-7f9c-439b-92e1-488179e73e27:a52f24ad-33f5-469d-a823-5892a03a1594", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e13dda86-df4f-4f15-842c-dc5c757c36f5:indexpattern-datasource-layer-02bfb9a7-a251-4db6-9dcc-eb9f921b17d5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e13dda86-df4f-4f15-842c-dc5c757c36f5:01a7c08d-a971-44de-85ca-694539d55351", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e13dda86-df4f-4f15-842c-dc5c757c36f5:64d05723-a8ae-4658-9d37-11231fa0cddb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d7ec786-8684-41e7-bee4-fcb34344e506:indexpattern-datasource-layer-9e38f9db-7af9-40ec-b6e9-9932306bd70d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d7ec786-8684-41e7-bee4-fcb34344e506:75685a95-34a6-42c6-8de9-b1f3357815c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d7ec786-8684-41e7-bee4-fcb34344e506:c9cbffd8-0315-490a-be5b-81dbde235c32", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc886fe0-c926-430c-b91d-2d5dde9f4ccf:indexpattern-datasource-layer-17697112-4022-42c3-b0b9-0d825b94b360", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc886fe0-c926-430c-b91d-2d5dde9f4ccf:d7570988-8159-41a0-ae31-21fe5e75f78e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc886fe0-c926-430c-b91d-2d5dde9f4ccf:419cec79-b582-431d-93a8-6a659fa8bb01", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "86e18a08-a067-481c-a16c-af7ae7d17eec:indexpattern-datasource-layer-b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "86e18a08-a067-481c-a16c-af7ae7d17eec:238fbd5c-0f25-47e8-b505-a324f85abb88", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "86e18a08-a067-481c-a16c-af7ae7d17eec:867afe8c-8677-4055-9aa3-db86e0f1ce84", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b9db7a3-da2a-4bbf-b828-26c28337a81c:indexpattern-datasource-layer-b14288d9-dfdf-4497-beca-3eeb4f36f34f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b9db7a3-da2a-4bbf-b828-26c28337a81c:080c0120-8f76-413e-8b55-858d5b6bd92d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b9db7a3-da2a-4bbf-b828-26c28337a81c:ec867263-bba7-45bf-a627-0303111d34b4", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-78edcde0-20ee-11ee-8ab3-fb5b73d7bd73", + "name": "7355a77d-85cd-41ed-b1da-f238a3ea84bd:panel_7355a77d-85cd-41ed-b1da-f238a3ea84bd", + "type": "search" + }, + { + "id": "logs-*", + "name": "6ae5c6ae-a667-49e2-aa53-2fe5a2d5b6d8:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6ae5c6ae-a667-49e2-aa53-2fe5a2d5b6d8:layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6ae5c6ae-a667-49e2-aa53-2fe5a2d5b6d8:layer_3_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-0f3dafe6-c66a-4d1e-a9e9-fa3fb418bfaf.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-0f3dafe6-c66a-4d1e-a9e9-fa3fb418bfaf.json new file mode 100755 index 000000000000..4c969633af3f --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-0f3dafe6-c66a-4d1e-a9e9-fa3fb418bfaf.json @@ -0,0 +1,1712 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "4e81467d-7d1a-4e3b-800b-955a5b835573", + "index_pattern_ref_name": "metrics_70107979-79d0-4585-a164-279bd7b6e235_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Intrusion Prevention", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "db060372-40bb-44ab-80b5-9713d7f64b5b", + "line_width": 1, + "metrics": [ + { + "id": "4e0dc31d-d382-4983-acb5-c1e63d47ed0a", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "70107979-79d0-4585-a164-279bd7b6e235", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "70107979-79d0-4585-a164-279bd7b6e235", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "d2047ddf-980e-479e-8bd9-543987eab727", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "d2047ddf-980e-479e-8bd9-543987eab727", + "panelRefName": "panel_d2047ddf-980e-479e-8bd9-543987eab727", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76214d26-dac4-41cd-b4d5-c86deb31e8b4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "251e6a4f-e93d-485a-8fe6-0cdd41ded043", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd25315f-774f-4273-8758-200d32465fb2", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "76214d26-dac4-41cd-b4d5-c86deb31e8b4": { + "columnOrder": [ + "a88b7dad-e56f-4e1a-a91a-990ca0cec846" + ], + "columns": { + "a88b7dad-e56f-4e1a-a91a-990ca0cec846": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Intrusion Prevention Events", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "251e6a4f-e93d-485a-8fe6-0cdd41ded043", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "dd25315f-774f-4273-8758-200d32465fb2", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "a88b7dad-e56f-4e1a-a91a-990ca0cec846", + "layerId": "76214d26-dac4-41cd-b4d5-c86deb31e8b4", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "Metric visualization (converted)", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 15, + "i": "79501b8a-f57e-4841-a388-fe8b7cdd8d21", + "w": 8, + "x": 0, + "y": 8 + }, + "panelIndex": "79501b8a-f57e-4841-a388-fe8b7cdd8d21", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c5436613-fa8f-4266-9b4e-6433de03570c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "af33fdef-263e-49f4-b95c-b537f6b5c1e8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "18f99b1f-5438-40cd-b7b1-ca889556014f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "c5436613-fa8f-4266-9b4e-6433de03570c": { + "columnOrder": [ + "3a7a429f-d198-4c16-8e3e-2ecd19606dad", + "5a464a08-86de-4f36-8ccb-f7685ce54b08" + ], + "columns": { + "3a7a429f-d198-4c16-8e3e-2ecd19606dad": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "event.outcome: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [ + "allowed", + "denied" + ], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "5a464a08-86de-4f36-8ccb-f7685ce54b08", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.type" + }, + "5a464a08-86de-4f36-8ccb-f7685ce54b08": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "af33fdef-263e-49f4-b95c-b537f6b5c1e8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "18f99b1f-5438-40cd-b7b1-ca889556014f", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "layerId": "c5436613-fa8f-4266-9b4e-6433de03570c", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metrics": [ + "5a464a08-86de-4f36-8ccb-f7685ce54b08" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "3a7a429f-d198-4c16-8e3e-2ecd19606dad" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Events by Outcome (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a098b652-645d-431b-9101-ebb9c7035aca", + "w": 8, + "x": 8, + "y": 8 + }, + "panelIndex": "a098b652-645d-431b-9101-ebb9c7035aca", + "title": "Events by Type", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8e534232-0417-41ed-a045-1d9f5a61b63a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c2f68a44-7a29-43d1-8ed3-34c1ee42bb2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "408293a7-94e0-43e2-9e2f-d6cffaf8bcd2", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8e534232-0417-41ed-a045-1d9f5a61b63a": { + "columnOrder": [ + "6edeedc4-893d-458f-8c6c-b091495f4aec", + "e83e2375-ac65-49fb-bb5c-9a75f2b486fe" + ], + "columns": { + "6edeedc4-893d-458f-8c6c-b091495f4aec": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "source.geo.country_name: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e83e2375-ac65-49fb-bb5c-9a75f2b486fe", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + }, + "e83e2375-ac65-49fb-bb5c-9a75f2b486fe": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "c2f68a44-7a29-43d1-8ed3-34c1ee42bb2f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "408293a7-94e0-43e2-9e2f-d6cffaf8bcd2", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "layerId": "8e534232-0417-41ed-a045-1d9f5a61b63a", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "legendSize": "large", + "metrics": [ + "e83e2375-ac65-49fb-bb5c-9a75f2b486fe" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "6edeedc4-893d-458f-8c6c-b091495f4aec" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Events by Source Country (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae629cae-ec3d-44a5-a733-5bd158ad792e", + "w": 10, + "x": 16, + "y": 8 + }, + "panelIndex": "ae629cae-ec3d-44a5-a733-5bd158ad792e", + "title": "Top 10 Source Countries", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c1b94f07-93df-4ecd-aa04-724cc3596b46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3c5f936-7c6c-4d9e-b591-be0ce4a29cff", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17582a11-572d-4eaa-acf5-e01b5de3e54d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "c1b94f07-93df-4ecd-aa04-724cc3596b46": { + "columnOrder": [ + "e3e17ecd-1588-4928-ab54-c2ab92d27fc9", + "959f8d87-8a43-4693-b20c-cc3214a4bfa3" + ], + "columns": { + "959f8d87-8a43-4693-b20c-cc3214a4bfa3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "e3e17ecd-1588-4928-ab54-c2ab92d27fc9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "rule.ruleset: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "959f8d87-8a43-4693-b20c-cc3214a4bfa3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.ruleset" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "c3c5f936-7c6c-4d9e-b591-be0ce4a29cff", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "17582a11-572d-4eaa-acf5-e01b5de3e54d", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "layerId": "c1b94f07-93df-4ecd-aa04-724cc3596b46", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "legendSize": "large", + "metrics": [ + "959f8d87-8a43-4693-b20c-cc3214a4bfa3" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "e3e17ecd-1588-4928-ab54-c2ab92d27fc9" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Events by Ruleset (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d5e6b373-6124-4769-bb1d-82f318ca548f", + "w": 10, + "x": 26, + "y": 8 + }, + "panelIndex": "d5e6b373-6124-4769-bb1d-82f318ca548f", + "title": "Top 10 Rulesets", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f0ccea5c-73c6-49f8-8b29-fdff6e732b9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b734405a-114d-4bcc-be12-b03624a1401c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c0e0614e-5bad-4be5-835c-e694c3ba8809", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f0ccea5c-73c6-49f8-8b29-fdff6e732b9c": { + "columnOrder": [ + "0ef1c9d0-965c-45ac-ad43-4829ac8e0a5f", + "96f7dcda-93be-44a6-86b1-879a3274fc2f" + ], + "columns": { + "0ef1c9d0-965c-45ac-ad43-4829ac8e0a5f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "rule.name: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "96f7dcda-93be-44a6-86b1-879a3274fc2f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" + }, + "96f7dcda-93be-44a6-86b1-879a3274fc2f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "b734405a-114d-4bcc-be12-b03624a1401c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "c0e0614e-5bad-4be5-835c-e694c3ba8809", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "layerId": "f0ccea5c-73c6-49f8-8b29-fdff6e732b9c", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "legendSize": "xlarge", + "metrics": [ + "96f7dcda-93be-44a6-86b1-879a3274fc2f" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "0ef1c9d0-965c-45ac-ad43-4829ac8e0a5f" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Events by Category (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "146348c5-cefb-43f7-85b9-b4368955ed35", + "w": 12, + "x": 36, + "y": 8 + }, + "panelIndex": "146348c5-cefb-43f7-85b9-b4368955ed35", + "title": "Top 10 Rule Names", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-371bf2e4-b58b-485d-889c-f8bc9e73b2b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f1b2591e-c853-433b-aa68-78301322ff70", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "317fdf9c-e99c-46ac-9950-331d7e5019bf", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "371bf2e4-b58b-485d-889c-f8bc9e73b2b2": { + "columnOrder": [ + "dd53eca1-324b-4467-a5a6-a32c74edaefc", + "3eb6e6fc-dbf5-43bd-94b6-576907f9bdb5", + "b1a8fc02-a9b9-4392-873f-b24f015f1f52", + "9d49e0e9-9bb9-4f61-a216-8e96f829d0cd", + "5a50b609-4b0f-4fdd-beeb-d8c38044355a" + ], + "columns": { + "3eb6e6fc-dbf5-43bd-94b6-576907f9bdb5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Organization Name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "5a50b609-4b0f-4fdd-beeb-d8c38044355a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.as.organization.name" + }, + "5a50b609-4b0f-4fdd-beeb-d8c38044355a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "9d49e0e9-9bb9-4f61-a216-8e96f829d0cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Country", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "5a50b609-4b0f-4fdd-beeb-d8c38044355a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + }, + "b1a8fc02-a9b9-4392-873f-b24f015f1f52": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Region", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "5a50b609-4b0f-4fdd-beeb-d8c38044355a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.geo.region_name" + }, + "dd53eca1-324b-4467-a5a6-a32c74edaefc": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "5a50b609-4b0f-4fdd-beeb-d8c38044355a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "f1b2591e-c853-433b-aa68-78301322ff70", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "317fdf9c-e99c-46ac-9950-331d7e5019bf", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "5a50b609-4b0f-4fdd-beeb-d8c38044355a" + }, + { + "alignment": "left", + "columnId": "dd53eca1-324b-4467-a5a6-a32c74edaefc" + }, + { + "alignment": "left", + "columnId": "3eb6e6fc-dbf5-43bd-94b6-576907f9bdb5" + }, + { + "alignment": "left", + "columnId": "b1a8fc02-a9b9-4392-873f-b24f015f1f52" + }, + { + "alignment": "left", + "columnId": "9d49e0e9-9bb9-4f61-a216-8e96f829d0cd" + } + ], + "headerRowHeight": "single", + "layerId": "371bf2e4-b58b-485d-889c-f8bc9e73b2b2", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Top 500 Source IPs (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 24, + "i": "884930a0-9ba3-4145-843f-ec606526d9b1", + "w": 24, + "x": 0, + "y": 23 + }, + "panelIndex": "884930a0-9ba3-4145-843f-ec606526d9b1", + "title": "Top 500 Source IPs", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d11fcb51-c326-436c-9df7-156a7308569d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "75582802-9b93-4f25-961a-7ea57466f96b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd6da309-3449-45e5-b6d9-d6bbad8784cd", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d11fcb51-c326-436c-9df7-156a7308569d": { + "columnOrder": [ + "e30f9bec-8481-4f47-8eba-5c8acbbde692", + "a1de9b08-92d5-4ef6-b791-c7626299e553", + "5e6e50e2-0481-4abd-a2ec-a8cc5e3ee1a0", + "d07453f0-c0ac-44f0-a3b3-f9af54a43f51", + "99273173-4118-4ca4-b891-c16c3c21ec1d" + ], + "columns": { + "5e6e50e2-0481-4abd-a2ec-a8cc5e3ee1a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Region", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "99273173-4118-4ca4-b891-c16c3c21ec1d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "destination.geo.region_name" + }, + "99273173-4118-4ca4-b891-c16c3c21ec1d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "a1de9b08-92d5-4ef6-b791-c7626299e553": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Organization", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "99273173-4118-4ca4-b891-c16c3c21ec1d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "destination.as.organization.name" + }, + "d07453f0-c0ac-44f0-a3b3-f9af54a43f51": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Country", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "99273173-4118-4ca4-b891-c16c3c21ec1d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + }, + "e30f9bec-8481-4f47-8eba-5c8acbbde692": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "99273173-4118-4ca4-b891-c16c3c21ec1d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 50 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "75582802-9b93-4f25-961a-7ea57466f96b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "fd6da309-3449-45e5-b6d9-d6bbad8784cd", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "99273173-4118-4ca4-b891-c16c3c21ec1d" + }, + { + "alignment": "left", + "columnId": "e30f9bec-8481-4f47-8eba-5c8acbbde692" + }, + { + "alignment": "left", + "columnId": "a1de9b08-92d5-4ef6-b791-c7626299e553" + }, + { + "alignment": "left", + "columnId": "5e6e50e2-0481-4abd-a2ec-a8cc5e3ee1a0" + }, + { + "alignment": "left", + "columnId": "d07453f0-c0ac-44f0-a3b3-f9af54a43f51" + } + ], + "headerRowHeight": "single", + "layerId": "d11fcb51-c326-436c-9df7-156a7308569d", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Top 500 Destination IPs (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 24, + "i": "5dcfedad-5c18-4c8b-a2fa-85cc2c984fec", + "w": 24, + "x": 24, + "y": 23 + }, + "panelIndex": "5dcfedad-5c18-4c8b-a2fa-85cc2c984fec", + "title": "Top 500 Destination IPs", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "rowsPerPage": 10 + }, + "gridData": { + "h": 40, + "i": "c578041f-0bd1-4ee7-9633-d6994663f07c", + "w": 48, + "x": 0, + "y": 47 + }, + "panelIndex": "c578041f-0bd1-4ee7-9633-d6994663f07c", + "panelRefName": "panel_c578041f-0bd1-4ee7-9633-d6994663f07c", + "type": "search", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Intrusion Prevention", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-0f3dafe6-c66a-4d1e-a9e9-fa3fb418bfaf", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "70107979-79d0-4585-a164-279bd7b6e235:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70107979-79d0-4585-a164-279bd7b6e235:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70107979-79d0-4585-a164-279bd7b6e235:metrics_70107979-79d0-4585-a164-279bd7b6e235_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "d2047ddf-980e-479e-8bd9-543987eab727:panel_d2047ddf-980e-479e-8bd9-543987eab727", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "79501b8a-f57e-4841-a388-fe8b7cdd8d21:indexpattern-datasource-layer-76214d26-dac4-41cd-b4d5-c86deb31e8b4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "79501b8a-f57e-4841-a388-fe8b7cdd8d21:251e6a4f-e93d-485a-8fe6-0cdd41ded043", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "79501b8a-f57e-4841-a388-fe8b7cdd8d21:dd25315f-774f-4273-8758-200d32465fb2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a098b652-645d-431b-9101-ebb9c7035aca:indexpattern-datasource-layer-c5436613-fa8f-4266-9b4e-6433de03570c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a098b652-645d-431b-9101-ebb9c7035aca:af33fdef-263e-49f4-b95c-b537f6b5c1e8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a098b652-645d-431b-9101-ebb9c7035aca:18f99b1f-5438-40cd-b7b1-ca889556014f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae629cae-ec3d-44a5-a733-5bd158ad792e:indexpattern-datasource-layer-8e534232-0417-41ed-a045-1d9f5a61b63a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae629cae-ec3d-44a5-a733-5bd158ad792e:c2f68a44-7a29-43d1-8ed3-34c1ee42bb2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae629cae-ec3d-44a5-a733-5bd158ad792e:408293a7-94e0-43e2-9e2f-d6cffaf8bcd2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5e6b373-6124-4769-bb1d-82f318ca548f:indexpattern-datasource-layer-c1b94f07-93df-4ecd-aa04-724cc3596b46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5e6b373-6124-4769-bb1d-82f318ca548f:c3c5f936-7c6c-4d9e-b591-be0ce4a29cff", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5e6b373-6124-4769-bb1d-82f318ca548f:17582a11-572d-4eaa-acf5-e01b5de3e54d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "146348c5-cefb-43f7-85b9-b4368955ed35:indexpattern-datasource-layer-f0ccea5c-73c6-49f8-8b29-fdff6e732b9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "146348c5-cefb-43f7-85b9-b4368955ed35:b734405a-114d-4bcc-be12-b03624a1401c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "146348c5-cefb-43f7-85b9-b4368955ed35:c0e0614e-5bad-4be5-835c-e694c3ba8809", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "884930a0-9ba3-4145-843f-ec606526d9b1:indexpattern-datasource-layer-371bf2e4-b58b-485d-889c-f8bc9e73b2b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "884930a0-9ba3-4145-843f-ec606526d9b1:f1b2591e-c853-433b-aa68-78301322ff70", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "884930a0-9ba3-4145-843f-ec606526d9b1:317fdf9c-e99c-46ac-9950-331d7e5019bf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5dcfedad-5c18-4c8b-a2fa-85cc2c984fec:indexpattern-datasource-layer-d11fcb51-c326-436c-9df7-156a7308569d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5dcfedad-5c18-4c8b-a2fa-85cc2c984fec:75582802-9b93-4f25-961a-7ea57466f96b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5dcfedad-5c18-4c8b-a2fa-85cc2c984fec:fd6da309-3449-45e5-b6d9-d6bbad8784cd", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-6cf3b505-142c-436a-9625-97800660e36f", + "name": "c578041f-0bd1-4ee7-9633-d6994663f07c:panel_c578041f-0bd1-4ee7-9633-d6994663f07c", + "type": "search" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-2b026f60-1cf1-11ee-b346-5b9e0073e798.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-2b026f60-1cf1-11ee-b346-5b9e0073e798.json new file mode 100755 index 000000000000..3fb4f9dbe84f --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-2b026f60-1cf1-11ee-b346-5b9e0073e798.json @@ -0,0 +1,990 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "admin_login" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "admin_login" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "2e600701-6bdf-407d-b77c-73e0c9830920", + "index_pattern_ref_name": "metrics_b8e42c0a-e619-490d-a0c5-0c8a638d2aac_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Admin Login", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e6ddf3d5-1da0-4dca-b938-85a1bf01a696", + "line_width": 1, + "metrics": [ + { + "id": "c0dedf6a-803d-4a88-b161-b6b1cab27ce7", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "b8e42c0a-e619-490d-a0c5-0c8a638d2aac", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "b8e42c0a-e619-490d-a0c5-0c8a638d2aac", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "1a4d0a4b-6202-43ee-8fd7-d3eeafe8f2f3", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "1a4d0a4b-6202-43ee-8fd7-d3eeafe8f2f3", + "panelRefName": "panel_1a4d0a4b-6202-43ee-8fd7-d3eeafe8f2f3", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e848e02e-4918-4c7a-846d-e8b6ab0641bd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4762b4ed-6f97-4e3d-84f4-1237ef05ec5b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a5040db-0585-4867-9e37-c936a36e75af", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e848e02e-4918-4c7a-846d-e8b6ab0641bd": { + "columnOrder": [ + "7a49e7d6-62ec-4f34-bee5-bf6a679580fd" + ], + "columns": { + "7a49e7d6-62ec-4f34-bee5-bf6a679580fd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Login Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "4762b4ed-6f97-4e3d-84f4-1237ef05ec5b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "1a5040db-0585-4867-9e37-c936a36e75af", + "key": "event.provider", + "negate": false, + "params": { + "query": "admin_login" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "admin_login" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7a49e7d6-62ec-4f34-bee5-bf6a679580fd", + "layerId": "e848e02e-4918-4c7a-846d-e8b6ab0641bd", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 14, + "i": "612605ba-8521-466e-b0a5-2842f6ab3485", + "w": 14, + "x": 0, + "y": 8 + }, + "panelIndex": "612605ba-8521-466e-b0a5-2842f6ab3485", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-301b7f21-322b-4e6b-9c12-3dd4b4b9168c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "04c8664b-4516-43f6-b3f3-836619ee8633", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ef7e7382-96a6-46bd-93de-7f0921013b07", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "301b7f21-322b-4e6b-9c12-3dd4b4b9168c": { + "columnOrder": [ + "86f686f6-3a4c-4afa-87ef-86a0e3d19665", + "7aca5794-d62e-495b-858f-4845415d0a86" + ], + "columns": { + "7aca5794-d62e-495b-858f-4845415d0a86": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Login Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "86f686f6-3a4c-4afa-87ef-86a0e3d19665": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "04c8664b-4516-43f6-b3f3-836619ee8633", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "ef7e7382-96a6-46bd-93de-7f0921013b07", + "key": "event.provider", + "negate": false, + "params": { + "query": "admin_login" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "admin_login" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "emphasizeFitting": true, + "fittingFunction": "Zero", + "layers": [ + { + "accessors": [ + "7aca5794-d62e-495b-858f-4845415d0a86" + ], + "layerId": "301b7f21-322b-4e6b-9c12-3dd4b4b9168c", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "xAccessor": "86f686f6-3a4c-4afa-87ef-86a0e3d19665" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": true + }, + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": true + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "ad12a6b6-b2e2-4fb9-b113-41c9d97012a2", + "w": 34, + "x": 14, + "y": 8 + }, + "panelIndex": "ad12a6b6-b2e2-4fb9-b113-41c9d97012a2", + "title": "Admin Login Events Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-957518ad-112c-4084-8e24-fa99a4fe00b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f566771-3b46-4adf-bff2-e8e69fd39374", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cba94ab5-3747-4a5f-91ca-5a0ed2e7b1c9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "957518ad-112c-4084-8e24-fa99a4fe00b6": { + "columnOrder": [ + "b2030336-2560-411b-a566-30019b77144f", + "9dac38cc-012b-4e36-b096-ce6b67f65883" + ], + "columns": { + "9dac38cc-012b-4e36-b096-ce6b67f65883": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "b2030336-2560-411b-a566-30019b77144f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.outcome", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "9dac38cc-012b-4e36-b096-ce6b67f65883", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "5f566771-3b46-4adf-bff2-e8e69fd39374", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "cba94ab5-3747-4a5f-91ca-5a0ed2e7b1c9", + "key": "event.provider", + "negate": false, + "params": { + "query": "admin_login" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "admin_login" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "957518ad-112c-4084-8e24-fa99a4fe00b6", + "layerType": "data", + "legendDisplay": "show", + "metrics": [ + "9dac38cc-012b-4e36-b096-ce6b67f65883" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "b2030336-2560-411b-a566-30019b77144f" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "4058112d-e7d9-4b5c-a507-7b9b0eafbefb", + "w": 14, + "x": 0, + "y": 22 + }, + "panelIndex": "4058112d-e7d9-4b5c-a507-7b9b0eafbefb", + "title": "Admin Login Events by Outcome", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-81c11ccd-d957-4afe-85d9-d763e8a499eb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d252fba0-5aa9-4f61-a9d7-f7ed100d0e1e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fdd0471-02a0-4c38-9f11-7da6b5a74288", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "81c11ccd-d957-4afe-85d9-d763e8a499eb": { + "columnOrder": [ + "fc00bdf6-dd1d-4eae-8686-4aeef751e8dd", + "7d3ddf2e-04d4-4907-99f4-5124d94664f7", + "c4795585-27f3-4b09-b548-a3156a081177", + "d48eae88-bc86-4074-94eb-6fb9ce784383", + "e096c4ef-bdd7-4bac-b1fc-c4057deada50" + ], + "columns": { + "7d3ddf2e-04d4-4907-99f4-5124d94664f7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "columnId": "e096c4ef-bdd7-4bac-b1fc-c4057deada50", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + }, + "c4795585-27f3-4b09-b548-a3156a081177": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e096c4ef-bdd7-4bac-b1fc-c4057deada50", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "d48eae88-bc86-4074-94eb-6fb9ce784383": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Outcome", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e096c4ef-bdd7-4bac-b1fc-c4057deada50", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "e096c4ef-bdd7-4bac-b1fc-c4057deada50": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc00bdf6-dd1d-4eae-8686-4aeef751e8dd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e096c4ef-bdd7-4bac-b1fc-c4057deada50", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "d252fba0-5aa9-4f61-a9d7-f7ed100d0e1e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "8fdd0471-02a0-4c38-9f11-7da6b5a74288", + "key": "event.provider", + "negate": false, + "params": { + "query": "admin_login" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "admin_login" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "e096c4ef-bdd7-4bac-b1fc-c4057deada50", + "summaryRow": "sum" + }, + { + "alignment": "left", + "columnId": "fc00bdf6-dd1d-4eae-8686-4aeef751e8dd" + }, + { + "alignment": "left", + "columnId": "c4795585-27f3-4b09-b548-a3156a081177", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "d48eae88-bc86-4074-94eb-6fb9ce784383" + }, + { + "columnId": "7d3ddf2e-04d4-4907-99f4-5124d94664f7", + "isTransposed": false + } + ], + "headerRowHeight": "single", + "layerId": "81c11ccd-d957-4afe-85d9-d763e8a499eb", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Admin Login Event Details (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "95e65c34-b34d-4d36-8514-326b9a56950f", + "w": 34, + "x": 14, + "y": 22 + }, + "panelIndex": "95e65c34-b34d-4d36-8514-326b9a56950f", + "title": "Admin Login Event Details", + "type": "lens", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Admin Login", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-2b026f60-1cf1-11ee-b346-5b9e0073e798", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "b8e42c0a-e619-490d-a0c5-0c8a638d2aac:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8e42c0a-e619-490d-a0c5-0c8a638d2aac:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8e42c0a-e619-490d-a0c5-0c8a638d2aac:metrics_b8e42c0a-e619-490d-a0c5-0c8a638d2aac_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "1a4d0a4b-6202-43ee-8fd7-d3eeafe8f2f3:panel_1a4d0a4b-6202-43ee-8fd7-d3eeafe8f2f3", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "612605ba-8521-466e-b0a5-2842f6ab3485:indexpattern-datasource-layer-e848e02e-4918-4c7a-846d-e8b6ab0641bd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "612605ba-8521-466e-b0a5-2842f6ab3485:4762b4ed-6f97-4e3d-84f4-1237ef05ec5b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "612605ba-8521-466e-b0a5-2842f6ab3485:1a5040db-0585-4867-9e37-c936a36e75af", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad12a6b6-b2e2-4fb9-b113-41c9d97012a2:indexpattern-datasource-layer-301b7f21-322b-4e6b-9c12-3dd4b4b9168c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad12a6b6-b2e2-4fb9-b113-41c9d97012a2:04c8664b-4516-43f6-b3f3-836619ee8633", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad12a6b6-b2e2-4fb9-b113-41c9d97012a2:ef7e7382-96a6-46bd-93de-7f0921013b07", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4058112d-e7d9-4b5c-a507-7b9b0eafbefb:indexpattern-datasource-layer-957518ad-112c-4084-8e24-fa99a4fe00b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4058112d-e7d9-4b5c-a507-7b9b0eafbefb:5f566771-3b46-4adf-bff2-e8e69fd39374", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4058112d-e7d9-4b5c-a507-7b9b0eafbefb:cba94ab5-3747-4a5f-91ca-5a0ed2e7b1c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95e65c34-b34d-4d36-8514-326b9a56950f:indexpattern-datasource-layer-81c11ccd-d957-4afe-85d9-d763e8a499eb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95e65c34-b34d-4d36-8514-326b9a56950f:d252fba0-5aa9-4f61-a9d7-f7ed100d0e1e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95e65c34-b34d-4d36-8514-326b9a56950f:8fdd0471-02a0-4c38-9f11-7da6b5a74288", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-3565dc44-1886-49aa-b8d3-523623e605dc.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-3565dc44-1886-49aa-b8d3-523623e605dc.json new file mode 100755 index 000000000000..08fb7155552f --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-3565dc44-1886-49aa-b8d3-523623e605dc.json @@ -0,0 +1,1492 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.id", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.id", + "negate": false, + "params": { + "query": "110835551275656" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.id": "110835551275656" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "hide_last_value_indicator": true, + "id": "8f0151ff-1899-4ac4-b987-a6bbb8768da7", + "index_pattern_ref_name": "metrics_356f4076-1ab5-436d-96ec-37685a934dda_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Details for Event ID {{ top_hit_of_event_id.last.formatted }}", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d7ceb982-5f3a-4fd7-ad33-3ea5646c18b3", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.id", + "id": "388889fa-ed92-4ee3-9136-1794256c1ecb", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "356f4076-1ab5-436d-96ec-37685a934dda", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "356f4076-1ab5-436d-96ec-37685a934dda", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "766a84ae-bf77-4a3f-9643-bf73f62b89ff", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "766a84ae-bf77-4a3f-9643-bf73f62b89ff", + "panelRefName": "panel_766a84ae-bf77-4a3f-9643-bf73f62b89ff", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-122a6dbe-1bda-4f24-96e4-54a7613f0712", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8780b16-a001-434e-8917-c09197a07fd1", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "122a6dbe-1bda-4f24-96e4-54a7613f0712": { + "columnOrder": [ + "080e545a-d9bb-4873-9354-0e6e50e1dd2b", + "a81e9044-fa92-4ab2-a263-533daf32ab81", + "65cd14c1-a6ff-4086-b670-8ff93c36b1e4", + "39b3dd70-ce7c-41d3-970f-e8e789adcc8d", + "a2b60887-5c49-4d18-8746-ffb0be2b1b34" + ], + "columns": { + "080e545a-d9bb-4873-9354-0e6e50e1dd2b": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "39b3dd70-ce7c-41d3-970f-e8e789adcc8d": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "65cd14c1-a6ff-4086-b670-8ff93c36b1e4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": true, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "a2b60887-5c49-4d18-8746-ffb0be2b1b34": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "destination.port: *" + }, + "isBucketed": false, + "label": "Destination Port", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "destination.port" + }, + "a81e9044-fa92-4ab2-a263-533daf32ab81": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Source Port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "source.port" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "b8780b16-a001-434e-8917-c09197a07fd1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "a2b60887-5c49-4d18-8746-ffb0be2b1b34" + }, + { + "alignment": "left", + "columnId": "080e545a-d9bb-4873-9354-0e6e50e1dd2b" + }, + { + "alignment": "left", + "columnId": "a81e9044-fa92-4ab2-a263-533daf32ab81" + }, + { + "alignment": "left", + "columnId": "65cd14c1-a6ff-4086-b670-8ff93c36b1e4" + }, + { + "alignment": "left", + "columnId": "39b3dd70-ce7c-41d3-970f-e8e789adcc8d" + } + ], + "headerRowHeight": "single", + "layerId": "122a6dbe-1bda-4f24-96e4-54a7613f0712", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Data table visualization (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 5, + "i": "de4a0b18-afa4-483b-806d-0503e8f2a13c", + "w": 26, + "x": 0, + "y": 8 + }, + "panelIndex": "de4a0b18-afa4-483b-806d-0503e8f2a13c", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"locale\":\"autoselect\",\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"04617ef5-3eab-47c8-bc01-9dd3d564acd8\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"EMS_VECTOR_TILE\",\"color\":\"\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\",\"parent\":\"242599d5-5839-4252-90ea-af5f14bd4e86\"},{\"type\":\"LAYER_GROUP\",\"id\":\"242599d5-5839-4252-90ea-af5f14bd4e86\",\"label\":\"Layer group\",\"sourceDescriptor\":null,\"visible\":true},{\"sourceDescriptor\":{\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"id\":\"cdfca20b-7a23-4e58-8e21-e0580bef39c8\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":1,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"id\":\"da7e0320-3138-4df1-b4e4-85ad16097855\",\"label\":\"Line\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"scalingType\":\"MVT\",\"id\":\"21b27ae8-ee5a-4a4f-b0c3-2610dd2017c5\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"de947d6a-0400-4472-9e46-e97ff3c077b3\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#4379aa\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"MVT_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"scalingType\":\"MVT\",\"id\":\"fc967905-9cff-47bb-9ce9-ba5891db6d09\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_4_source_index_pattern\"},\"id\":\"1ef833d7-9dc1-4073-b36a-95b2fa1ef91b\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#4379aa\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"MVT_VECTOR\",\"joins\":[],\"disableTooltips\":false}]", + "mapStateJSON": "{\"adHocDataViews\":[],\"zoom\":0.87,\"center\":{\"lon\":0.05828,\"lat\":0},\"timeFilters\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":60000},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"field\":\"data_stream.dataset\",\"params\":{\"query\":\"arista_ngfw.log\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"arista_ngfw.log\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#1d1e24\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"keydownScrollZoom\":false,\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":false,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 0, + "minLat": -40.9799, + "minLon": -180 + }, + "mapCenter": { + "lat": 35.41579, + "lon": -89.92859, + "zoom": 2.38 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 29, + "i": "9601818c-30cf-482d-95bd-6ce54df917b3", + "w": 22, + "x": 26, + "y": 8 + }, + "panelIndex": "9601818c-30cf-482d-95bd-6ce54df917b3", + "title": "Event Geo Locations", + "type": "map", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "5c664e61-f73b-46fe-be94-6c7f59750297", + "index_pattern_ref_name": "metrics_7f15fef8-dd3e-49b1-a249-f35d721055f8_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "## **Firewall Event**\r\n\r\n**Event Outcome**: {{ top_hit_of_event_outcome.last.formatted }} \r\n**Event Type**: {{ top_hit_of_event_type.last.formatted }} \r\n**Flagged**: {{#each _all}}{{#with flagged}}{{last.formatted}}{{/with}}{{/each}}", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d8e129a6-92cc-48cb-b473-bead929316a8", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.outcome", + "id": "8c7064df-876a-4adb-84b7-47fe2a424bdb", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "acc7a750-fcb1-11ed-9917-af4fa5e743c5", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.type", + "id": "acc7a751-fcb1-11ed-9917-af4fa5e743c5", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "event.flagged " + }, + "formatter": "default", + "id": "132d2f60-fcb2-11ed-9917-af4fa5e743c5", + "label": "Flagged", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": null, + "id": "132d2f61-fcb2-11ed-9917-af4fa5e743c5", + "order": "desc", + "order_by": "@timestamp", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "filter", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "flagged" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 11, + "i": "7f15fef8-dd3e-49b1-a249-f35d721055f8", + "w": 11, + "x": 0, + "y": 13 + }, + "panelIndex": "7f15fef8-dd3e-49b1-a249-f35d721055f8", + "title": "Firewall Event", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "hide_last_value_indicator": true, + "id": "6dc7c92c-bf5e-4e2a-9f4f-7cc0b801b21f", + "index_pattern_ref_name": "metrics_2c48934a-65eb-423a-9c6f-a6a211823312_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "## **Web Filter Event**\r\n\r\n**Domain**: {{ top_hit_of_url_domain.last.raw }} \r\n**Event Outcome**: {{ top_hit_of_event_outcome.last.formatted }} \r\n**Event Type**: {{ top_hit_of_event_type.last.formatted }} \r\n**Category**: {{ top_hit_of_rule_category.last.formatted }} ", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "fe7e0a73-55e7-4373-b3ca-52db91189fd5", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.outcome", + "id": "bd652ab9-ce28-4a00-b260-605142ab9769", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "6b1662b0-fcb6-11ed-9917-af4fa5e743c5", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.type", + "id": "6b1662b1-fcb6-11ed-9917-af4fa5e743c5", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "44e24f10-1d08-11ee-a9ff-dbf27d603ad7", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "url.domain", + "id": "44e24f11-1d08-11ee-a9ff-dbf27d603ad7", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "7d317080-1d08-11ee-a9ff-dbf27d603ad7", + "label": "", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "rule.category", + "id": "7d317081-1d08-11ee-a9ff-dbf27d603ad7", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "var_name": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 11, + "i": "2c48934a-65eb-423a-9c6f-a6a211823312", + "w": 15, + "x": 11, + "y": 13 + }, + "panelIndex": "2c48934a-65eb-423a-9c6f-a6a211823312", + "title": "Web Filter Event", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "22c41a77-09ac-4255-a77b-6e6448c23e3e", + "index_pattern_ref_name": "metrics_cfd425f6-490d-4441-a9bb-9f2e2f2810d8_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "## **Session Stats**\r\n\r\n**Source Bytes**: {{ sum_of_source_bytes.last.formatted }} \r\n**Destination Bytes**: {{ sum_of_destination_bytes.last.formatted }} \r\n**Total Bytes**: {{ sum_of_network_bytes.last.formatted }}\r\n\r\n**Event Start**: {{ event_start.event_start.last.formatted }} \r\n**Event End**: {{ event_end.event_end.last.formatted }} \r\n**Event Duration**: {{ event_duration.event_duration.last.formatted }}", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "bb5df788-45d2-4a09-b09a-8500e65cd076", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "d632ed63-76df-45e5-af16-5f0e24c53f2b", + "type": "sum" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "7e318530-fcb8-11ed-96c3-19c8ffbdf749", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "destination.packets", + "id": "7e318531-fcb8-11ed-96c3-19c8ffbdf749", + "type": "sum" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "90503130-fcb8-11ed-96c3-19c8ffbdf749", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "network.bytes", + "id": "90503131-fcb8-11ed-96c3-19c8ffbdf749", + "type": "sum" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "ad7dacb0-fcb8-11ed-96c3-19c8ffbdf749", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "ad7dacb1-fcb8-11ed-96c3-19c8ffbdf749", + "type": "sum" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "7e1a8510-fd58-11ed-96c3-19c8ffbdf749", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "source.packets", + "id": "7e1a8511-fd58-11ed-96c3-19c8ffbdf749", + "type": "sum" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "84653860-1dbb-11ee-929a-75d69d4337ae", + "label": "Event Start", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.start", + "id": "84653861-1dbb-11ee-929a-75d69d4337ae", + "order": "desc", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "event_start" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "95e07870-1dbb-11ee-929a-75d69d4337ae", + "label": "Event End", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "event.end", + "id": "95e07871-1dbb-11ee-929a-75d69d4337ae", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "var_name": "event_end" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "ns,m,", + "id": "a7454a50-1dbb-11ee-929a-75d69d4337ae", + "label": "Event Duration", + "line_width": 1, + "metrics": [ + { + "agg_with": "sum", + "field": "event.duration", + "id": "a7454a51-1dbb-11ee-929a-75d69d4337ae", + "order": "desc", + "order_by": "@timestamp", + "type": "top_hit" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "value_template": "{{value}}m", + "var_name": "event_duration" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 13, + "i": "cfd425f6-490d-4441-a9bb-9f2e2f2810d8", + "w": 11, + "x": 0, + "y": 24 + }, + "panelIndex": "cfd425f6-490d-4441-a9bb-9f2e2f2810d8", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": [ + "http_request", + "http_response" + ], + "type": "phrases", + "value": [ + "http_request", + "http_response" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.provider": "http_request" + } + }, + { + "match_phrase": { + "event.provider": "http_response" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "hide_last_value_indicator": true, + "id": "6dc7c92c-bf5e-4e2a-9f4f-7cc0b801b21f", + "index_pattern_ref_name": "metrics_7c0ae717-7718-4c13-8fd5-44d1b5298d0c_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "## **HTTP Request and Response**\r\n\r\n{{#each _all}}{{#with request_method}}**Request Method**: {{../label}} {{/with}}{{/each}}\r\n{{#each _all}}{{#with domain}}**Domain**: {{../label}} {{/with}}{{/each}}\r\n{{#each _all}}{{#with url_full}}**Full URL**: {{../label}} {{/with}}{{/each}}", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "7d317080-1d08-11ee-a9ff-dbf27d603ad7", + "label": "Request Methos", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "http.request.method", + "id": "7d317081-1d08-11ee-a9ff-dbf27d603ad7", + "order": "desc", + "order_by": "@timestamp", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "terms", + "stacked": "none", + "terms_direction": "asc", + "terms_field": "http.request.method", + "terms_order_by": "_key", + "terms_size": "1", + "time_range_mode": "entire_time_range", + "var_name": "request_method" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e7223370-1d0e-11ee-a9ff-dbf27d603ad7", + "label": "Domain", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "url.domain", + "id": "e7223371-1d0e-11ee-a9ff-dbf27d603ad7", + "order": "desc", + "order_by": "@timestamp", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "terms", + "stacked": "none", + "terms_direction": "asc", + "terms_field": "url.domain", + "terms_order_by": "_key", + "terms_size": "1", + "var_name": "domain" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "3cff8e00-1d0f-11ee-a9ff-dbf27d603ad7", + "label": "URL Full", + "line_width": 1, + "metrics": [ + { + "agg_with": "concat", + "field": "url.full", + "id": "3cff8e01-1d0f-11ee-a9ff-dbf27d603ad7", + "order": "desc", + "order_by": "@timestamp", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "terms", + "stacked": "none", + "terms_direction": "asc", + "terms_field": "url.full", + "terms_order_by": "_key", + "terms_size": "1", + "var_name": "url_full" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 13, + "i": "7c0ae717-7718-4c13-8fd5-44d1b5298d0c", + "w": 15, + "x": 11, + "y": 24 + }, + "panelIndex": "7c0ae717-7718-4c13-8fd5-44d1b5298d0c", + "title": "", + "type": "visualization", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Session Details", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T16:31:51.704Z", + "id": "arista_ngfw-3565dc44-1886-49aa-b8d3-523623e605dc", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "356f4076-1ab5-436d-96ec-37685a934dda:metrics_356f4076-1ab5-436d-96ec-37685a934dda_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "766a84ae-bf77-4a3f-9643-bf73f62b89ff:panel_766a84ae-bf77-4a3f-9643-bf73f62b89ff", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "de4a0b18-afa4-483b-806d-0503e8f2a13c:indexpattern-datasource-layer-122a6dbe-1bda-4f24-96e4-54a7613f0712", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "de4a0b18-afa4-483b-806d-0503e8f2a13c:b8780b16-a001-434e-8917-c09197a07fd1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9601818c-30cf-482d-95bd-6ce54df917b3:layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9601818c-30cf-482d-95bd-6ce54df917b3:layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9601818c-30cf-482d-95bd-6ce54df917b3:layer_4_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f15fef8-dd3e-49b1-a249-f35d721055f8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f15fef8-dd3e-49b1-a249-f35d721055f8:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f15fef8-dd3e-49b1-a249-f35d721055f8:metrics_7f15fef8-dd3e-49b1-a249-f35d721055f8_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c48934a-65eb-423a-9c6f-a6a211823312:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c48934a-65eb-423a-9c6f-a6a211823312:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c48934a-65eb-423a-9c6f-a6a211823312:metrics_2c48934a-65eb-423a-9c6f-a6a211823312_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfd425f6-490d-4441-a9bb-9f2e2f2810d8:metrics_cfd425f6-490d-4441-a9bb-9f2e2f2810d8_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c0ae717-7718-4c13-8fd5-44d1b5298d0c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c0ae717-7718-4c13-8fd5-44d1b5298d0c:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c0ae717-7718-4c13-8fd5-44d1b5298d0c:metrics_7c0ae717-7718-4c13-8fd5-44d1b5298d0c_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-86b139ff-92ab-4aae-b0d8-c33e3be132f1.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-86b139ff-92ab-4aae-b0d8-c33e3be132f1.json new file mode 100755 index 000000000000..9408405714eb --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-86b139ff-92ab-4aae-b0d8-c33e3be132f1.json @@ -0,0 +1,1640 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "9ab5040f-5420-4df8-863d-afbd8580c113", + "index_pattern_ref_name": "metrics_46483360-7445-4357-9ff7-2cb0a5e4ef1c_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Overview", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "ebdf0123-2a70-47b7-a06a-e3a357d81808", + "line_width": 1, + "metrics": [ + { + "id": "1a98632b-92ec-4f5e-a9f7-473f5e997b22", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "46483360-7445-4357-9ff7-2cb0a5e4ef1c", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "46483360-7445-4357-9ff7-2cb0a5e4ef1c", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "c2554352-eea0-4700-9ba6-2691f2ae94ac", + "index_pattern_ref_name": "metrics_06ba3c7b-f57d-461b-93d4-d4c83fe74aa0_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "[Overview](../app/dashboards#/view/51382020-6741-11eb-b333-cb90b929b738 \"Overview\") |\r\n[System Stats](../app/dashboards#/view/17c354c0-7305-11eb-b4a0-ed827f692401 \"System Stats\") |\r\n[Interface Stats](../app/dashboards#/view/de0ed4f0-8431-11eb-ac0a-c960059865e0 \"Interface Stats\")\r\n\r\n---", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "2c6eb237-23c6-49e3-91d5-c0fe0a22b74b", + "line_width": 1, + "metrics": [ + { + "id": "2b6e96ad-1dfa-4729-b631-65c9277eb6b4", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "06ba3c7b-f57d-461b-93d4-d4c83fe74aa0", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "06ba3c7b-f57d-461b-93d4-d4c83fe74aa0", + "panelRefName": "panel_06ba3c7b-f57d-461b-93d4-d4c83fe74aa0", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f76ddf35-e99b-4452-9c22-24723cbc8676", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1eccedbe-963f-46fc-ad41-4c7346d2b37a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f76ddf35-e99b-4452-9c22-24723cbc8676": { + "columnOrder": [ + "62f1f022-c13d-42a1-9b04-c26bc20897f5" + ], + "columns": { + "62f1f022-c13d-42a1-9b04-c26bc20897f5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "1eccedbe-963f-46fc-ad41-4c7346d2b37a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "62f1f022-c13d-42a1-9b04-c26bc20897f5", + "layerId": "f76ddf35-e99b-4452-9c22-24723cbc8676", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 14, + "i": "3757c773-459e-42fb-b15b-91b4ed1a3725", + "w": 10, + "x": 0, + "y": 8 + }, + "panelIndex": "3757c773-459e-42fb-b15b-91b4ed1a3725", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f76ddf35-e99b-4452-9c22-24723cbc8676", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "81871e8f-616b-4bf4-b57b-cd825ee6561a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f76ddf35-e99b-4452-9c22-24723cbc8676": { + "columnOrder": [ + "62f1f022-c13d-42a1-9b04-c26bc20897f5" + ], + "columns": { + "62f1f022-c13d-42a1-9b04-c26bc20897f5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Session Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "81871e8f-616b-4bf4-b57b-cd825ee6561a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "62f1f022-c13d-42a1-9b04-c26bc20897f5", + "layerId": "f76ddf35-e99b-4452-9c22-24723cbc8676", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 14, + "i": "9f44595f-1be7-401a-94b7-532b4fef9e43", + "w": 10, + "x": 10, + "y": 8 + }, + "panelIndex": "9f44595f-1be7-401a-94b7-532b4fef9e43", + "title": "", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-893c6839-cdb2-4a15-b622-c7d1270b3f53", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6bfe653-28d3-48b1-9c24-fd47215b45f6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "893c6839-cdb2-4a15-b622-c7d1270b3f53": { + "columnOrder": [ + "84c75f82-c605-460f-8a69-3187bd982b04", + "99bf0f11-ac23-41e9-9546-cc8b04e9da25", + "8b8ef7ee-5119-46c8-978e-e7bffe228d08" + ], + "columns": { + "84c75f82-c605-460f-8a69-3187bd982b04": { + "dataType": "string", + "isBucketed": true, + "label": "Top 50 values of event.provider", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "8b8ef7ee-5119-46c8-978e-e7bffe228d08", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 50 + }, + "scale": "ordinal", + "sourceField": "event.provider" + }, + "8b8ef7ee-5119-46c8-978e-e7bffe228d08": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99bf0f11-ac23-41e9-9546-cc8b04e9da25": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "e6bfe653-28d3-48b1-9c24-fd47215b45f6", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "emphasizeFitting": true, + "endValue": "Zero", + "fittingFunction": "Zero", + "layers": [ + { + "accessors": [ + "8b8ef7ee-5119-46c8-978e-e7bffe228d08" + ], + "layerId": "893c6839-cdb2-4a15-b622-c7d1270b3f53", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "84c75f82-c605-460f-8a69-3187bd982b04", + "xAccessor": "99bf0f11-ac23-41e9-9546-cc8b04e9da25" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "showSingleSeries": true + }, + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "a95c987e-df8e-496c-95be-6c75cb844039", + "w": 28, + "x": 20, + "y": 8 + }, + "panelIndex": "a95c987e-df8e-496c-95be-6c75cb844039", + "title": "Events by Provider Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-097fa67e-6297-4bf3-840b-e6bfc98b5855", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e66b59ac-d52a-44a5-abe8-38a79a955f9b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "097fa67e-6297-4bf3-840b-e6bfc98b5855": { + "columnOrder": [ + "7c4622d2-6fd0-43e8-b695-6a8b9132380e", + "71530de3-0521-4152-b655-df0112a29c5f" + ], + "columns": { + "71530de3-0521-4152-b655-df0112a29c5f": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7c4622d2-6fd0-43e8-b695-6a8b9132380e": { + "dataType": "string", + "isBucketed": true, + "label": "Top 50 values of event.provider", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "71530de3-0521-4152-b655-df0112a29c5f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 50 + }, + "scale": "ordinal", + "sourceField": "event.provider" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "e66b59ac-d52a-44a5-abe8-38a79a955f9b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "097fa67e-6297-4bf3-840b-e6bfc98b5855", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "large", + "metrics": [ + "71530de3-0521-4152-b655-df0112a29c5f" + ], + "nestedLegend": false, + "numberDisplay": "value", + "primaryGroups": [ + "7c4622d2-6fd0-43e8-b695-6a8b9132380e" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "7aea52d7-3533-46c2-9eaa-fa6c38b46e43", + "w": 12, + "x": 0, + "y": 22 + }, + "panelIndex": "7aea52d7-3533-46c2-9eaa-fa6c38b46e43", + "title": "Events by Provider", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d7f27c78-7a88-47d3-93ee-13c192446ebe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfdf7b6b-c7ad-43d1-ab4d-13a63e337b7c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d7f27c78-7a88-47d3-93ee-13c192446ebe": { + "columnOrder": [ + "867f9d03-32a3-42b5-ad21-57e863a381ed", + "657d8034-e9fc-4526-aa7c-74ef5cabe376" + ], + "columns": { + "657d8034-e9fc-4526-aa7c-74ef5cabe376": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "867f9d03-32a3-42b5-ad21-57e863a381ed": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.outcome", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "657d8034-e9fc-4526-aa7c-74ef5cabe376", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "cfdf7b6b-c7ad-43d1-ab4d-13a63e337b7c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "d7f27c78-7a88-47d3-93ee-13c192446ebe", + "layerType": "data", + "legendDisplay": "show", + "metrics": [ + "657d8034-e9fc-4526-aa7c-74ef5cabe376" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "867f9d03-32a3-42b5-ad21-57e863a381ed" + ] + } + ], + "palette": { + "name": "status", + "type": "palette" + }, + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "0b5e3b17-09d0-4141-b297-2610769fd4e8", + "w": 12, + "x": 12, + "y": 22 + }, + "panelIndex": "0b5e3b17-09d0-4141-b297-2610769fd4e8", + "title": "Events by Outcome", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ded63539-13f8-4cdb-9be3-30837ad3ff4d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70669ccf-a6f0-4395-9673-a89766de6d96", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ded63539-13f8-4cdb-9be3-30837ad3ff4d": { + "columnOrder": [ + "9844ac72-6713-48fa-bfd5-079e88c1692e", + "93c94660-6e0d-4ecb-917a-e41a081d0723" + ], + "columns": { + "93c94660-6e0d-4ecb-917a-e41a081d0723": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "9844ac72-6713-48fa-bfd5-079e88c1692e": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of source.geo.country_name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "93c94660-6e0d-4ecb-917a-e41a081d0723", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "70669ccf-a6f0-4395-9673-a89766de6d96", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "ded63539-13f8-4cdb-9be3-30837ad3ff4d", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "large", + "metrics": [ + "93c94660-6e0d-4ecb-917a-e41a081d0723" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "9844ac72-6713-48fa-bfd5-079e88c1692e" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "6072cd1b-0d40-467a-8e2c-1913d977e9b4", + "w": 12, + "x": 24, + "y": 22 + }, + "panelIndex": "6072cd1b-0d40-467a-8e2c-1913d977e9b4", + "title": "Events by Top 10 Source Countries", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-10ac4cf7-06bf-4dfa-a8b9-c28d7a0da432", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62e6c3f3-2394-4cd2-9e37-54603e9baac0", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "10ac4cf7-06bf-4dfa-a8b9-c28d7a0da432": { + "columnOrder": [ + "24db4d10-c16c-48b6-85cd-f9bd81d13c89", + "3dd9093c-aa30-4965-9e9a-d033e84bfac9" + ], + "columns": { + "24db4d10-c16c-48b6-85cd-f9bd81d13c89": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of destination.geo.country_name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "3dd9093c-aa30-4965-9e9a-d033e84bfac9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + }, + "3dd9093c-aa30-4965-9e9a-d033e84bfac9": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "62e6c3f3-2394-4cd2-9e37-54603e9baac0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "10ac4cf7-06bf-4dfa-a8b9-c28d7a0da432", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "large", + "metrics": [ + "3dd9093c-aa30-4965-9e9a-d033e84bfac9" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "24db4d10-c16c-48b6-85cd-f9bd81d13c89" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "abdf321e-f638-4027-9d0a-6f30dddead7d", + "w": 12, + "x": 36, + "y": 22 + }, + "panelIndex": "abdf321e-f638-4027-9d0a-6f30dddead7d", + "title": "Events by Top 10 Destination Countries", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "layerListJSON": "[{\"locale\":\"autoselect\",\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6d75d136-032b-4d3c-b7c0-d9e6e555abdb\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"EMS_VECTOR_TILE\",\"color\":\"\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"id\":\"f7b967b2-16b2-4bfd-8055-56582c71af20\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":10,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"id\":\"ec7dec9b-853f-400a-8a7b-047da8221fd0\",\"label\":\"Connecting Lines\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.25,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"scalingType\":\"CLUSTERS\",\"id\":\"06b8ea49-eed3-4a87-b80e-3fc9b966dd18\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"e40d58a1-9dab-4f86-b388-53120b8266a1\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#4379aa\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"scalingType\":\"CLUSTERS\",\"id\":\"3124c3a4-116a-43ac-8e24-70e9767c8d90\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"filterByMapBounds\":true,\"tooltipProperties\":[],\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"beb16b38-fb95-4d6a-952e-8fe33d33a568\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"circle\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelPosition\":{\"options\":{\"position\":\"CENTER\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"disableTooltips\":false}]", + "mapStateJSON": "{\"adHocDataViews\":[],\"zoom\":0.87,\"center\":{\"lon\":14.4084,\"lat\":0},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":10000},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"field\":\"data_stream.dataset\",\"params\":{\"query\":\"arista_ngfw.log\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"arista_ngfw.log\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"logs-*\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"session_stats\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.provider\":\"session_stats\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#1d1e24\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"keydownScrollZoom\":false,\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_3_source_index_pattern", + "type": "index-pattern" + } + ], + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 16.05837, + "lon": 14.4084, + "zoom": 0.85 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 23, + "i": "7ad01a5f-15f0-4d22-8156-82351af9fca9", + "w": 24, + "x": 0, + "y": 38 + }, + "panelIndex": "7ad01a5f-15f0-4d22-8156-82351af9fca9", + "title": "Events by Source to Destination GeoLocation", + "type": "map", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-457510a0-5bd4-4bf0-8f0f-53e563e72d21", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a84ad04a-dd2f-4595-8e38-55c1f37a331f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "457510a0-5bd4-4bf0-8f0f-53e563e72d21": { + "columnOrder": [ + "2b6474fc-b7e2-4095-a804-8d1e490173b4", + "43346539-98b8-4ef7-bb74-18018b1c8226" + ], + "columns": { + "2b6474fc-b7e2-4095-a804-8d1e490173b4": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "43346539-98b8-4ef7-bb74-18018b1c8226", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "43346539-98b8-4ef7-bb74-18018b1c8226": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "a84ad04a-dd2f-4595-8e38-55c1f37a331f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "43346539-98b8-4ef7-bb74-18018b1c8226" + }, + { + "alignment": "left", + "columnId": "2b6474fc-b7e2-4095-a804-8d1e490173b4", + "width": 213 + } + ], + "headerRowHeight": "single", + "layerId": "457510a0-5bd4-4bf0-8f0f-53e563e72d21", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Events by Source IP (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 23, + "i": "6a44c2ec-c65c-410b-9be7-a91352dd8606", + "w": 12, + "x": 24, + "y": 38 + }, + "panelIndex": "6a44c2ec-c65c-410b-9be7-a91352dd8606", + "title": "Events by Source IP", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4bed4a67-ec71-4d88-b729-7dca6ef51b93", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fdf68188-7eba-468e-81ef-5db288964932", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "4bed4a67-ec71-4d88-b729-7dca6ef51b93": { + "columnOrder": [ + "f35379cc-f71c-4977-81c9-734d44d1b564", + "f21f8c00-dfc4-4647-bc87-80f48ee5f4d4" + ], + "columns": { + "f21f8c00-dfc4-4647-bc87-80f48ee5f4d4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f35379cc-f71c-4977-81c9-734d44d1b564": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "f21f8c00-dfc4-4647-bc87-80f48ee5f4d4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "fdf68188-7eba-468e-81ef-5db288964932", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "f21f8c00-dfc4-4647-bc87-80f48ee5f4d4" + }, + { + "alignment": "left", + "columnId": "f35379cc-f71c-4977-81c9-734d44d1b564", + "width": 163 + } + ], + "headerRowHeight": "single", + "layerId": "4bed4a67-ec71-4d88-b729-7dca6ef51b93", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Events by Destination IP (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 23, + "i": "47c1a22f-6ed2-47cb-8c44-aea85d112724", + "w": 12, + "x": 36, + "y": 38 + }, + "panelIndex": "47c1a22f-6ed2-47cb-8c44-aea85d112724", + "title": "Events by Destination IP", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "rowsPerPage": 10 + }, + "gridData": { + "h": 40, + "i": "5b82c617-893f-4860-8334-03383695292c", + "w": 48, + "x": 0, + "y": 61 + }, + "panelIndex": "5b82c617-893f-4860-8334-03383695292c", + "panelRefName": "panel_5b82c617-893f-4860-8334-03383695292c", + "type": "search", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Overview", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-86b139ff-92ab-4aae-b0d8-c33e3be132f1", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "46483360-7445-4357-9ff7-2cb0a5e4ef1c:metrics_46483360-7445-4357-9ff7-2cb0a5e4ef1c_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "06ba3c7b-f57d-461b-93d4-d4c83fe74aa0:panel_06ba3c7b-f57d-461b-93d4-d4c83fe74aa0", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "06ba3c7b-f57d-461b-93d4-d4c83fe74aa0:metrics_06ba3c7b-f57d-461b-93d4-d4c83fe74aa0_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3757c773-459e-42fb-b15b-91b4ed1a3725:indexpattern-datasource-layer-f76ddf35-e99b-4452-9c22-24723cbc8676", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3757c773-459e-42fb-b15b-91b4ed1a3725:1eccedbe-963f-46fc-ad41-4c7346d2b37a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9f44595f-1be7-401a-94b7-532b4fef9e43:indexpattern-datasource-layer-f76ddf35-e99b-4452-9c22-24723cbc8676", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9f44595f-1be7-401a-94b7-532b4fef9e43:81871e8f-616b-4bf4-b57b-cd825ee6561a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a95c987e-df8e-496c-95be-6c75cb844039:indexpattern-datasource-layer-893c6839-cdb2-4a15-b622-c7d1270b3f53", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a95c987e-df8e-496c-95be-6c75cb844039:e6bfe653-28d3-48b1-9c24-fd47215b45f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7aea52d7-3533-46c2-9eaa-fa6c38b46e43:indexpattern-datasource-layer-097fa67e-6297-4bf3-840b-e6bfc98b5855", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7aea52d7-3533-46c2-9eaa-fa6c38b46e43:e66b59ac-d52a-44a5-abe8-38a79a955f9b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0b5e3b17-09d0-4141-b297-2610769fd4e8:indexpattern-datasource-layer-d7f27c78-7a88-47d3-93ee-13c192446ebe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0b5e3b17-09d0-4141-b297-2610769fd4e8:cfdf7b6b-c7ad-43d1-ab4d-13a63e337b7c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6072cd1b-0d40-467a-8e2c-1913d977e9b4:indexpattern-datasource-layer-ded63539-13f8-4cdb-9be3-30837ad3ff4d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6072cd1b-0d40-467a-8e2c-1913d977e9b4:70669ccf-a6f0-4395-9673-a89766de6d96", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "abdf321e-f638-4027-9d0a-6f30dddead7d:indexpattern-datasource-layer-10ac4cf7-06bf-4dfa-a8b9-c28d7a0da432", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "abdf321e-f638-4027-9d0a-6f30dddead7d:62e6c3f3-2394-4cd2-9e37-54603e9baac0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7ad01a5f-15f0-4d22-8156-82351af9fca9:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7ad01a5f-15f0-4d22-8156-82351af9fca9:layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7ad01a5f-15f0-4d22-8156-82351af9fca9:layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6a44c2ec-c65c-410b-9be7-a91352dd8606:indexpattern-datasource-layer-457510a0-5bd4-4bf0-8f0f-53e563e72d21", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6a44c2ec-c65c-410b-9be7-a91352dd8606:a84ad04a-dd2f-4595-8e38-55c1f37a331f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "47c1a22f-6ed2-47cb-8c44-aea85d112724:indexpattern-datasource-layer-4bed4a67-ec71-4d88-b729-7dca6ef51b93", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "47c1a22f-6ed2-47cb-8c44-aea85d112724:fdf68188-7eba-468e-81ef-5db288964932", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-da69ba6a-8008-4b1c-9fa9-fde67de3d129", + "name": "5b82c617-893f-4860-8334-03383695292c:panel_5b82c617-893f-4860-8334-03383695292c", + "type": "search" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-93596b63-d808-4a2f-9cbf-d0e9c4003079.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-93596b63-d808-4a2f-9cbf-d0e9c4003079.json new file mode 100755 index 000000000000..4611404ea0e0 --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-93596b63-d808-4a2f-9cbf-d0e9c4003079.json @@ -0,0 +1,1742 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "b8e04e4c-5141-49a0-b3c8-55a6fcd49858", + "index_pattern_ref_name": "metrics_513a13cd-cd86-40c1-8d12-302d32335eee_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall System Stats", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "af51fe83-c458-4b00-9021-da60d17b7f6f", + "line_width": 1, + "metrics": [ + { + "id": "fcd6c74f-e81a-4a3a-b26e-b9471c0d3d03", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "513a13cd-cd86-40c1-8d12-302d32335eee", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "513a13cd-cd86-40c1-8d12-302d32335eee", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "fe499443-4a08-41f3-b36e-ae3c2328aa00", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "fe499443-4a08-41f3-b36e-ae3c2328aa00", + "panelRefName": "panel_fe499443-4a08-41f3-b36e-ae3c2328aa00", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0775fe66-3a99-4220-9862-2d33dc3a2ae1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8027efee-fc6b-4adc-960c-0dd852c4a81f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1841255b-e942-44e5-8c1e-9bee0511f5af", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0775fe66-3a99-4220-9862-2d33dc3a2ae1": { + "columnOrder": [ + "565fc943-b841-413c-8dac-c83128a06123", + "6e523e77-35e4-422e-91b3-9347a88101e2", + "b5a9cc1f-27a2-4b1e-9e56-794ee8933cfd" + ], + "columns": { + "565fc943-b841-413c-8dac-c83128a06123": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "b5a9cc1f-27a2-4b1e-9e56-794ee8933cfd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + }, + "6e523e77-35e4-422e-91b3-9347a88101e2": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "b5a9cc1f-27a2-4b1e-9e56-794ee8933cfd": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.cpu.total.pct: *" + }, + "isBucketed": false, + "label": "CPU Usage %", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.cpu.total.pct" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "8027efee-fc6b-4adc-960c-0dd852c4a81f", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "1841255b-e942-44e5-8c1e-9bee0511f5af", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "b5a9cc1f-27a2-4b1e-9e56-794ee8933cfd" + ], + "isHistogram": true, + "layerId": "0775fe66-3a99-4220-9862-2d33dc3a2ae1", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "565fc943-b841-413c-8dac-c83128a06123", + "xAccessor": "6e523e77-35e4-422e-91b3-9347a88101e2", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "color": "#00a69b", + "forAccessor": "b5a9cc1f-27a2-4b1e-9e56-794ee8933cfd" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear", + "yTitle": "CPU Usage %" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "f54808fc-ade1-43ff-8175-b64bba69388b", + "w": 24, + "x": 0, + "y": 8 + }, + "panelIndex": "f54808fc-ade1-43ff-8175-b64bba69388b", + "title": "CPU Usage Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a14f999-6d2a-4cfb-b995-b7ea75991cc0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2f016fcf-54b3-4767-a3a7-07cbe6da9407", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0a23cb8a-7796-46cf-a04d-26a409f2d85c": { + "columnOrder": [ + "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f", + "5fb57a14-12e3-4c5d-a005-9d9db8598da2", + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + ], + "columns": { + "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "b21687f5-a27c-4dc7-b15f-51a4e7b44c39", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + }, + "5fb57a14-12e3-4c5d-a005-9d9db8598da2": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.memory.used.pct: *" + }, + "isBucketed": false, + "label": "Memory Usage %", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.memory.used.pct" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "9a14f999-6d2a-4cfb-b995-b7ea75991cc0", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "2f016fcf-54b3-4767-a3a7-07cbe6da9407", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + ], + "isHistogram": true, + "layerId": "0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f", + "xAccessor": "5fb57a14-12e3-4c5d-a005-9d9db8598da2", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "forAccessor": "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear", + "yTitle": "Memory Usage %" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "4d5a34f4-231f-437b-831b-ea46931e0215", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "4d5a34f4-231f-437b-831b-ea46931e0215", + "title": "Memory Usage Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e41ae6c-7cb0-4d24-86c3-0a43b0b0e2b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bdc8a5c6-8542-4d6f-b084-afb283a8f0e4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f84c3fa1-d9f2-463b-a705-4437b35a050d": { + "columnOrder": [ + "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "9f296684-f691-4b63-a4c1-c443f8947200", + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "columns": { + "2b51294b-32f0-466a-8477-6609c283b859": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.cpu.load.15: *" + }, + "isBucketed": false, + "label": "CPU 15m Load", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.cpu.load.15" + }, + "9f296684-f691-4b63-a4c1-c443f8947200": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e6cf2691-1e66-4b7f-9437-de552b96dc27": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "2b51294b-32f0-466a-8477-6609c283b859", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "8e41ae6c-7cb0-4d24-86c3-0a43b0b0e2b0", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "bdc8a5c6-8542-4d6f-b084-afb283a8f0e4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "isHistogram": true, + "layerId": "f84c3fa1-d9f2-463b-a705-4437b35a050d", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "xAccessor": "9f296684-f691-4b63-a4c1-c443f8947200", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "forAccessor": "2b51294b-32f0-466a-8477-6609c283b859" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "cd5af2d7-3cc7-4488-9c83-75c253256b48", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "cd5af2d7-3cc7-4488-9c83-75c253256b48", + "title": "CPU Load (15m) Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c1b9b05-f460-4b9e-9738-d50832f9813b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6a9ed8e1-8881-4f1f-8041-e31f06c0c866", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0a23cb8a-7796-46cf-a04d-26a409f2d85c": { + "columnOrder": [ + "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f", + "5fb57a14-12e3-4c5d-a005-9d9db8598da2", + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + ], + "columns": { + "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "b21687f5-a27c-4dc7-b15f-51a4e7b44c39", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + }, + "5fb57a14-12e3-4c5d-a005-9d9db8598da2": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.memory.swap.used.pct: *" + }, + "isBucketed": false, + "label": "Swap Usage %", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.memory.swap.used.pct" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "2c1b9b05-f460-4b9e-9738-d50832f9813b", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "6a9ed8e1-8881-4f1f-8041-e31f06c0c866", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + ], + "isHistogram": true, + "layerId": "0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "4ef58cd8-cccd-45a3-8cb9-ecad42fa444f", + "xAccessor": "5fb57a14-12e3-4c5d-a005-9d9db8598da2", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "forAccessor": "b21687f5-a27c-4dc7-b15f-51a4e7b44c39" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "17b3b886-69f9-4ba5-bc07-c8b4392d5bf9", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "17b3b886-69f9-4ba5-bc07-c8b4392d5bf9", + "title": "Swap Usage Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b08c674-0879-404f-ab2f-37c8f0afca25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6879b866-66c8-48e9-96bc-06f277e8216d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f84c3fa1-d9f2-463b-a705-4437b35a050d": { + "columnOrder": [ + "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "9f296684-f691-4b63-a4c1-c443f8947200", + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "columns": { + "2b51294b-32f0-466a-8477-6609c283b859": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.hosts.active: *" + }, + "isBucketed": false, + "label": "Active Hosts", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.hosts.active" + }, + "9f296684-f691-4b63-a4c1-c443f8947200": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e6cf2691-1e66-4b7f-9437-de552b96dc27": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "2b51294b-32f0-466a-8477-6609c283b859", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "5b08c674-0879-404f-ab2f-37c8f0afca25", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "6879b866-66c8-48e9-96bc-06f277e8216d", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "isHistogram": true, + "layerId": "f84c3fa1-d9f2-463b-a705-4437b35a050d", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "xAccessor": "9f296684-f691-4b63-a4c1-c443f8947200", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "forAccessor": "2b51294b-32f0-466a-8477-6609c283b859" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "a4ea96ed-cbc0-479a-ab91-b9602e613463", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "a4ea96ed-cbc0-479a-ab91-b9602e613463", + "title": "Active Hosts Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a9a2af0a-9f39-4ad1-a0b8-aabb6359acf4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "94597802-06f1-4ab9-8405-af383e4d6800", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f84c3fa1-d9f2-463b-a705-4437b35a050d": { + "columnOrder": [ + "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "9f296684-f691-4b63-a4c1-c443f8947200", + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "columns": { + "2b51294b-32f0-466a-8477-6609c283b859": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.disk.used.pct: *" + }, + "isBucketed": false, + "label": "Disk Usage %", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.disk.used.pct" + }, + "9f296684-f691-4b63-a4c1-c443f8947200": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e6cf2691-1e66-4b7f-9437-de552b96dc27": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of log.syslog.hostname", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "2b51294b-32f0-466a-8477-6609c283b859", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.syslog.hostname" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "a9a2af0a-9f39-4ad1-a0b8-aabb6359acf4", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "94597802-06f1-4ab9-8405-af383e4d6800", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "Zero", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": false + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": -90 + }, + "layers": [ + { + "accessors": [ + "2b51294b-32f0-466a-8477-6609c283b859" + ], + "isHistogram": true, + "layerId": "f84c3fa1-d9f2-463b-a705-4437b35a050d", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesType": "area", + "simpleView": false, + "splitAccessor": "e6cf2691-1e66-4b7f-9437-de552b96dc27", + "xAccessor": "9f296684-f691-4b63-a4c1-c443f8947200", + "xScaleType": "time", + "yConfig": [ + { + "axisMode": "left", + "forAccessor": "2b51294b-32f0-466a-8477-6609c283b859" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "showCurrentTimeMarker": true, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true, + "yLeftExtent": { + "enforce": true, + "mode": "full" + }, + "yLeftScale": "linear", + "yRightScale": "linear" + } + }, + "title": "Area visualization (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "a0bfa5c6-8d25-47f0-9614-fe5083abc137", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "a0bfa5c6-8d25-47f0-9614-fe5083abc137", + "title": "Disk Usage Over Time", + "type": "lens", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall System Stats", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-93596b63-d808-4a2f-9cbf-d0e9c4003079", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "513a13cd-cd86-40c1-8d12-302d32335eee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "513a13cd-cd86-40c1-8d12-302d32335eee:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "513a13cd-cd86-40c1-8d12-302d32335eee:metrics_513a13cd-cd86-40c1-8d12-302d32335eee_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "fe499443-4a08-41f3-b36e-ae3c2328aa00:panel_fe499443-4a08-41f3-b36e-ae3c2328aa00", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "f54808fc-ade1-43ff-8175-b64bba69388b:indexpattern-datasource-layer-0775fe66-3a99-4220-9862-2d33dc3a2ae1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f54808fc-ade1-43ff-8175-b64bba69388b:8027efee-fc6b-4adc-960c-0dd852c4a81f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f54808fc-ade1-43ff-8175-b64bba69388b:1841255b-e942-44e5-8c1e-9bee0511f5af", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d5a34f4-231f-437b-831b-ea46931e0215:indexpattern-datasource-layer-0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d5a34f4-231f-437b-831b-ea46931e0215:9a14f999-6d2a-4cfb-b995-b7ea75991cc0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d5a34f4-231f-437b-831b-ea46931e0215:2f016fcf-54b3-4767-a3a7-07cbe6da9407", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cd5af2d7-3cc7-4488-9c83-75c253256b48:indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cd5af2d7-3cc7-4488-9c83-75c253256b48:8e41ae6c-7cb0-4d24-86c3-0a43b0b0e2b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cd5af2d7-3cc7-4488-9c83-75c253256b48:bdc8a5c6-8542-4d6f-b084-afb283a8f0e4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17b3b886-69f9-4ba5-bc07-c8b4392d5bf9:indexpattern-datasource-layer-0a23cb8a-7796-46cf-a04d-26a409f2d85c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17b3b886-69f9-4ba5-bc07-c8b4392d5bf9:2c1b9b05-f460-4b9e-9738-d50832f9813b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17b3b886-69f9-4ba5-bc07-c8b4392d5bf9:6a9ed8e1-8881-4f1f-8041-e31f06c0c866", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4ea96ed-cbc0-479a-ab91-b9602e613463:indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4ea96ed-cbc0-479a-ab91-b9602e613463:5b08c674-0879-404f-ab2f-37c8f0afca25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4ea96ed-cbc0-479a-ab91-b9602e613463:6879b866-66c8-48e9-96bc-06f277e8216d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a0bfa5c6-8d25-47f0-9614-fe5083abc137:indexpattern-datasource-layer-f84c3fa1-d9f2-463b-a705-4437b35a050d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a0bfa5c6-8d25-47f0-9614-fe5083abc137:a9a2af0a-9f39-4ad1-a0b8-aabb6359acf4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a0bfa5c6-8d25-47f0-9614-fe5083abc137:94597802-06f1-4ab9-8405-af383e4d6800", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-a4bb8521-b9d4-4d33-be52-b4ccefb2eee1.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-a4bb8521-b9d4-4d33-be52-b4ccefb2eee1.json new file mode 100755 index 000000000000..5a8ea735e6db --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-a4bb8521-b9d4-4d33-be52-b4ccefb2eee1.json @@ -0,0 +1,1621 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "2111d7ac-82ad-4409-9017-c476c5d830d3", + "index_pattern_ref_name": "metrics_286f60d6-1083-4e00-a379-0ae17d1821ae_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Interface Stats", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "10f95645-0bf9-44a0-8fdb-8765d49a3c96", + "line_width": 1, + "metrics": [ + { + "id": "bc65db3f-df25-40ea-a936-1c72e2f4c6e7", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "286f60d6-1083-4e00-a379-0ae17d1821ae", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "286f60d6-1083-4e00-a379-0ae17d1821ae", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "1f5f847c-687f-4930-8cab-33aa1886e4ad", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "1f5f847c-687f-4930-8cab-33aa1886e4ad", + "panelRefName": "panel_1f5f847c-687f-4930-8cab-33aa1886e4ad", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15f169ed-7a04-4f1b-9a3a-357fcc5c40d7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4799b540-cb9d-4e62-8d29-1b9e644c6ec3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96b58bdc-5e69-4cbb-bd94-b03175ac6b6a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "322ddd4b-f140-4e79-a34b-3af23f2a970a": { + "columnOrder": [ + "3543888a-3452-4980-9997-ae395f8da031" + ], + "columns": { + "3543888a-3452-4980-9997-ae395f8da031": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.received.rate: *" + }, + "isBucketed": false, + "label": "Interface 1 Total Ingress", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "arista.received.bytes" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "15f169ed-7a04-4f1b-9a3a-357fcc5c40d7", + "key": "event.provider", + "negate": false, + "params": { + "query": "interface_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "interface_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "4799b540-cb9d-4e62-8d29-1b9e644c6ec3", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "96b58bdc-5e69-4cbb-bd94-b03175ac6b6a", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "1" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "3543888a-3452-4980-9997-ae395f8da031", + "layerId": "322ddd4b-f140-4e79-a34b-3af23f2a970a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "Metric visualization (converted)", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 12, + "i": "f4fe6fad-969c-48ae-988a-1e4d3daebce1", + "w": 10, + "x": 0, + "y": 8 + }, + "panelIndex": "f4fe6fad-969c-48ae-988a-1e4d3daebce1", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "19563978-278c-4369-beec-2793d9f21322", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ac3b57f2-8f9b-4e62-8306-c4c00698bc5b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce346c78-17a6-4d34-b2ab-5d5ebf1d023e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "322ddd4b-f140-4e79-a34b-3af23f2a970a": { + "columnOrder": [ + "3543888a-3452-4980-9997-ae395f8da031" + ], + "columns": { + "3543888a-3452-4980-9997-ae395f8da031": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.transmitted.bytes: *" + }, + "isBucketed": false, + "label": "Interface 1 Total Egress", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "arista.transmitted.bytes" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "19563978-278c-4369-beec-2793d9f21322", + "key": "event.provider", + "negate": false, + "params": { + "query": "interface_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "interface_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "ac3b57f2-8f9b-4e62-8306-c4c00698bc5b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "ce346c78-17a6-4d34-b2ab-5d5ebf1d023e", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "1" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "3543888a-3452-4980-9997-ae395f8da031", + "layerId": "322ddd4b-f140-4e79-a34b-3af23f2a970a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "Metric visualization (converted)", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 12, + "i": "df528998-6336-448d-ae78-2b4d3ff07d08", + "w": 10, + "x": 10, + "y": 8 + }, + "panelIndex": "df528998-6336-448d-ae78-2b4d3ff07d08", + "title": "", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0592b96b-3d24-49ef-bcaa-756c887433d8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1a01f503-aee1-4fcb-84f8-8340e3b1437f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae9a5b89-dc2a-45c1-9a37-96faf9a0731e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6efb44a1-d5d3-4028-8b80-3d13d02e114b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0592b96b-3d24-49ef-bcaa-756c887433d8": { + "columnOrder": [ + "869fdbdd-6cc3-460f-8789-ec22a091b4ff", + "b5cf227f-c9d1-4453-9447-86dd11127458" + ], + "columns": { + "869fdbdd-6cc3-460f-8789-ec22a091b4ff": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "b5cf227f-c9d1-4453-9447-86dd11127458": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.received.rate: *" + }, + "isBucketed": false, + "label": "Inbound", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.received.rate" + } + }, + "incompleteColumns": {} + }, + "1a01f503-aee1-4fcb-84f8-8340e3b1437f": { + "columnOrder": [ + "9e90a05a-b62f-4def-aafe-7faf23c89d81", + "6f6863de-cd52-4095-9f35-ab4dc5242900", + "6f6863de-cd52-4095-9f35-ab4dc5242900X1", + "6f6863de-cd52-4095-9f35-ab4dc5242900X0" + ], + "columns": { + "6f6863de-cd52-4095-9f35-ab4dc5242900": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Outbound", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2, + "suffix": "/s" + } + }, + "formula": "last_value(arista.transmitted.rate) *-1", + "isFormulaBroken": false + }, + "references": [ + "6f6863de-cd52-4095-9f35-ab4dc5242900X1" + ], + "scale": "ratio" + }, + "6f6863de-cd52-4095-9f35-ab4dc5242900X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.transmitted.rate: *" + }, + "isBucketed": false, + "label": "Part of last_value(arista.transmitted.rate) *-1", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.transmitted.rate" + }, + "6f6863de-cd52-4095-9f35-ab4dc5242900X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of last_value(arista.transmitted.rate) *-1", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "6f6863de-cd52-4095-9f35-ab4dc5242900X0", + -1 + ], + "location": { + "max": 39, + "min": 0 + }, + "name": "multiply", + "text": "last_value(arista.transmitted.rate) *-1", + "type": "function" + } + }, + "references": [ + "6f6863de-cd52-4095-9f35-ab4dc5242900X0" + ], + "scale": "ratio" + }, + "9e90a05a-b62f-4def-aafe-7faf23c89d81": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "ae9a5b89-dc2a-45c1-9a37-96faf9a0731e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "6efb44a1-d5d3-4028-8b80-3d13d02e114b", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "1" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fillOpacity": 1, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "b5cf227f-c9d1-4453-9447-86dd11127458" + ], + "layerId": "0592b96b-3d24-49ef-bcaa-756c887433d8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "xAccessor": "869fdbdd-6cc3-460f-8789-ec22a091b4ff", + "yConfig": [ + { + "axisMode": "left", + "color": "rgba(0,156,224,1)", + "forAccessor": "b5cf227f-c9d1-4453-9447-86dd11127458" + } + ] + }, + { + "accessors": [ + "6f6863de-cd52-4095-9f35-ab4dc5242900" + ], + "layerId": "1a01f503-aee1-4fcb-84f8-8340e3b1437f", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "xAccessor": "9e90a05a-b62f-4def-aafe-7faf23c89d81", + "yConfig": [ + { + "axisMode": "left", + "color": "rgba(250,40,255,1)", + "forAccessor": "6f6863de-cd52-4095-9f35-ab4dc5242900" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yRightExtent": { + "mode": "full" + }, + "yRightScale": "linear" + } + }, + "title": "Interface 1 Transfer Rates Over Time (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4", + "w": 28, + "x": 20, + "y": 8 + }, + "panelIndex": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4", + "title": "Interface 1 Transfer Rates Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "67e611e2-a819-45e7-824c-0a111dd961b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84c59cdc-eb4f-4e54-8e65-5ffa117f0abc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "156cdde8-22a1-446e-81d3-34eb1fcf4752", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "322ddd4b-f140-4e79-a34b-3af23f2a970a": { + "columnOrder": [ + "3543888a-3452-4980-9997-ae395f8da031" + ], + "columns": { + "3543888a-3452-4980-9997-ae395f8da031": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.received.rate: *" + }, + "isBucketed": false, + "label": "Interface 2 Total Ingress", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "arista.received.bytes" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "67e611e2-a819-45e7-824c-0a111dd961b2", + "key": "event.provider", + "negate": false, + "params": { + "query": "interface_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "interface_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "84c59cdc-eb4f-4e54-8e65-5ffa117f0abc", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "156cdde8-22a1-446e-81d3-34eb1fcf4752", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "2" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "3543888a-3452-4980-9997-ae395f8da031", + "layerId": "322ddd4b-f140-4e79-a34b-3af23f2a970a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "Metric visualization (converted)", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 12, + "i": "420d70a9-f86f-4188-a245-fcc233049d43", + "w": 10, + "x": 0, + "y": 20 + }, + "panelIndex": "420d70a9-f86f-4188-a245-fcc233049d43", + "title": "", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e0a0127-abd7-428f-9f12-fa959a718827", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "313c3600-8a79-49e3-a878-e06efade31f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "48f52fd3-0cfe-4990-9878-b7989b2fc520", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "322ddd4b-f140-4e79-a34b-3af23f2a970a": { + "columnOrder": [ + "3543888a-3452-4980-9997-ae395f8da031" + ], + "columns": { + "3543888a-3452-4980-9997-ae395f8da031": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.received.rate: *" + }, + "isBucketed": false, + "label": "Interface 2 Total Egress", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "arista.transmitted.bytes" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "9e0a0127-abd7-428f-9f12-fa959a718827", + "key": "event.provider", + "negate": false, + "params": { + "query": "interface_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "interface_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "313c3600-8a79-49e3-a878-e06efade31f6", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "48f52fd3-0cfe-4990-9878-b7989b2fc520", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "2" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "3543888a-3452-4980-9997-ae395f8da031", + "layerId": "322ddd4b-f140-4e79-a34b-3af23f2a970a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "Metric visualization (converted)", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 12, + "i": "3dbe76bb-85d7-4217-930d-7ff0d186aa96", + "w": 10, + "x": 10, + "y": 20 + }, + "panelIndex": "3dbe76bb-85d7-4217-930d-7ff0d186aa96", + "title": "", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1eb70fb9-b6dc-44ef-90d1-e5039fcdfe87", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8b3567b8-7445-4972-ab3e-2541788dbead", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5dd1b237-9222-450c-a2c1-f257d2f80fcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c6da2a36-d711-4179-bf97-740b521f4b86", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "1eb70fb9-b6dc-44ef-90d1-e5039fcdfe87": { + "columnOrder": [ + "5d93f15f-6ddb-4fb3-90fa-165cc9c38189", + "8355e79b-c0b3-418e-9d91-08179b032c0e" + ], + "columns": { + "5d93f15f-6ddb-4fb3-90fa-165cc9c38189": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "8355e79b-c0b3-418e-9d91-08179b032c0e": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.received.rate: *" + }, + "isBucketed": false, + "label": "Inbound", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.received.rate" + } + }, + "incompleteColumns": {} + }, + "8b3567b8-7445-4972-ab3e-2541788dbead": { + "columnOrder": [ + "df0721d4-a810-43ff-a853-dd332365a1a3", + "0c5de4a3-3903-46fb-8fc4-88d204d7626a", + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX1", + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX0" + ], + "columns": { + "0c5de4a3-3903-46fb-8fc4-88d204d7626a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Outbound", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2, + "suffix": "/s" + } + }, + "formula": "last_value(arista.transmitted.rate) *-1", + "isFormulaBroken": false + }, + "references": [ + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX1" + ], + "scale": "ratio" + }, + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "arista.transmitted.rate: *" + }, + "isBucketed": false, + "label": "Part of last_value(arista.transmitted.rate) *-1", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "arista.transmitted.rate" + }, + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of last_value(arista.transmitted.rate) *-1", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX0", + -1 + ], + "location": { + "max": 39, + "min": 0 + }, + "name": "multiply", + "text": "last_value(arista.transmitted.rate) *-1", + "type": "function" + } + }, + "references": [ + "0c5de4a3-3903-46fb-8fc4-88d204d7626aX0" + ], + "scale": "ratio" + }, + "df0721d4-a810-43ff-a853-dd332365a1a3": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "5dd1b237-9222-450c-a2c1-f257d2f80fcb", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "arista.interface.id", + "index": "c6da2a36-d711-4179-bf97-740b521f4b86", + "key": "arista.interface.id", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "arista.interface.id": "2" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fillOpacity": 1, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "8355e79b-c0b3-418e-9d91-08179b032c0e" + ], + "layerId": "1eb70fb9-b6dc-44ef-90d1-e5039fcdfe87", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "xAccessor": "5d93f15f-6ddb-4fb3-90fa-165cc9c38189", + "yConfig": [ + { + "axisMode": "left", + "color": "rgba(0,156,224,1)", + "forAccessor": "8355e79b-c0b3-418e-9d91-08179b032c0e" + } + ] + }, + { + "accessors": [ + "0c5de4a3-3903-46fb-8fc4-88d204d7626a" + ], + "layerId": "8b3567b8-7445-4972-ab3e-2541788dbead", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "xAccessor": "df0721d4-a810-43ff-a853-dd332365a1a3", + "yConfig": [ + { + "axisMode": "left", + "color": "rgba(250,40,255,1)", + "forAccessor": "0c5de4a3-3903-46fb-8fc4-88d204d7626a" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yRightExtent": { + "mode": "full" + }, + "yRightScale": "linear" + } + }, + "title": "Interface 2 Transfer Rates Over Time (converted)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46", + "w": 28, + "x": 20, + "y": 20 + }, + "panelIndex": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46", + "title": "Interface 2 Transfer Rates Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "rowsPerPage": 10 + }, + "gridData": { + "h": 40, + "i": "8f660f1e-ca08-4dc1-bed3-dccc38d1b453", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "8f660f1e-ca08-4dc1-bed3-dccc38d1b453", + "panelRefName": "panel_8f660f1e-ca08-4dc1-bed3-dccc38d1b453", + "type": "search", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Interface Stats", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-a4bb8521-b9d4-4d33-be52-b4ccefb2eee1", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "286f60d6-1083-4e00-a379-0ae17d1821ae:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "286f60d6-1083-4e00-a379-0ae17d1821ae:metrics_286f60d6-1083-4e00-a379-0ae17d1821ae_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "1f5f847c-687f-4930-8cab-33aa1886e4ad:panel_1f5f847c-687f-4930-8cab-33aa1886e4ad", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "f4fe6fad-969c-48ae-988a-1e4d3daebce1:indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f4fe6fad-969c-48ae-988a-1e4d3daebce1:15f169ed-7a04-4f1b-9a3a-357fcc5c40d7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f4fe6fad-969c-48ae-988a-1e4d3daebce1:4799b540-cb9d-4e62-8d29-1b9e644c6ec3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f4fe6fad-969c-48ae-988a-1e4d3daebce1:96b58bdc-5e69-4cbb-bd94-b03175ac6b6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "df528998-6336-448d-ae78-2b4d3ff07d08:indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "df528998-6336-448d-ae78-2b4d3ff07d08:19563978-278c-4369-beec-2793d9f21322", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "df528998-6336-448d-ae78-2b4d3ff07d08:ac3b57f2-8f9b-4e62-8306-c4c00698bc5b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "df528998-6336-448d-ae78-2b4d3ff07d08:ce346c78-17a6-4d34-b2ab-5d5ebf1d023e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4:indexpattern-datasource-layer-0592b96b-3d24-49ef-bcaa-756c887433d8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4:indexpattern-datasource-layer-1a01f503-aee1-4fcb-84f8-8340e3b1437f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4:ae9a5b89-dc2a-45c1-9a37-96faf9a0731e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff88ac8b-6dcc-4317-8c6c-d9e08ad646e4:6efb44a1-d5d3-4028-8b80-3d13d02e114b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "420d70a9-f86f-4188-a245-fcc233049d43:indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "420d70a9-f86f-4188-a245-fcc233049d43:67e611e2-a819-45e7-824c-0a111dd961b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "420d70a9-f86f-4188-a245-fcc233049d43:84c59cdc-eb4f-4e54-8e65-5ffa117f0abc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "420d70a9-f86f-4188-a245-fcc233049d43:156cdde8-22a1-446e-81d3-34eb1fcf4752", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbe76bb-85d7-4217-930d-7ff0d186aa96:indexpattern-datasource-layer-322ddd4b-f140-4e79-a34b-3af23f2a970a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbe76bb-85d7-4217-930d-7ff0d186aa96:9e0a0127-abd7-428f-9f12-fa959a718827", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbe76bb-85d7-4217-930d-7ff0d186aa96:313c3600-8a79-49e3-a878-e06efade31f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbe76bb-85d7-4217-930d-7ff0d186aa96:48f52fd3-0cfe-4990-9878-b7989b2fc520", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46:indexpattern-datasource-layer-1eb70fb9-b6dc-44ef-90d1-e5039fcdfe87", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46:indexpattern-datasource-layer-8b3567b8-7445-4972-ab3e-2541788dbead", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46:5dd1b237-9222-450c-a2c1-f257d2f80fcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce2faba3-1b99-46d0-ae1b-42a6c80ffe46:c6da2a36-d711-4179-bf97-740b521f4b86", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-746674eb-991f-47d4-a42b-b7b205db4b9b", + "name": "8f660f1e-ca08-4dc1-bed3-dccc38d1b453:panel_8f660f1e-ca08-4dc1-bed3-dccc38d1b453", + "type": "search" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/dashboard/arista_ngfw-c61b1eb0-1cf7-11ee-b346-5b9e0073e798.json b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-c61b1eb0-1cf7-11ee-b346-5b9e0073e798.json new file mode 100755 index 000000000000..df690718f9ac --- /dev/null +++ b/packages/arista_ngfw/kibana/dashboard/arista_ngfw-c61b1eb0-1cf7-11ee-b346-5b9e0073e798.json @@ -0,0 +1,1988 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "76c493f0-de5e-434c-b406-ea8c08f5512a", + "index_pattern_ref_name": "metrics_7700004f-0599-4910-abc0-c6c8be117df4_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "# Arista NG Firewall Web Filter", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "6992401a-a143-404b-bc83-34d5ac6e86fd", + "line_width": 1, + "metrics": [ + { + "id": "69ff148e-2ecf-4f10-9911-03b5f55b05ed", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "7700004f-0599-4910-abc0-c6c8be117df4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "7700004f-0599-4910-abc0-c6c8be117df4", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 4, + "i": "65c63de5-1bdf-4954-9107-16e250839192", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "65c63de5-1bdf-4954-9107-16e250839192", + "panelRefName": "panel_65c63de5-1bdf-4954-9107-16e250839192", + "type": "visualization", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5498e011-07df-4b91-9c7e-d77f42c60534", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a787665a-692d-4826-907f-0b7f1babc8ae", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ef040a70-7bc8-4e70-8921-789680704c1b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5498e011-07df-4b91-9c7e-d77f42c60534": { + "columnOrder": [ + "21aef9f7-ba14-4026-97ec-b74b081d0cca" + ], + "columns": { + "21aef9f7-ba14-4026-97ec-b74b081d0cca": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Web Filter Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "a787665a-692d-4826-907f-0b7f1babc8ae", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "ef040a70-7bc8-4e70-8921-789680704c1b", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "21aef9f7-ba14-4026-97ec-b74b081d0cca", + "layerId": "5498e011-07df-4b91-9c7e-d77f42c60534", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "5825db72-84cd-4330-b5ae-d59defd28226", + "w": 8, + "x": 0, + "y": 8 + }, + "panelIndex": "5825db72-84cd-4330-b5ae-d59defd28226", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2ad4af1-44cf-4dbd-8f11-02f856cada4e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "64049bdf-7184-48f0-81d6-253acf08c88e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b476fb4-8a20-4bed-b7c4-8046659e684f": { + "columnOrder": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402", + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "columns": { + "cb358963-a91e-487e-88f0-5e3ae85b5402": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.type", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [ + "allowed", + "denied" + ], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e9320e24-27a1-4a2d-af27-92360eb39c0e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.type" + }, + "e9320e24-27a1-4a2d-af27-92360eb39c0e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "d2ad4af1-44cf-4dbd-8f11-02f856cada4e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "64049bdf-7184-48f0-81d6-253acf08c88e", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "2b476fb4-8a20-4bed-b7c4-8046659e684f", + "layerType": "data", + "legendDisplay": "show", + "metrics": [ + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "1c5929fe-5f60-4a79-80d5-96f92545bede", + "w": 9, + "x": 8, + "y": 8 + }, + "panelIndex": "1c5929fe-5f60-4a79-80d5-96f92545bede", + "title": "Events by Type", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "601b3dd6-56c1-41e3-abe2-fc9188627604", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5bfe8105-5d5d-4856-a57e-f8e3c543e5c1", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b476fb4-8a20-4bed-b7c4-8046659e684f": { + "columnOrder": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402", + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "columns": { + "cb358963-a91e-487e-88f0-5e3ae85b5402": { + "dataType": "boolean", + "isBucketed": true, + "label": "Top 5 values of arista.flagged", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e9320e24-27a1-4a2d-af27-92360eb39c0e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "arista.flagged" + }, + "e9320e24-27a1-4a2d-af27-92360eb39c0e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "601b3dd6-56c1-41e3-abe2-fc9188627604", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "5bfe8105-5d5d-4856-a57e-f8e3c543e5c1", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "2b476fb4-8a20-4bed-b7c4-8046659e684f", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "small", + "metrics": [ + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "d675e4ba-85b7-4bb7-9f75-d521ce18555c", + "w": 9, + "x": 17, + "y": 8 + }, + "panelIndex": "d675e4ba-85b7-4bb7-9f75-d521ce18555c", + "title": "Events by Flagged Status", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d06349f0-657b-48ae-a6cd-a463d2a1c9af", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "47dbc75d-b36c-41bb-9369-201c58d2b8dd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "510964b1-2f45-4132-a8e8-84df01251cd5", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d06349f0-657b-48ae-a6cd-a463d2a1c9af": { + "columnOrder": [ + "d2309567-ba47-4035-bfdc-7fc1c1b83719", + "8039686d-d8c4-4740-b88f-ea8e2c0cd9f0" + ], + "columns": { + "8039686d-d8c4-4740-b88f-ea8e2c0cd9f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d2309567-ba47-4035-bfdc-7fc1c1b83719": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "47dbc75d-b36c-41bb-9369-201c58d2b8dd", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "510964b1-2f45-4132-a8e8-84df01251cd5", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "emphasizeFitting": true, + "fittingFunction": "Zero", + "layers": [ + { + "accessors": [ + "8039686d-d8c4-4740-b88f-ea8e2c0cd9f0" + ], + "layerId": "d06349f0-657b-48ae-a6cd-a463d2a1c9af", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "xAccessor": "d2309567-ba47-4035-bfdc-7fc1c1b83719" + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": true + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "f7c98fc0-6b20-4544-8a93-4bce6fb27c9e", + "w": 22, + "x": 26, + "y": 8 + }, + "panelIndex": "f7c98fc0-6b20-4544-8a93-4bce6fb27c9e", + "title": "Web Filter Events Over Time", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4d615f6a-37d8-44d4-9453-036ce4b2a13c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "89881d0e-2e15-4c94-840d-3243419012a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fae1a4d0-d6e8-4437-8d62-5f98a75590b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "4d615f6a-37d8-44d4-9453-036ce4b2a13c": { + "columnOrder": [ + "2eeacff4-85be-4539-81d9-0e0235c1870c" + ], + "columns": { + "2eeacff4-85be-4539-81d9-0e0235c1870c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Domains", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "url.domain" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "89881d0e-2e15-4c94-840d-3243419012a8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "fae1a4d0-d6e8-4437-8d62-5f98a75590b9", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "2eeacff4-85be-4539-81d9-0e0235c1870c", + "layerId": "4d615f6a-37d8-44d4-9453-036ce4b2a13c", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 8, + "i": "06edac84-cd95-4121-bcc6-91a5e620a67e", + "w": 8, + "x": 0, + "y": 16 + }, + "panelIndex": "06edac84-cd95-4121-bcc6-91a5e620a67e", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce0ee3d4-16b3-4931-9e9b-8d0bf2b67e6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0d15d7b-b14d-47b2-aab9-d527f2991647", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b476fb4-8a20-4bed-b7c4-8046659e684f": { + "columnOrder": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402", + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "columns": { + "cb358963-a91e-487e-88f0-5e3ae85b5402": { + "dataType": "boolean", + "isBucketed": true, + "label": "Top 5 values of arista.bypassed", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e9320e24-27a1-4a2d-af27-92360eb39c0e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "arista.bypassed" + }, + "e9320e24-27a1-4a2d-af27-92360eb39c0e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "ce0ee3d4-16b3-4931-9e9b-8d0bf2b67e6a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "d0d15d7b-b14d-47b2-aab9-d527f2991647", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "2b476fb4-8a20-4bed-b7c4-8046659e684f", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "small", + "metrics": [ + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "6203cb94-7b2b-49df-a1ca-a3e9802b8d6a", + "w": 8, + "x": 0, + "y": 24 + }, + "panelIndex": "6203cb94-7b2b-49df-a1ca-a3e9802b8d6a", + "title": "Events by Bypassed Status", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9d01b36d-0e56-4855-a682-c68b1e09302a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dec2c3e3-419f-47a2-a48c-0b425431b06e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b476fb4-8a20-4bed-b7c4-8046659e684f": { + "columnOrder": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402", + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "columns": { + "cb358963-a91e-487e-88f0-5e3ae85b5402": { + "dataType": "boolean", + "isBucketed": true, + "label": "Top 5 values of arista.entitled", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "e9320e24-27a1-4a2d-af27-92360eb39c0e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "arista.entitled" + }, + "e9320e24-27a1-4a2d-af27-92360eb39c0e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "9d01b36d-0e56-4855-a682-c68b1e09302a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "dec2c3e3-419f-47a2-a48c-0b425431b06e", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "2b476fb4-8a20-4bed-b7c4-8046659e684f", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "small", + "metrics": [ + "e9320e24-27a1-4a2d-af27-92360eb39c0e" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "cb358963-a91e-487e-88f0-5e3ae85b5402" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "d2effb65-1328-478d-a42f-747604629712", + "w": 8, + "x": 8, + "y": 24 + }, + "panelIndex": "d2effb65-1328-478d-a42f-747604629712", + "title": "Events by Entitled Status", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-470a6182-e4fa-40b8-90c5-b0716f8f4f90", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2d514a46-39b9-4c9a-ba26-2005693752c2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d3f41c84-6b18-4386-bbc6-e24f861bcbc9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "470a6182-e4fa-40b8-90c5-b0716f8f4f90": { + "columnOrder": [ + "0a132e33-f574-41cc-b634-f5b6ea045861", + "3ab7a012-578a-46a5-9e5a-cc7c313f107d" + ], + "columns": { + "0a132e33-f574-41cc-b634-f5b6ea045861": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of rule.category", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "3ab7a012-578a-46a5-9e5a-cc7c313f107d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.category" + }, + "3ab7a012-578a-46a5-9e5a-cc7c313f107d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "2d514a46-39b9-4c9a-ba26-2005693752c2", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "index": "d3f41c84-6b18-4386-bbc6-e24f861bcbc9", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "470a6182-e4fa-40b8-90c5-b0716f8f4f90", + "layerType": "data", + "legendDisplay": "show", + "legendSize": "xlarge", + "metrics": [ + "3ab7a012-578a-46a5-9e5a-cc7c313f107d" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "0a132e33-f574-41cc-b634-f5b6ea045861" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "7d4bf2a9-cdc9-4e43-a6a0-8de5ea1b0d4b", + "w": 14, + "x": 16, + "y": 24 + }, + "panelIndex": "7d4bf2a9-cdc9-4e43-a6a0-8de5ea1b0d4b", + "title": "Top 10 Rule Categories", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dcb1c263-5fba-4518-9ddc-d57f350699e0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f5bd3b9-f138-4ff8-9e15-912d70afcc07", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85b09d6d-2ed8-4e1e-9e77-7674cd8fef95", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "dcb1c263-5fba-4518-9ddc-d57f350699e0": { + "columnOrder": [ + "78b8f14e-15d8-4531-847d-4ce88673716f", + "226bd387-992f-4c74-9e65-a836431ef200" + ], + "columns": { + "226bd387-992f-4c74-9e65-a836431ef200": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "78b8f14e-15d8-4531-847d-4ce88673716f": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "226bd387-992f-4c74-9e65-a836431ef200", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "7f5bd3b9-f138-4ff8-9e15-912d70afcc07", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "85b09d6d-2ed8-4e1e-9e77-7674cd8fef95", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "226bd387-992f-4c74-9e65-a836431ef200" + }, + { + "alignment": "left", + "columnId": "78b8f14e-15d8-4531-847d-4ce88673716f" + } + ], + "headerRowHeight": "single", + "layerId": "dcb1c263-5fba-4518-9ddc-d57f350699e0", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Top 500 Source IPs (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "2b655b2f-9a1a-4920-a504-fdc3ca08a4b5", + "w": 9, + "x": 30, + "y": 24 + }, + "panelIndex": "2b655b2f-9a1a-4920-a504-fdc3ca08a4b5", + "title": "Top 500 Source IPs", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b0596012-2539-404c-ad17-5c2c051a5a80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "096dc0c5-4b27-4395-a0d3-8306fd65a580", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5d729e86-877a-4c5c-9312-594ff15c6d1f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "b0596012-2539-404c-ad17-5c2c051a5a80": { + "columnOrder": [ + "681f0b70-8292-4710-89c9-1b554da0d355", + "6d43d3d3-f4db-43e5-b46a-a371f9fee7bb" + ], + "columns": { + "681f0b70-8292-4710-89c9-1b554da0d355": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Domain", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "6d43d3d3-f4db-43e5-b46a-a371f9fee7bb", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 500 + }, + "scale": "ordinal", + "sourceField": "url.domain" + }, + "6d43d3d3-f4db-43e5-b46a-a371f9fee7bb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "096dc0c5-4b27-4395-a0d3-8306fd65a580", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5d729e86-877a-4c5c-9312-594ff15c6d1f", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "6d43d3d3-f4db-43e5-b46a-a371f9fee7bb" + }, + { + "alignment": "left", + "columnId": "681f0b70-8292-4710-89c9-1b554da0d355" + } + ], + "headerRowHeight": "single", + "layerId": "b0596012-2539-404c-ad17-5c2c051a5a80", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "single" + } + }, + "title": "Top 500 Domains (converted)", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "3a9de004-e607-4f19-9a54-2aee68922858", + "w": 9, + "x": 39, + "y": 24 + }, + "panelIndex": "3a9de004-e607-4f19-9a54-2aee68922858", + "title": "Top 500 Domains", + "type": "lens", + "version": "8.8.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "rowsPerPage": 10 + }, + "gridData": { + "h": 40, + "i": "6304b295-b049-4e9b-8123-dc30a7d8bf24", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "6304b295-b049-4e9b-8123-dc30a7d8bf24", + "panelRefName": "panel_6304b295-b049-4e9b-8123-dc30a7d8bf24", + "type": "search", + "version": "8.8.1" + } + ], + "timeRestore": false, + "title": "Arista NG Firewall Web Filter", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-c61b1eb0-1cf7-11ee-b346-5b9e0073e798", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "7700004f-0599-4910-abc0-c6c8be117df4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7700004f-0599-4910-abc0-c6c8be117df4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7700004f-0599-4910-abc0-c6c8be117df4:metrics_7700004f-0599-4910-abc0-c6c8be117df4_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "name": "65c63de5-1bdf-4954-9107-16e250839192:panel_65c63de5-1bdf-4954-9107-16e250839192", + "type": "visualization" + }, + { + "id": "logs-*", + "name": "5825db72-84cd-4330-b5ae-d59defd28226:indexpattern-datasource-layer-5498e011-07df-4b91-9c7e-d77f42c60534", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5825db72-84cd-4330-b5ae-d59defd28226:a787665a-692d-4826-907f-0b7f1babc8ae", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5825db72-84cd-4330-b5ae-d59defd28226:ef040a70-7bc8-4e70-8921-789680704c1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c5929fe-5f60-4a79-80d5-96f92545bede:indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c5929fe-5f60-4a79-80d5-96f92545bede:d2ad4af1-44cf-4dbd-8f11-02f856cada4e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c5929fe-5f60-4a79-80d5-96f92545bede:64049bdf-7184-48f0-81d6-253acf08c88e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d675e4ba-85b7-4bb7-9f75-d521ce18555c:indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d675e4ba-85b7-4bb7-9f75-d521ce18555c:601b3dd6-56c1-41e3-abe2-fc9188627604", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d675e4ba-85b7-4bb7-9f75-d521ce18555c:5bfe8105-5d5d-4856-a57e-f8e3c543e5c1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c98fc0-6b20-4544-8a93-4bce6fb27c9e:indexpattern-datasource-layer-d06349f0-657b-48ae-a6cd-a463d2a1c9af", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c98fc0-6b20-4544-8a93-4bce6fb27c9e:47dbc75d-b36c-41bb-9369-201c58d2b8dd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c98fc0-6b20-4544-8a93-4bce6fb27c9e:510964b1-2f45-4132-a8e8-84df01251cd5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06edac84-cd95-4121-bcc6-91a5e620a67e:indexpattern-datasource-layer-4d615f6a-37d8-44d4-9453-036ce4b2a13c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06edac84-cd95-4121-bcc6-91a5e620a67e:89881d0e-2e15-4c94-840d-3243419012a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06edac84-cd95-4121-bcc6-91a5e620a67e:fae1a4d0-d6e8-4437-8d62-5f98a75590b9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6203cb94-7b2b-49df-a1ca-a3e9802b8d6a:indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6203cb94-7b2b-49df-a1ca-a3e9802b8d6a:ce0ee3d4-16b3-4931-9e9b-8d0bf2b67e6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6203cb94-7b2b-49df-a1ca-a3e9802b8d6a:d0d15d7b-b14d-47b2-aab9-d527f2991647", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2effb65-1328-478d-a42f-747604629712:indexpattern-datasource-layer-2b476fb4-8a20-4bed-b7c4-8046659e684f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2effb65-1328-478d-a42f-747604629712:9d01b36d-0e56-4855-a682-c68b1e09302a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2effb65-1328-478d-a42f-747604629712:dec2c3e3-419f-47a2-a48c-0b425431b06e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7d4bf2a9-cdc9-4e43-a6a0-8de5ea1b0d4b:indexpattern-datasource-layer-470a6182-e4fa-40b8-90c5-b0716f8f4f90", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7d4bf2a9-cdc9-4e43-a6a0-8de5ea1b0d4b:2d514a46-39b9-4c9a-ba26-2005693752c2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7d4bf2a9-cdc9-4e43-a6a0-8de5ea1b0d4b:d3f41c84-6b18-4386-bbc6-e24f861bcbc9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b655b2f-9a1a-4920-a504-fdc3ca08a4b5:indexpattern-datasource-layer-dcb1c263-5fba-4518-9ddc-d57f350699e0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b655b2f-9a1a-4920-a504-fdc3ca08a4b5:7f5bd3b9-f138-4ff8-9e15-912d70afcc07", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b655b2f-9a1a-4920-a504-fdc3ca08a4b5:85b09d6d-2ed8-4e1e-9e77-7674cd8fef95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3a9de004-e607-4f19-9a54-2aee68922858:indexpattern-datasource-layer-b0596012-2539-404c-ad17-5c2c051a5a80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3a9de004-e607-4f19-9a54-2aee68922858:096dc0c5-4b27-4395-a0d3-8306fd65a580", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3a9de004-e607-4f19-9a54-2aee68922858:5d729e86-877a-4c5c-9312-594ff15c6d1f", + "type": "index-pattern" + }, + { + "id": "arista_ngfw-b0ca4590-1cf7-11ee-b346-5b9e0073e798", + "name": "6304b295-b049-4e9b-8123-dc30a7d8bf24:panel_6304b295-b049-4e9b-8123-dc30a7d8bf24", + "type": "search" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-6cf3b505-142c-436a-9625-97800660e36f.json b/packages/arista_ngfw/kibana/search/arista_ngfw-6cf3b505-142c-436a-9625-97800660e36f.json new file mode 100755 index 000000000000..6352c1a3b4d6 --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-6cf3b505-142c-436a-9625-97800660e36f.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "columns": [ + "log.syslog.hostname", + "source.ip", + "destination.ip", + "network.direction", + "event.type", + "rule.ruleset", + "rule.name" + ], + "description": "", + "grid": { + "columns": { + "destination.ip": { + "width": 137 + }, + "log.syslog.hostname": { + "width": 163 + }, + "network.direction": { + "width": 161 + }, + "rule.name": { + "width": 736 + }, + "rule.ruleset": { + "width": 140 + }, + "source.domain": { + "width": 205 + }, + "source.geo.country_name": { + "width": 193 + }, + "source.ip": { + "width": 124 + } + } + }, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "intrusion_prevention" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "intrusion_prevention" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall Intrusion Prevention Events", + "usesAdHocDataView": false + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-6cf3b505-142c-436a-9625-97800660e36f", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "7.9.3" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-746674eb-991f-47d4-a42b-b7b205db4b9b.json b/packages/arista_ngfw/kibana/search/arista_ngfw-746674eb-991f-47d4-a42b-b7b205db4b9b.json new file mode 100755 index 000000000000..78f944be425b --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-746674eb-991f-47d4-a42b-b7b205db4b9b.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "columns": [ + "log.syslog.hostname", + "arista.interface.id", + "arista.received.bytes", + "arista.received.rate", + "arista.transmitted.bytes", + "arista.transmitted.rate" + ], + "description": "", + "grid": { + "columns": { + "system.network.out.rate": { + "width": 266 + } + } + }, + "hideChart": false, + "hits": 0, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "interface_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "interface_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall Interface Stats Events", + "usesAdHocDataView": false, + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-746674eb-991f-47d4-a42b-b7b205db4b9b", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "7.9.3" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-78edcde0-20ee-11ee-8ab3-fb5b73d7bd73.json b/packages/arista_ngfw/kibana/search/arista_ngfw-78edcde0-20ee-11ee-8ab3-fb5b73d7bd73.json new file mode 100755 index 000000000000..b089b2fb28dd --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-78edcde0-20ee-11ee-8ab3-fb5b73d7bd73.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "columns": [ + "log.syslog.hostname", + "event.id", + "source.ip", + "source.nat.ip", + "source.port", + "network.transport", + "network.direction", + "network.bytes", + "destination.nat.ip", + "destination.ip", + "destination.port" + ], + "description": "", + "grid": { + "columns": { + "event.provider": { + "width": 160 + }, + "log.syslog.hostname": { + "width": 180 + } + } + }, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "session_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "session_stats" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall Session Stats Events", + "usesAdHocDataView": false + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-78edcde0-20ee-11ee-8ab3-fb5b73d7bd73", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "7.9.3" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-b0ac29e8-0a25-4f59-a59d-10065bb70af3.json b/packages/arista_ngfw/kibana/search/arista_ngfw-b0ac29e8-0a25-4f59-a59d-10065bb70af3.json new file mode 100755 index 000000000000..8be791bf9978 --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-b0ac29e8-0a25-4f59-a59d-10065bb70af3.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "columns": [ + "log.source.address", + "arista.hosts.active", + "arista.cpu.total.pct", + "arista.disk.used.pct", + "arista.cpu.load.1", + "arista.cpu.load.5", + "arista.cpu.load.15", + "arista.memory.used.pct", + "arista.memory.swap.used.pct" + ], + "description": "", + "grid": { + "columns": { + "system.load.1": { + "width": 123 + }, + "system.memory.used.pct": { + "width": 160 + } + } + }, + "hideChart": false, + "hits": 0, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.provider", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "system_stats" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "system_stats" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall System Stats Events", + "usesAdHocDataView": false, + "version": 1 + }, + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-13T15:33:38.564Z", + "id": "arista_ngfw-b0ac29e8-0a25-4f59-a59d-10065bb70af3", + "migrationVersion": { + "dashboard": "8.7.0" + }, + "originId": "e78ef1f0-72c9-11eb-b5cf-8106349ec517", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-b0ca4590-1cf7-11ee-b346-5b9e0073e798.json b/packages/arista_ngfw/kibana/search/arista_ngfw-b0ca4590-1cf7-11ee-b346-5b9e0073e798.json new file mode 100755 index 000000000000..8244119d2882 --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-b0ca4590-1cf7-11ee-b346-5b9e0073e798.json @@ -0,0 +1,142 @@ +{ + "attributes": { + "columns": [ + "log.syslog.hostname", + "event.id", + "url.full", + "event.outcome", + "rule.category", + "destination.ip", + "destination.port", + "arista.bypassed", + "arista.entitled", + "arista.flagged" + ], + "description": "", + "grid": { + "columns": { + "arista.bypassed": { + "width": 138 + }, + "arista.entitled": { + "width": 130 + }, + "destination.ip": { + "width": 120 + }, + "destination.port": { + "width": 135 + }, + "event.id": { + "width": 128 + }, + "event.original": { + "width": 322 + }, + "event.outcome": { + "width": 123 + }, + "event.provider": { + "width": 128 + }, + "log.syslog.hostname": { + "width": 153 + }, + "rule.category": { + "width": 234 + }, + "url.full": { + "width": 293 + } + } + }, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "web_filter" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "web_filter" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall Web Filter Events", + "usesAdHocDataView": false + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-b0ca4590-1cf7-11ee-b346-5b9e0073e798", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "7.9.3" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/search/arista_ngfw-da69ba6a-8008-4b1c-9fa9-fde67de3d129.json b/packages/arista_ngfw/kibana/search/arista_ngfw-da69ba6a-8008-4b1c-9fa9-fde67de3d129.json new file mode 100755 index 000000000000..734587d5bc1a --- /dev/null +++ b/packages/arista_ngfw/kibana/search/arista_ngfw-da69ba6a-8008-4b1c-9fa9-fde67de3d129.json @@ -0,0 +1,113 @@ +{ + "attributes": { + "columns": [ + "log.syslog.hostname", + "event.id", + "event.provider", + "event.type", + "event.outcome", + "source.ip", + "source.port", + "destination.ip", + "destination.port" + ], + "description": "", + "grid": { + "columns": { + "destination.ip": { + "width": 140 + }, + "destination.port": { + "width": 132 + }, + "event.id": { + "width": 164 + }, + "event.outcome": { + "width": 186 + }, + "event.provider": { + "width": 158 + }, + "event.type": { + "width": 254 + }, + "log.source.address": { + "width": 233 + }, + "source.ip": { + "width": 130 + }, + "source.port": { + "width": 120 + } + } + }, + "hideChart": false, + "hits": 0, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "arista_ngfw.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "arista_ngfw.log" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Arista NG Firewall Raw Events", + "usesAdHocDataView": false, + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-da69ba6a-8008-4b1c-9fa9-fde67de3d129", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "7.9.3" +} \ No newline at end of file diff --git a/packages/arista_ngfw/kibana/visualization/arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3.json b/packages/arista_ngfw/kibana/visualization/arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3.json new file mode 100755 index 000000000000..8a044431ee48 --- /dev/null +++ b/packages/arista_ngfw/kibana/visualization/arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Arista NG Firewall Navigation Bar", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "foo: *" + }, + "hide_last_value_indicator": true, + "id": "c2554352-eea0-4700-9ba6-2691f2ae94ac", + "index_pattern_ref_name": "metrics_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "[Overview](../app/dashboards#/view/arista_ngfw-86b139ff-92ab-4aae-b0d8-c33e3be132f1 \"Arista NG Firewall Events Overview\") | \r\n[Admin Login](../app/dashboards#/view/arista_ngfw-2b026f60-1cf1-11ee-b346-5b9e0073e798 \"Arista NG Firewall Admin Login\") |\r\n[Session Stats](../app/dashboards#/view/arista_ngfw-090e6d40-1dc4-11ee-b346-5b9e0073e798 \"Arista NG Firewall Session Stats\") | \r\n[Web Filter](../app/dashboards#/view/arista_ngfw-c61b1eb0-1cf7-11ee-b346-5b9e0073e798 \"Arista NG Firewall Web Filter\") |\r\n[Intrusion Prevention](../app/dashboards#/view/arista_ngfw-0f3dafe6-c66a-4d1e-a9e9-fa3fb418bfaf \"Arista NG Firewall Intrusion Prevention\") |\r\n[System Stats](../app/dashboards#/view/arista_ngfw-93596b63-d808-4a2f-9cbf-d0e9c4003079 \"Arista NG Firewall System Stats\") |\r\n[Interface Stats](../app/dashboards#/view/arista_ngfw-a4bb8521-b9d4-4d33-be52-b4ccefb2eee1 \"Arista NG Firewall Interface Stats\")\r\n\r\n---", + "markdown_vertical_align": "bottom", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "2c6eb237-23c6-49e3-91d5-c0fe0a22b74b", + "line_width": 1, + "metrics": [ + { + "id": "2b6e96ad-1dfa-4729-b631-65c9277eb6b4", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "last_value", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "Arista NG Firewall Navigation Bar", + "type": "metrics" + } + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-09T15:34:21.806Z", + "id": "arista_ngfw-ffee4a67-2bf6-4c3a-881a-026232d2e8c3", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "metrics_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "typeMigrationVersion": "8.5.0" +} \ No newline at end of file diff --git a/packages/arista_ngfw/manifest.yml b/packages/arista_ngfw/manifest.yml index 75f56d40c85b..a59be201ff37 100755 --- a/packages/arista_ngfw/manifest.yml +++ b/packages/arista_ngfw/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: arista_ngfw title: "Arista NG Firewall" -version: "0.9.0" +version: "0.10.0" source: license: "Elastic-2.0" description: "Collect logs and metrics from Arista NG Firewall." @@ -10,7 +10,7 @@ categories: - network conditions: kibana: - version: "^8.6.2" + version: "^8.10.1" elastic: subscription: "basic" icons: diff --git a/packages/arista_ngfw/validation.yml b/packages/arista_ngfw/validation.yml index a96151416a6c..55687ebf8485 100644 --- a/packages/arista_ngfw/validation.yml +++ b/packages/arista_ngfw/validation.yml @@ -1,3 +1,5 @@ errors: exclude_checks: - SVR00005 # Kibana version for saved tags. + - SVR00004 + - SVR00002