diff --git a/docs/configuration.md b/docs/configuration.md
index 32bd4a3e08c58158e9a493bc094bf7701d797636..cb9290fb8e01ef25d85409ab7114ee586d38f5a4 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -89,6 +89,21 @@ the public-facing DNS zones, if unset it defaults to `ip`
`groups` (optional) is a list of groups that this host should be a
member of.
+`resolver_mode` (optional) controls the desired state of the host's
+*resolv.conf* file. The supported values are:
+
+* *ignore* - do nothing and leave resolv.conf alone
+* *localhost* - use localhost as a resolver, presumably some other
+ role will have installed a DNS cache there
+* *internal:NET* - use the frontend hosts as resolvers, over the
+ specified overlay network named NET
+* *external* - use Google Public DNS.
+
+Note that due to ordering issues it is advised to set the *resolver_mode*
+attribute on hosts only after the first setup is complete, to avoid
+breaking DNS resolution while Ansible is running.
+
+
## Example
An example of a valid inventory file (for a hypotetic Vagrant
@@ -480,6 +495,12 @@ attribute.
*master_election* attribute is also true, the backup job will only be
run on the master host for the service.
+`sharded`: When this attribute is true, the dataset is considered a
+sharded (partitioned) dataset, so float will **not** automatically
+attempt to restore it on new servers: the idea is that for sharded
+datasets, the application layer is responsible for data management.
+This attribute is false by default.
+
`owner`: For filesystem paths, the user that will own the files upon
restore.
diff --git a/float b/float
index 8f01d1361c0ae88b19b17c72e099fb08b909e6a0..9b568c9ad8aab299ad02dee7f600c2bd18c18a81 100755
--- a/float
+++ b/float
@@ -156,6 +156,7 @@ def command_run(config, playbooks,
ansible_check=False,
ansible_diff=False,
ansible_stdout=None,
+ ansible_limit=None,
ansible_extra_vars=[]):
if not os.path.exists(config):
raise Exception(
@@ -185,6 +186,8 @@ def command_run(config, playbooks,
cmd.append('--check')
if ansible_diff:
cmd.append('--diff')
+ if ansible_limit:
+ cmd.extend(['--limit', ansible_limit])
for v in ansible_extra_vars:
cmd.append('--extra-vars=' + v)
cmd.append(arg)
@@ -401,6 +404,9 @@ themselves.
'-e', '--extra-vars', dest='ansible_extra_vars',
action='append', default=[],
help='Extra variables for Ansible')
+ run_parser.add_argument(
+ '-l', '--limit', dest='ansible_limit',
+ help='Limit to selected hosts')
kwargs = vars(parser.parse_args())
cmd = kwargs.pop('subparser')
diff --git a/playbooks/base.yml b/playbooks/base.yml
index 49e8eb2f134fa413764698e8ced674f50aa3865f..c69d94af3281d46c80ae94a8081f23aab9e05d6e 100644
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@@ -3,7 +3,7 @@
- hosts: all
roles:
- base
- - credentials
+ - float-credentials
- vagrant-compat
- hosts: net-overlay
diff --git a/plugins/inventory/float.py b/plugins/inventory/float.py
index 9a316732244317b31f79b350d7e4ddaca9b5c39f..995c7cf3c2459796e4d6ddaa041e40b2ab6582bc 100644
--- a/plugins/inventory/float.py
+++ b/plugins/inventory/float.py
@@ -358,7 +358,6 @@ def _host_vars(name, inventory, services, assignments):
'float_disabled_services': [],
'float_enabled_containers': [],
'float_host_service_credentials': [],
- 'float_host_service_credentials_certs': [],
'float_host_overlay_networks': _host_net_overlays(name, inventory),
'float_host_dns_map': _host_service_dns_map(
name, inventory, services, assignments),
@@ -366,8 +365,7 @@ def _host_vars(name, inventory, services, assignments):
# Add default client credentials that are present on all hosts.
for c in DEFAULT_SERVICE_CREDENTIALS:
- hv['float_host_service_credentials'].append({'credentials': c})
- hv['float_host_service_credentials_certs'].append({
+ hv['float_host_service_credentials'].append({
'credentials': c, 'service': 'LOCAL',
'mode': 'client', 'x509_params': {}})
@@ -390,15 +388,13 @@ def _host_vars(name, inventory, services, assignments):
for u in services[s].get('systemd_services', []):
enabled_systemd_units.add(u)
for c in services[s].get('service_credentials', []):
- hv['float_host_service_credentials'].append({
- 'service': s, 'credentials': c})
if c.get('enable_server', True):
params = _service_credential_params(name, s, inventory, assignments)
- hv['float_host_service_credentials_certs'].append({
+ hv['float_host_service_credentials'].append({
'credentials': c, 'service': s,
'mode': 'server', 'x509_params': params})
if c.get('enable_client', True):
- hv['float_host_service_credentials_certs'].append({
+ hv['float_host_service_credentials'].append({
'credentials': c, 'service': s,
'mode': 'client', 'x509_params': {}})
else:
diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 839f0328dcd87614ef96950e7e80974428083f53..7946955ebdca05d892b2e74c36489e5cdf132b8a 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -21,3 +21,11 @@ emergency_ssh_key: ""
# The Debian distribution that we are using as the basis.
float_debian_dist: "buster"
+# How to configure resolv.conf, one of the following options:
+# 'ignore' - do nothing and leave resolv.conf alone
+# 'localhost' - use localhost as the name server (presumably a cache)
+# 'internal:NET' - use the frontend hosts as resolvers, over the
+# specified overlay network NET
+# 'external' - use Google Public DNS.
+resolver_mode: "ignore"
+
diff --git a/roles/base/files/node-exporter-scripts/smartmon.py b/roles/base/files/node-exporter-scripts/smartmon.py
index 97445ab88039f3ad61a4b53cac075c37b4b06afe..5aec62f42fa5d2824947b08a5e46c20a615def4b 100644
--- a/roles/base/files/node-exporter-scripts/smartmon.py
+++ b/roles/base/files/node-exporter-scripts/smartmon.py
@@ -6,9 +6,12 @@ import datetime
import decimal
import itertools
import re
+import os
import shlex
import subprocess
+GUARD_FILE = '/etc/smartmon.disable'
+
device_info_re = re.compile(r'^(?P<k>[^:]+?)(?:(?:\sis|):)\s*(?P<v>.*)$')
ata_error_count_re = re.compile(
@@ -386,6 +389,10 @@ def collect_disks_smart_metrics():
def main():
+ # Guard file to stop this automation in an emergency.
+ if os.path.exists(GUARD_FILE):
+ sys.exit(0)
+
version_metric = Metric('smartctl_version', {
'version': smart_ctl_version()
}, True)
diff --git a/roles/base/tasks/backup_dataset.yml b/roles/base/tasks/backup_dataset.yml
index d5c64f553fbad78e9fcbc585e97fea4b88df3a62..1311c801384e63a59ed2cb58ce25d1944230722d 100644
--- a/roles/base/tasks/backup_dataset.yml
+++ b/roles/base/tasks/backup_dataset.yml
@@ -11,7 +11,10 @@
dataset_owner: "{{ item.1.get('owner', '') }}"
dataset_path: "{{ item.1.get('path', '') }}"
dataset_type: "{% if 'backup_command' in item.1 %}pipe{% else %}file{% endif %}"
- dataset_should_backup: "{{ item.0.name in float_enabled_services and ((not item.1.get('on_master_only', False)) or (item.0.get('master_host') == inventory_hostname)) }}"
+ dataset_should_backup: "{{ (item.0.name in float_enabled_services) and ((not item.1.get('on_master_only', False)) or (item.0.get('master_host') == inventory_hostname)) }}"
+
+- set_fact:
+ dataset_should_restore: "{{ dataset_should_backup and not item.1.get('sharded', False) }}"
- name: Set up configuration for dataset {{ dataset.name }} (source)
template:
@@ -47,20 +50,28 @@
src: "tabacco/restore-script.j2"
dest: "/usr/lib/float/datasets/restore-{{ dataset_filename }}"
mode: 0755
- when: dataset_should_backup
+ when: dataset_should_restore
- name: Create restore service unit
template:
src: "tabacco/restore-service.j2"
dest: "/etc/systemd/system/restore-{{ dataset_filename }}.service"
mode: 0444
- when: dataset_should_backup
+ when: dataset_should_restore
+
+- name: Cleanup restore service unit
+ file:
+ path: "/etc/systemd/system/restore-{{ dataset_filename }}.service"
+ state: absent
+ when: "not dataset_should_restore"
+ notify: reload systemd
- name: Enable restore service unit
systemd:
name: "restore-{{ dataset_filename }}.service"
enabled: yes
- when: dataset_should_backup
+ when: dataset_should_restore
+ notify: reload systemd
- name: Wipe dataset restore guard file
file:
diff --git a/roles/base/tasks/debian_misc.yml b/roles/base/tasks/debian_misc.yml
index 383249f4fe9135520319a4941c281e3ea6303ccc..6fbeedd3484d5628c4b141ec00d2aa7d9687c874 100644
--- a/roles/base/tasks/debian_misc.yml
+++ b/roles/base/tasks/debian_misc.yml
@@ -35,6 +35,6 @@
- name: Configure systemd
copy:
src: "system.conf"
- dest: "/etc/systemd/system.dconf"
+ dest: "/etc/systemd/system.conf"
notify: reload systemd
diff --git a/roles/base/tasks/harden.yml b/roles/base/tasks/harden.yml
index a23b0ced0c9d47686e71e3cbccd1c636271032e4..58234a1488b3b3a3ca6025f034ef73f20e68efc5 100644
--- a/roles/base/tasks/harden.yml
+++ b/roles/base/tasks/harden.yml
@@ -49,6 +49,7 @@
packages:
- auditd
- audisp-json
+ when: not enable_loki
- name: Auditd default config removed
file:
@@ -63,6 +64,7 @@
- "templates/audit/rules.d/*.j2"
notify:
- restart auditd
+ when: not enable_loki
- name: Auditd configured
template:
@@ -70,6 +72,7 @@
dest: /etc/audit/auditd.conf
notify:
- restart auditd
+ when: not enable_loki
- name: Audispd plugins configured
copy:
@@ -80,11 +83,13 @@
- json.conf
notify:
- restart auditd
+ when: not enable_loki
- name: Enable auditd service
systemd:
name: auditd.service
enabled: yes
+ when: not enable_loki
- name: Disable journald-auditd link
systemd:
@@ -92,3 +97,4 @@
state: stopped
enabled: no
masked: yes
+ when: not enable_loki
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 0ab03eedfa08997f60a989784293b4e1fe6721a4..9b5d48cf7cb4d5246c94a61d0621ff8a876b1673 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -86,3 +86,10 @@
- import_tasks: ipmi.yml
when: ipmi_device.stat.exists == true
+
+- name: Configure resolv.conf
+ template:
+ src: "resolv.conf.j2"
+ dest: "/etc/resolv.conf"
+ when: "resolver_mode != 'ignore'"
+
diff --git a/roles/base/templates/resolv.conf.j2 b/roles/base/templates/resolv.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..26d85da138741e06035fc08899d9ca54318c1bb0
--- /dev/null
+++ b/roles/base/templates/resolv.conf.j2
@@ -0,0 +1,15 @@
+{% if resolver_mode == 'localhost' %}
+nameserver 127.0.0.1
+options edns0
+{% elif resolver_mode.startswith('internal:') %}
+{% set dns_overlay_net = resolver_mode[9:] %}
+{% for h in groups['frontend'] | sort %}
+nameserver {{ hostvars[h]['ip_' + dns_overlay_net] }}
+{% endfor %}
+options edns0 rotate
+{% else %}
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+options edns0
+{% endif %}
+
diff --git a/roles/base/templates/rsyslog.conf.j2 b/roles/base/templates/rsyslog.conf.j2
index bde712bb4dd81b8aefab9bd657b19e1ce763b6d2..2489189558875b4d8a243e6bf715bb406e604cfe 100644
--- a/roles/base/templates/rsyslog.conf.j2
+++ b/roles/base/templates/rsyslog.conf.j2
@@ -22,6 +22,11 @@ ruleset(name="incoming") {
# Send a copy of everything to mtail.
action(type="ompipe"
Pipe="/run/mtail.fifo"
+ # Protect the main queue from mtail pipe full: discard messages on
+ # ompipe action queue full.
+ queue.type="FixedArray"
+ queue.size="4096"
+ queue.timeoutEnqueue="0"
action.resumeRetryCount="-1"
action.resumeInterval="2"
action.resumeIntervalMax="30")
diff --git a/roles/base/templates/sysctl.conf.j2 b/roles/base/templates/sysctl.conf.j2
index cc5583b619a23b46b28fc8c623dba15452c5d905..4be8d7154ae3d82902a3147e711eb08488258992 100644
--- a/roles/base/templates/sysctl.conf.j2
+++ b/roles/base/templates/sysctl.conf.j2
@@ -56,12 +56,16 @@ fs.suid_dumpable=0
# Disable source routed packet acceptance.
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
+net.ipv6.conf.all.accept_source_route=0
+net.ipv6.conf.default.accept_source_route=0
# Do not accept ICMP redirects.
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
+net.ipv6.conf.all.accept_redirects=0
+net.ipv6.conf.default.accept_redirects=0
# Do not send ICMP redirects.
net.ipv4.conf.all.send_redirects=0
@@ -72,3 +76,54 @@ net.ipv4.icmp_ignore_bogus_error_responses=1
# Enable RFC-recommended source route validation.
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
+
+# Prevent the automatic loading of line disciplines
+# https://lore.kernel.org/patchwork/patch/1034150
+dev.tty.ldisc_autoload=0
+
+# Additional protections for fifos, hardlinks, regular files, and symlinks
+# https://patchwork.kernel.org/patch/10244781
+# slightly tightened up from the systemd default values of "1" for each
+fs.protected_fifos=2
+fs.protected_hardlinks=1
+fs.protected_regular=2
+fs.protected_symlinks=1
+
+# Disable the kexec system call (can be used to replace the running kernel)
+# https://lwn.net/Articles/580269
+# (linux-hardened default)
+kernel.kexec_load_disabled=1
+
+# Impose restrictions on exposing kernel pointers
+# https://lwn.net/Articles/420403
+# (linux-hardened default)
+kernel.kptr_restrict=2
+
+# Restrict use of the performance events system by unprivileged users
+# https://lwn.net/Articles/696216
+# (linux-hardened default)
+kernel.perf_event_paranoid=3
+
+# Disable the "magic sysrq key" functionality
+# https://security.stackexchange.com/questions/138658
+# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238
+kernel.sysrq=0
+
+# Harden the BPF JIT compiler and restrict unprivileged use of BPF
+# https://www.zerodayinitiative.com/advisories/ZDI-20-350
+# https://lwn.net/Articles/660331
+# (linux-hardened default)
+net.core.bpf_jit_harden=2
+kernel.unprivileged_bpf_disabled=1
+
+# Disable unprivileged user namespaces
+# https://lwn.net/Articles/673597
+# (linux-hardened default)
+#kernel.unprivileged_userns_clone=0
+
+# Enable yama ptrace restrictions
+# https://www.kernel.org/doc/Documentation/security/Yama.txt
+# (linux-hardened default)
+# set to "3" if the use of ptrace is not needed
+kernel.yama.ptrace_scope=1
+
diff --git a/roles/credentials/README.md b/roles/credentials/README.md
index 038bc3f3fccc1b8c10a870884275ad0c216f2f7a..de7a8aa25a884c06ffb8fd242fbd6a107484fb64 100644
--- a/roles/credentials/README.md
+++ b/roles/credentials/README.md
@@ -3,7 +3,24 @@ credentials
Ansible role that installs all the [service
credentials](../docs/service_mesh.md#mutual-service-authentication) on
-the hosts where they're needed.
+the hosts where they're needed. This role works in combination with
+the 'x509' action plugin.
Private keys never leave the target host, we create a CSR and sign it
on the Ansible host.
+
+X509 credentials are stored in /etc/credentials/x509 under directories
+named after the services. Every service directory contains a copy of
+the public CA certificate, so it can be bind-mounted in a container
+easily.
+
+Private keys have mode 440, are owned by root and by a dedicated group
+named *service*-credentials. When the service is actually installed,
+later, maybe by an Ansible role, it can add the service user to this
+group.
+
+Use by including this role and setting the *credentials* variable to a
+list of entries specifying the desired credentials. This is already
+done once system-wide by the *float-credentials* role with the
+credentials automagically derived from the service definitions by
+*float*.
diff --git a/roles/credentials/tasks/install_certs.yml b/roles/credentials/tasks/install_certs.yml
deleted file mode 100644
index d4fe6daade98f8de3261225578ed6416a638f5f0..0000000000000000000000000000000000000000
--- a/roles/credentials/tasks/install_certs.yml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-
-#- set_fact:
-# x509_params: "{{ float_service_credentials_params[service_name_item + '-' + credentials.name] | default({}) }}"
-# when: "service_name_item is defined"
-
-- name: Set up internal PKI credentials
- block:
-
- - file:
- path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}"
- state: directory
- loop: "{{ float_host_service_credentials_certs }}"
-
- - name: "Check the internal PKI certificates"
- x509_csr:
- credentials_name: "{{ item.credentials.name }}"
- domain: "{{ domain }}"
- mode: "{{ item.mode }}"
- params: "{{ item.x509_params|default({}) }}"
- private_key_path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/private_key.pem"
- cert_path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/cert.pem"
- ca_cert_path: "/etc/credentials/x509/{{ item.credentials.name }}/ca.pem"
- check: true
- loop: "{{ float_host_service_credentials_certs }}"
- check_mode: no
- register: x509_should_update
-
- # TODO: set the right permissions (credentials.name-credentials)
- - name: "Create internal PKI CSRs"
- x509_csr:
- credentials_name: "{{ item.0.credentials.name }}"
- domain: "{{ domain }}"
- mode: "{{ item.0.mode }}"
- params: "{{ item.0.x509_params|default({}) }}"
- private_key_path: "/etc/credentials/x509/{{ item.0.credentials.name }}/{{ item.0.mode }}/private_key.pem"
- check: false
- when: "item.1.changed"
- loop: "{{ float_host_service_credentials_certs | zip(x509_should_update.results) | list }}"
- register: x509_csr
-
- - name: "Sign internal PKI certificates"
- x509_sign:
- csr: "{{ item.1.csr }}"
- mode: "{{ item.0.mode }}"
- ca_cert_path: "{{ credentials_dir }}/x509/ca.pem"
- ca_key_path: "{{ credentials_dir }}/x509/ca_private_key.pem"
- when: "item.1.changed"
- loop: "{{ float_host_service_credentials_certs | zip(x509_csr.results) | list }}"
- register: x509_sign
-
- - name: "Install the signed internal PKI certificates"
- copy:
- dest: "/etc/credentials/x509/{{ item.0.credentials.name }}/{{ item.0.mode }}/cert.pem"
- content: "{{ item.1.cert }}"
- mode: 0644
- when: "item.1.changed"
- loop: "{{ float_host_service_credentials_certs | zip(x509_sign.results) | list }}"
-
- - name: "Set permissions on the private keys"
- file:
- path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/private_key.pem"
- group: "{{ item.credentials.name }}-credentials"
- mode: 0640
- loop: "{{ float_host_service_credentials_certs }}"
-
- rescue:
- - debug:
- msg: "Failed to set up one or more credentials"
-
diff --git a/roles/credentials/tasks/install_credentials.yml b/roles/credentials/tasks/install_credentials.yml
deleted file mode 100644
index ec3cce4398b629aca40d31602d3252ec84de2efc..0000000000000000000000000000000000000000
--- a/roles/credentials/tasks/install_credentials.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: "Create service credentials group"
- group:
- name: "{{ item.credentials.name }}-credentials"
- system: true
- loop: "{{ float_host_service_credentials }}"
-
-- name: "Create service credentials dirs"
- file:
- path: "/etc/credentials/x509/{{ item.credentials.name }}"
- state: directory
- loop: "{{ float_host_service_credentials }}"
-
-- name: Copy CA
- copy:
- src: "{{ credentials_dir }}/x509/ca.pem"
- dest: "/etc/credentials/x509/{{ item.credentials.name }}/ca.pem"
- owner: root
- group: root
- mode: 0644
- loop: "{{ float_host_service_credentials }}"
-
diff --git a/roles/credentials/tasks/main.yml b/roles/credentials/tasks/main.yml
index 45c12e3197fd41ba22cf51c11af19a09f7cc5287..9a61b5936671af7b859437126c5b48ae039bddcf 100644
--- a/roles/credentials/tasks/main.yml
+++ b/roles/credentials/tasks/main.yml
@@ -1,55 +1,105 @@
---
-# Distribute the SSO public key to all hosts.
+# This package needs to be on hosts in order to generate the CSRs.
+- name: Install x509ca package
+ apt:
+ name: x509ca
+ state: present
+
+# Get the credential names from the list of certs.
+- set_fact:
+ credentials_names: "{{ credentials | map(attribute='credentials') | map(attribute='name') | unique | list }}"
-- file:
- path: /etc/sso
+- name: "Create service credentials group"
+ group:
+ name: "{{ item }}-credentials"
+ system: true
+ loop: "{{ credentials_names }}"
+
+- name: "Create service credentials dirs"
+ file:
+ path: "/etc/credentials/x509/{{ item }}"
state: directory
- owner: root
- group: root
- mode: 0755
+ loop: "{{ credentials_names }}"
-- name: Install SSO public key
+- name: Copy CA
copy:
- src: "{{ credentials_dir }}/sso/public.key"
- dest: /etc/sso/public.key
+ src: "{{ credentials_dir }}/x509/ca.pem"
+ dest: "/etc/credentials/x509/{{ item }}/ca.pem"
+ owner: root
+ group: root
mode: 0644
+ loop: "{{ credentials_names }}"
-# Distribute X509 credentials to all hosts as needed. This role works
-# in combination with the 'x509' action plugin.
+# Create and sign all certificates in a series of loops (with some
+# unfortunately complex change-detection logic).
+- name: Set up internal PKI credentials
+ block:
-# X509 credentials are stored in /etc/credentials/x509 under
-# directories named after the services. Every service directory
-# contains a copy of the public CA certificate, so it can be
-# bind-mounted in a container easily.
+ - file:
+ path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}"
+ state: directory
+ loop: "{{ credentials }}"
-# Private keys have mode 440, are owned by root and by a dedicated
-# group named <service>-credentials. When the service is actually
-# installed, later, maybe by an Ansible role, it can add the service
-# user to this group.
+ - name: "Check the internal PKI certificates"
+ x509_csr:
+ credentials_name: "{{ item.credentials.name }}"
+ domain: "{{ domain }}"
+ mode: "{{ item.mode }}"
+ params: "{{ item.x509_params|default({}) }}"
+ private_key_path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/private_key.pem"
+ cert_path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/cert.pem"
+ ca_cert_path: "/etc/credentials/x509/{{ item.credentials.name }}/ca.pem"
+ check: true
+ loop: "{{ credentials }}"
+ check_mode: no
+ register: x509_should_update
-- name: Install x509ca package
- apt:
- name: x509ca
- state: present
+ # TODO: set the right permissions (credentials.name-credentials)
+ - name: "Create internal PKI CSRs"
+ x509_csr:
+ credentials_name: "{{ item.0.credentials.name }}"
+ domain: "{{ domain }}"
+ mode: "{{ item.0.mode }}"
+ params: "{{ item.0.x509_params|default({}) }}"
+ private_key_path: "/etc/credentials/x509/{{ item.0.credentials.name }}/{{ item.0.mode }}/private_key.pem"
+ check: false
+ when: "item.1.changed"
+ loop: "{{ credentials | zip(x509_should_update.results) | list }}"
+ register: x509_csr
-- import_tasks: install_credentials.yml
-- import_tasks: install_certs.yml
+ - name: "Sign internal PKI certificates"
+ x509_sign:
+ csr: "{{ item.1.csr }}"
+ mode: "{{ item.0.mode }}"
+ ca_cert_path: "{{ credentials_dir }}/x509/ca.pem"
+ ca_key_path: "{{ credentials_dir }}/x509/ca_private_key.pem"
+ when: "item.1.changed"
+ loop: "{{ credentials | zip(x509_csr.results) | list }}"
+ register: x509_sign
-# Remove credentials that shouldn't be here.
-# - file: path="/etc/credentials/x509/{{ item.1.name }}" state=absent
-# with_subelements:
-# - "{{ services }}"
-# - service_credentials
-# - { skip_missing: true }
+ - name: "Install the signed internal PKI certificates"
+ copy:
+ dest: "/etc/credentials/x509/{{ item.0.credentials.name }}/{{ item.0.mode }}/cert.pem"
+ content: "{{ item.1.cert }}"
+ mode: 0644
+ when: "item.1.changed"
+ loop: "{{ credentials | zip(x509_sign.results) | list }}"
-# Create a group for public credentials.
-- name: Create public-credentials group
- group:
- name: public-credentials
- system: yes
+ - name: "Set permissions on the private keys"
+ file:
+ path: "/etc/credentials/x509/{{ item.credentials.name }}/{{ item.mode }}/private_key.pem"
+ group: "{{ item.credentials.name }}-credentials"
+ mode: 0640
+ loop: "{{ credentials }}"
+
+ # This should use the systemd module but it doesn't take lists of services.
+ - name: "Restart associated services"
+ shell: "systemctl restart {{ services[item.0.service].systemd_services | join(' ') }}"
+ when: "item.1.changed and item.0.service != 'LOCAL'"
+ loop: "{{ credentials | zip(x509_sign.results) | list }}"
+
+ rescue:
+ - debug:
+ msg: "Failed to set up one or more credentials"
-# Create the root directory for public credentials.
-- file:
- path: /etc/credentials/public
- state: directory
diff --git a/roles/docker/templates/systemd.j2 b/roles/docker/templates/systemd.j2
index b8e71bca78e38e8255684df18fd997b24c5a3c40..08a142ebfb340a77133577e7eca7a12aac0fcc24 100644
--- a/roles/docker/templates/systemd.j2
+++ b/roles/docker/templates/systemd.j2
@@ -17,7 +17,8 @@ SyslogIdentifier={{ item.service }}-{{ item.container.name }}
{% if item.container.resources is defined %}
{% if item.container.resources.ram is defined %}
-MemoryHigh={{ item.container.resources.ram }}
+MemoryMax={{ item.container.resources.ram }}
+ExecStartPost=+/bin/sh -c "echo 0 > /sys/fs/cgroup/memory/system.slice/%n/memory.swappiness"
{% endif %}
{% if item.container.resources.cpu is defined %}
CPUQuota={{ 100 * item.container.resources.cpu }}%
diff --git a/roles/float-credentials/README.md b/roles/float-credentials/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5edfe877e1ec05b36ee8a09fbc8ffc2c2c9ff5b1
--- /dev/null
+++ b/roles/float-credentials/README.md
@@ -0,0 +1,2 @@
+This role includes the *credentials* role with the list of credentials
+derived from the service descriptions in services.yml.
diff --git a/roles/float-credentials/meta/main.yml b/roles/float-credentials/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bd091102e4ae2f889651266327d0651ec08b42f4
--- /dev/null
+++ b/roles/float-credentials/meta/main.yml
@@ -0,0 +1,7 @@
+---
+
+dependencies:
+ - role: credentials
+ vars:
+ credentials: "{{ float_host_service_credentials }}"
+
diff --git a/roles/float-credentials/tasks/main.yml b/roles/float-credentials/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..23a0988ee0c28fcdf9666b6a5cd00e16b59d01a4
--- /dev/null
+++ b/roles/float-credentials/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+
+# Distribute the SSO public key to all hosts.
+- file:
+ path: /etc/sso
+ state: directory
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Install SSO public key
+ copy:
+ src: "{{ credentials_dir }}/sso/public.key"
+ dest: /etc/sso/public.key
+ mode: 0644
+
+# Create a group for public credentials.
+- name: Create public-credentials group
+ group:
+ name: public-credentials
+ system: yes
+
+# Create the root directory for public credentials.
+- file:
+ path: /etc/credentials/public
+ state: directory
diff --git a/roles/geoip-dataset/README.md b/roles/geoip-dataset/README.md
index 455c11165f269aed77ac6f49a56bd3a50ba4a6af..e625e06c822f22007578bc172629a0174da4343c 100644
--- a/roles/geoip-dataset/README.md
+++ b/roles/geoip-dataset/README.md
@@ -9,7 +9,7 @@ Define the following configuration variable to enable it:
* *geoip_account_id*
* *geoip_license_key*
-* *geoip_datasets* (default: country)
+* *geoip_dataset* (default: country)
You will need to register for an account on maxmind.com to obtain
these.
diff --git a/roles/geoip-dataset/tasks/main.yml b/roles/geoip-dataset/tasks/main.yml
index 8ce5ec84a13eb71ef8d5311c38974f6904d4d2fb..fac8c66aa795ee5b8211c368e67633bd58c28505 100644
--- a/roles/geoip-dataset/tasks/main.yml
+++ b/roles/geoip-dataset/tasks/main.yml
@@ -1,7 +1,6 @@
# This role expects the following variables to be defined:
#
-# geoip-dataset:
-# geoip_datasets [ 'City', 'Country' ]
+# geoip-dataset
# Setup the Country GeoIP database.
- name: Configure GeoIP downloader
diff --git a/roles/log-collector/defaults/main.yml b/roles/log-collector/defaults/main.yml
index ff97a7fc63a5e1190c760f1dcc4db15c66f04c0d..f92b9d023a06e12828eb35e27486dc0d2717e0ee 100644
--- a/roles/log-collector/defaults/main.yml
+++ b/roles/log-collector/defaults/main.yml
@@ -2,6 +2,7 @@
# Whether to set up elasticsearch/kibana at all.
enable_elasticsearch: true
+enable_loki: false
es_major_version: "6"
diff --git a/roles/log-collector/files/kibana/provisioning/audit_overview.json b/roles/log-collector/files/kibana/provisioning/audit_overview.json
index 91387f142095502bcc64b4fce5db28769bf405d4..bd8eaeb91086bfee09db4801d81febe6ae3f5c17 100644
--- a/roles/log-collector/files/kibana/provisioning/audit_overview.json
+++ b/roles/log-collector/files/kibana/provisioning/audit_overview.json
@@ -1,119 +1,205 @@
{
- "version": "6.3.2",
+ "version": "7.7.0",
"objects": [
+ {
+ "id": "a79169b0-9d66-11e8-abfe-e72bf1d89aa3",
+ "type": "dashboard",
+ "updated_at": "2019-04-27T16:50:00.716Z",
+ "version": "WzksMV0=",
+ "attributes": {
+ "hits": 0,
+ "timeRestore": false,
+ "description": "",
+ "title": "audit: overview",
+ "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":24,\"i\":\"1\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":16,\"h\":11,\"i\":\"2\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":24,\"w\":16,\"h\":11,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":11,\"i\":\"4\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":28,\"i\":\"5\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+ "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
+ "version": 1,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
+ }
+ },
+ "references": [
+ {
+ "name": "panel_0",
+ "type": "visualization",
+ "id": "1547fd50-9d64-11e8-abfe-e72bf1d89aa3"
+ },
+ {
+ "name": "panel_1",
+ "type": "visualization",
+ "id": "30af9b00-9d66-11e8-abfe-e72bf1d89aa3"
+ },
+ {
+ "name": "panel_2",
+ "type": "visualization",
+ "id": "b053f4b0-9d65-11e8-abfe-e72bf1d89aa3"
+ },
+ {
+ "name": "panel_3",
+ "type": "visualization",
+ "id": "de15f9c0-9d65-11e8-abfe-e72bf1d89aa3"
+ },
+ {
+ "name": "panel_4",
+ "type": "search",
+ "id": "ea492f90-9d66-11e8-abfe-e72bf1d89aa3"
+ }
+ ],
+ "migrationVersion": {
+ "dashboard": "7.3.0"
+ }
+ },
{
"id": "1547fd50-9d64-11e8-abfe-e72bf1d89aa3",
"type": "visualization",
- "updated_at": "2018-08-11T12:43:01.412Z",
- "version": 1,
+ "updated_at": "2019-06-11T20:49:41.066Z",
+ "version": "WzM5LDFd",
"attributes": {
"title": "audit: by category and action over time",
- "visState": "{\"title\":\"audit: by category and action over time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"lineWidth\":1.5}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"time\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"#\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}]}",
+ "visState": "{\"title\":\"audit: by category and action over time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"lineWidth\":1.5}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-12h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"time\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"tags.keyword\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"#\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.action.keyword\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"4d823830-9d59-11e8-abfe-e72bf1d89aa3\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "30af9b00-9d66-11e8-abfe-e72bf1d89aa3",
"type": "visualization",
- "updated_at": "2018-08-11T12:58:06.384Z",
- "version": 1,
+ "updated_at": "2019-06-11T20:54:20.887Z",
+ "version": "WzQwLDFd",
"attributes": {
"title": "audit: privesc heat map",
- "visState": "{\"title\":\"audit: privesc heat map\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"data.auid.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"auid\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"data.uid.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"uid\"}}]}",
+ "visState": "{\"title\":\"audit: privesc heat map\",\"type\":\"heatmap\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Greens\",\"colorsNumber\":4,\"colorsRange\":[],\"enableHover\":false,\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"#555\",\"overwriteColor\":false,\"rotate\":0,\"show\":false},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"user.ids.auid.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"user.ids.uid.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"uid\"}}]}",
"uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 0.25\":\"rgb(247,252,245)\",\"0.25 - 0.5\":\"rgb(199,233,192)\",\"0.5 - 0.75\":\"rgb(116,196,118)\",\"0.75 - 1\":\"rgb(35,139,69)\"}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"4d823830-9d59-11e8-abfe-e72bf1d89aa3\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "b053f4b0-9d65-11e8-abfe-e72bf1d89aa3",
"type": "visualization",
- "updated_at": "2018-08-11T12:54:31.035Z",
- "version": 1,
+ "updated_at": "2020-05-17T17:32:08.619Z",
+ "version": "WzMyMCwyXQ==",
"attributes": {
"title": "audit: total by summary.how",
- "visState": "{\"title\":\"audit: total by summary.how\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.how.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+ "visState": "{\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.how.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"audit: total by summary.how\"}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"4d823830-9d59-11e8-abfe-e72bf1d89aa3\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "de15f9c0-9d65-11e8-abfe-e72bf1d89aa3",
"type": "visualization",
- "updated_at": "2018-08-11T12:55:47.804Z",
- "version": 1,
+ "updated_at": "2020-05-17T17:32:53.447Z",
+ "version": "WzMyNSwyXQ==",
"attributes": {
"title": "audit: total by summary.type",
- "visState": "{\"title\":\"audit: total by summary.type\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.object.type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+ "visState": "{\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"summary.object.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"audit: total by summary.type\"}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"4d823830-9d59-11e8-abfe-e72bf1d89aa3\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "ea492f90-9d66-11e8-abfe-e72bf1d89aa3",
"type": "search",
- "updated_at": "2018-08-11T13:03:17.769Z",
- "version": 1,
+ "updated_at": "2019-04-27T16:50:00.716Z",
+ "version": "WzgsMV0=",
"attributes": {
- "title": "Default audit search",
- "description": "",
- "hits": 0,
- "columns": [
- "_source"
- ],
"sort": [
- "@timestamp",
- "desc"
+ [
+ "@timestamp",
+ "desc"
+ ]
],
+ "hits": 0,
+ "description": "",
+ "title": "Default audit search",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"4d823830-9d59-11e8-abfe-e72bf1d89aa3\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
+ "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ },
+ "columns": [
+ "_source"
+ ]
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3"
}
+ ],
+ "migrationVersion": {
+ "search": "7.4.0"
}
},
{
"id": "4d823830-9d59-11e8-abfe-e72bf1d89aa3",
"type": "index-pattern",
- "updated_at": "2018-08-11T11:25:52.523Z",
- "version": 2,
+ "updated_at": "2019-06-07T21:44:20.520Z",
+ "version": "WzM1LDFd",
"attributes": {
- "title": "audit-*",
+ "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"category\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a0.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.acct.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.argc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.argc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_backlog_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_backlog_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_backlog_wait_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_backlog_wait_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_failure\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_failure.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.entries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.entries.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.exit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.exit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.family.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fver.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.item.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.items.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.kernel.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.list\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.list.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.nametype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.nametype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new-level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new-level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old-ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-ses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_prom\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_prom.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.op\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.op.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.prom\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.prom.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rdev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rdev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.syscall\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.syscall.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.terminal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.terminal.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ver.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.device.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.group.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.owner.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.dev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.dev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.item.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.nametype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.nametype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.rdev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.rdev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exe\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"record_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.action\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.actor.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.actor.primary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.actor.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.actor.secondary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.how\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.how.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.primary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.secondary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.egid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.egid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.euid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.euid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.fsgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.fsgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.fsuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.fsuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.old-auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.old-auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.sgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.sgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.suid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.suid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.egid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.egid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.euid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.euid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.fsgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.fsgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.fsuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.fsuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.sgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.sgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.suid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.suid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"timeFieldName": "@timestamp",
- "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a0.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.a3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.a3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.acct.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.argc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.argc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_backlog_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_backlog_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_backlog_wait_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_backlog_wait_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.audit_failure\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.audit_failure.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.entries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.entries.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.exit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.exit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.family.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.fver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fver.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.item.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.items.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.kernel.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.list\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.list.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.nametype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.nametype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new-level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new-level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.new_pp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.new_pp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old-ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old-ses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_pp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_pp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.old_prom\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.old_prom.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.op\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.op.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.prom\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.prom.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rdev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rdev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.syscall\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.syscall.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.terminal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.terminal.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ver.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.device.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.group.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.owner.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.dev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.dev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.item.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.nametype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.nametype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"paths.rdev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.rdev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"record_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.actor.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.actor.primary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.actor.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.actor.secondary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.how\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.how.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.primary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.secondary.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"summary.object.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"summary.object.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.egid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.egid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.euid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.euid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.fsgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.fsgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.fsuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.fsuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.old-auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.old-auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.sgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.sgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.suid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.suid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.ids.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.ids.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.auid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.egid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.egid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.euid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.euid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.fsgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.fsgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.fsuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.fsuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.ogid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.ogid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.ouid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.ouid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.sgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.sgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.suid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.suid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.names.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.names.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]"
- }
- },
- {
- "id": "a79169b0-9d66-11e8-abfe-e72bf1d89aa3",
- "type": "dashboard",
- "updated_at": "2018-08-11T13:04:06.172Z",
- "version": 2,
- "attributes": {
- "title": "audit: overview",
- "hits": 0,
- "description": "",
- "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":24,\"i\":\"1\"},\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"1547fd50-9d64-11e8-abfe-e72bf1d89aa3\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":16,\"h\":11,\"i\":\"2\"},\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"30af9b00-9d66-11e8-abfe-e72bf1d89aa3\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":24,\"w\":16,\"h\":11,\"i\":\"3\"},\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"b053f4b0-9d65-11e8-abfe-e72bf1d89aa3\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":11,\"i\":\"4\"},\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"de15f9c0-9d65-11e8-abfe-e72bf1d89aa3\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":28,\"i\":\"5\"},\"version\":\"6.3.2\",\"type\":\"search\",\"id\":\"ea492f90-9d66-11e8-abfe-e72bf1d89aa3\",\"embeddableConfig\":{}}]",
- "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
- "version": 1,
- "timeRestore": false,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
- }
+ "title": "audit-*"
+ },
+ "references": [],
+ "migrationVersion": {
+ "index-pattern": "7.6.0"
}
}
]
diff --git a/roles/log-collector/files/kibana/provisioning/syslog_overview.json b/roles/log-collector/files/kibana/provisioning/syslog_overview.json
index 5b92657a08229b60ef671cfe9e86013b8c8f80ca..0c5582da68efce23907f1086002683e2991e8637 100644
--- a/roles/log-collector/files/kibana/provisioning/syslog_overview.json
+++ b/roles/log-collector/files/kibana/provisioning/syslog_overview.json
@@ -1,119 +1,207 @@
{
- "version": "6.3.2",
+ "version": "7.7.0",
"objects": [
+ {
+ "id": "dc753c20-5616-11e8-b43b-036ee7010221",
+ "type": "dashboard",
+ "updated_at": "2019-12-22T00:07:17.298Z",
+ "version": "WzEwMSwxXQ==",
+ "attributes": {
+ "title": "syslog: overview",
+ "hits": 0,
+ "description": "",
+ "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":12,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":24,\"y\":12,\"w\":24,\"h\":12,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":12,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":12,\"w\":24,\"h\":12,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":20,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+ "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
+ "version": 1,
+ "timeRestore": false,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
+ }
+ },
+ "references": [
+ {
+ "name": "panel_0",
+ "type": "visualization",
+ "id": "55d59470-55cc-11e8-b43b-036ee7010221"
+ },
+ {
+ "name": "panel_1",
+ "type": "visualization",
+ "id": "336b9ce0-55cc-11e8-b43b-036ee7010221"
+ },
+ {
+ "name": "panel_2",
+ "type": "visualization",
+ "id": "92ea0680-5616-11e8-b43b-036ee7010221"
+ },
+ {
+ "name": "panel_3",
+ "type": "visualization",
+ "id": "5743f1e0-5616-11e8-b43b-036ee7010221"
+ },
+ {
+ "name": "panel_4",
+ "type": "search",
+ "id": "d9396dd0-244e-11ea-8ce4-5d940bd04176"
+ }
+ ],
+ "migrationVersion": {
+ "dashboard": "7.3.0"
+ }
+ },
{
"id": "55d59470-55cc-11e8-b43b-036ee7010221",
"type": "visualization",
- "updated_at": "2018-08-11T11:45:46.881Z",
- "version": 3,
+ "updated_at": "2019-04-27T16:49:57.584Z",
+ "version": "WzEsMV0=",
"attributes": {
- "visState": "{\n \"title\": \"syslog: breakdown by host\",\n \"type\": \"pie\",\n \"params\": {\n \"type\": \"pie\",\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true,\n \"labels\": {\n \"show\": false,\n \"values\": true,\n \"last_level\": true,\n \"truncate\": 100\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"host\",\n \"otherBucket\": true,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 10,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ]\n}",
+ "visState": "{\"title\":\"syslog: breakdown by host\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
"description": "",
"title": "syslog: breakdown by host",
"uiStateJSON": "{}",
"version": 2,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"ec2f3610-55c7-11e8-823a-73397be2582f\",\n \"filter\": [],\n \"query\": {\n \"query\": \"\",\n \"language\": \"lucene\"\n }\n}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "ec2f3610-55c7-11e8-823a-73397be2582f"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "336b9ce0-55cc-11e8-b43b-036ee7010221",
"type": "visualization",
- "updated_at": "2018-08-11T11:45:33.487Z",
- "version": 2,
+ "updated_at": "2019-04-27T16:49:57.584Z",
+ "version": "WzIsMV0=",
"attributes": {
- "visState": "{\n \"title\": \"syslog: breakdown by program\",\n \"type\": \"pie\",\n \"params\": {\n \"type\": \"pie\",\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true,\n \"labels\": {\n \"show\": false,\n \"values\": true,\n \"last_level\": true,\n \"truncate\": 100\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"program\",\n \"otherBucket\": true,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 10,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ]\n}",
+ "visState": "{\"title\":\"syslog: breakdown by program\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"program\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
"description": "",
"title": "syslog: breakdown by program",
"uiStateJSON": "{}",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"ec2f3610-55c7-11e8-823a-73397be2582f\",\n \"filter\": [],\n \"query\": {\n \"query\": \"\",\n \"language\": \"lucene\"\n }\n}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "ec2f3610-55c7-11e8-823a-73397be2582f"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "92ea0680-5616-11e8-b43b-036ee7010221",
"type": "visualization",
- "updated_at": "2018-08-11T11:41:45.671Z",
- "version": 3,
+ "updated_at": "2020-05-17T17:55:04.162Z",
+ "version": "WzM3MSwyXQ==",
"attributes": {
- "visState": "{\n \"title\": \"syslog: by host over time\",\n \"type\": \"line\",\n \"params\": {\n \"type\": \"line\",\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"type\": \"category\",\n \"position\": \"bottom\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\"\n },\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"title\": {}\n }\n ],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"name\": \"LeftAxis-1\",\n \"type\": \"value\",\n \"position\": \"left\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\",\n \"mode\": \"normal\"\n },\n \"labels\": {\n \"show\": true,\n \"rotate\": 0,\n \"filter\": false,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"Count\"\n }\n }\n ],\n \"seriesParams\": [\n {\n \"show\": \"true\",\n \"type\": \"line\",\n \"mode\": \"normal\",\n \"data\": {\n \"label\": \"Count\",\n \"id\": \"1\"\n },\n \"valueAxis\": \"ValueAxis-1\",\n \"drawLinesBetweenPoints\": true,\n \"showCircles\": true\n }\n ],\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"times\": [],\n \"addTimeMarker\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"host\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 10,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {},\n \"customLabel\": \"time\"\n }\n }\n ]\n}",
- "description": "",
"title": "syslog: by host over time",
+ "visState": "{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"syslog: by host over time\"}",
"uiStateJSON": "{}",
+ "description": "",
"version": 2,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"ec2f3610-55c7-11e8-823a-73397be2582f\",\n \"filter\": [],\n \"query\": {\n \"query\": \"\",\n \"language\": \"lucene\"\n }\n}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "ec2f3610-55c7-11e8-823a-73397be2582f"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "5743f1e0-5616-11e8-b43b-036ee7010221",
"type": "visualization",
- "updated_at": "2018-08-11T11:45:59.887Z",
- "version": 2,
+ "updated_at": "2020-05-17T17:55:22.731Z",
+ "version": "WzM3NywyXQ==",
"attributes": {
- "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"field\": \"program\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"otherBucket\": true,\n \"otherBucketLabel\": \"Other\",\n \"size\": 10\n },\n \"schema\": \"group\",\n \"type\": \"terms\"\n },\n {\n \"enabled\": true,\n \"id\": \"3\",\n \"params\": {\n \"customInterval\": \"2h\",\n \"customLabel\": \"time\",\n \"extended_bounds\": {},\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"min_doc_count\": 1\n },\n \"schema\": \"segment\",\n \"type\": \"date_histogram\"\n }\n ],\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"position\": \"bottom\",\n \"scale\": {\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {},\n \"type\": \"category\"\n }\n ],\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"legendPosition\": \"right\",\n \"seriesParams\": [\n {\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Count\"\n },\n \"drawLinesBetweenPoints\": true,\n \"mode\": \"stacked\",\n \"show\": \"true\",\n \"showCircles\": true,\n \"type\": \"histogram\",\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"times\": [],\n \"type\": \"histogram\",\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"labels\": {\n \"filter\": false,\n \"rotate\": 0,\n \"show\": true,\n \"truncate\": 100\n },\n \"name\": \"LeftAxis-1\",\n \"position\": \"left\",\n \"scale\": {\n \"mode\": \"normal\",\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"Count\"\n },\n \"type\": \"value\"\n }\n ]\n },\n \"title\": \"syslog: by program over time\",\n \"type\": \"histogram\"\n}",
- "description": "",
"title": "syslog: by program over time",
+ "visState": "{\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"program\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"syslog: by program over time\"}",
"uiStateJSON": "{}",
+ "description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"ec2f3610-55c7-11e8-823a-73397be2582f\",\n \"filter\": [],\n \"query\": {\n \"language\": \"lucene\",\n \"query\": \"\"\n }\n}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "ec2f3610-55c7-11e8-823a-73397be2582f"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
- "id": "a7056ce0-5616-11e8-b43b-036ee7010221",
+ "id": "d9396dd0-244e-11ea-8ce4-5d940bd04176",
"type": "search",
- "updated_at": "2018-08-08T07:19:24.613Z",
- "version": 1,
+ "updated_at": "2019-12-22T00:06:05.869Z",
+ "version": "WzEwMywxXQ==",
"attributes": {
+ "title": "Syslog browser",
+ "description": "",
+ "hits": 0,
+ "columns": [
+ "host",
+ "program",
+ "message"
+ ],
"sort": [
- "@timestamp",
- "desc"
+ [
+ "@timestamp",
+ "desc"
+ ]
],
- "hits": 0,
- "description": "",
- "title": "Default syslog search",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"ec2f3610-55c7-11e8-823a-73397be2582f\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
- },
- "columns": [
- "_source"
- ]
+ "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "ec2f3610-55c7-11e8-823a-73397be2582f"
+ }
+ ],
+ "migrationVersion": {
+ "search": "7.4.0"
}
},
{
"id": "ec2f3610-55c7-11e8-823a-73397be2582f",
"type": "index-pattern",
- "updated_at": "2018-08-11T11:49:28.650Z",
- "version": 3,
+ "updated_at": "2020-01-06T09:39:29.193Z",
+ "version": "Wzk2LDFd",
"attributes": {
- "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.architectures\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.architectures.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.atime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.atime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.average_memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.average_memory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.avg_system_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.avg_system_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.avg_user_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.avg_user_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.base_uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.base_uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_available\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_available.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build_distro\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build_distro.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build_platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build_platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.chain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.chain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.cmdline.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.components\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.components.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.config_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.config_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.config_valid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.config_valid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.counter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.counter.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.ctime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.ctime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.cwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.cwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.device.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.device_alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.device_alias.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.executions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.executions.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.extensions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.extensions.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.family.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.fd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.fd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.filter_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.filter_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.hashed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.hashed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.history_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.history_file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.iniface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.iniface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.iniface_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.iniface_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inodes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inodes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inodes_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inodes_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.instance_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.interval\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.interval.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.last_executed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.last_executed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.local_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.local_address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.maintainer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.maintainer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.match\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.match.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.mtime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.mtime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.net_namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.net_namespace.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.outiface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.outiface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.outiface_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.outiface_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.output_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.output_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.patch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.platform_like\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.platform_like.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.policy.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.remote_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.remote_address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.resident_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.resident_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.root\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.root.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.socket\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.socket.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.system_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.system_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.target.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.target_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.transaction_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.transaction_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.used_by\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.used_by.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.user_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.user_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.wall_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.wall_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.watcher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.watcher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decorations.host_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decorations.host_uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ignore\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ignore.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sso_auth_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sso_auth_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sso_service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sso_service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
+ "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.architectures\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.architectures.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.atime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.atime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.average_memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.average_memory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.avg_system_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.avg_system_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.avg_user_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.avg_user_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.base_uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.base_uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_available\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_available.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.blocks_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.blocks_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build_distro\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build_distro.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.build_platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.build_platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.chain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.chain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.cmdline.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.components\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.components.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.config_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.config_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.config_valid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.config_valid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.counter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.counter.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.ctime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.ctime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.cwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.cwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.device.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.device_alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.device_alias.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.dst_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.dst_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.executions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.executions.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.extensions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.extensions.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.family.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.fd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.fd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.filter_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.filter_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.hashed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.hashed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.history_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.history_file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.iniface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.iniface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.iniface_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.iniface_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inodes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inodes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.inodes_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.inodes_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.instance_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.interval\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.interval.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.last_executed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.last_executed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.local_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.local_address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.maintainer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.maintainer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.match\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.match.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.mode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.mtime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.mtime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.net_namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.net_namespace.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.outiface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.outiface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.outiface_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.outiface_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.output_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.output_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.patch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.platform_like\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.platform_like.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.policy.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.remote_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.remote_address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.resident_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.resident_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.root\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.root.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.socket\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.socket.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_mask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_mask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.src_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.src_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.system_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.system_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.target.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.target_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.transaction_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.transaction_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.used_by\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.used_by.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.user_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.user_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.wall_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.wall_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"columns.watcher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"columns.watcher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decorations.host_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decorations.host_uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":7,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ignore\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ignore.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":9,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":8,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sso_auth_status\",\"type\":\"string\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sso_auth_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sso_service\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sso_service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tag\",\"type\":\"string\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user\",\"type\":\"string\",\"count\":6,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"timeFieldName": "@timestamp",
"title": "logstash-*"
- }
- },
- {
- "id": "dc753c20-5616-11e8-b43b-036ee7010221",
- "type": "dashboard",
- "updated_at": "2018-08-08T07:19:24.613Z",
- "version": 1,
- "attributes": {
- "hits": 0,
- "timeRestore": false,
- "description": "",
- "title": "syslog: overview",
- "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":6,\"y\":0,\"w\":6,\"h\":3,\"i\":\"1\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"55d59470-55cc-11e8-b43b-036ee7010221\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":6,\"y\":3,\"w\":6,\"h\":3,\"i\":\"2\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"336b9ce0-55cc-11e8-b43b-036ee7010221\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":6,\"h\":3,\"i\":\"3\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"92ea0680-5616-11e8-b43b-036ee7010221\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":3,\"i\":\"4\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"5743f1e0-5616-11e8-b43b-036ee7010221\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":6,\"w\":12,\"h\":8,\"i\":\"5\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"a7056ce0-5616-11e8-b43b-036ee7010221\"}]",
- "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
- "version": 1,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
- }
+ },
+ "references": [],
+ "migrationVersion": {
+ "index-pattern": "7.6.0"
}
}
]
diff --git a/roles/log-collector/files/kibana/provisioning/web_overview.json b/roles/log-collector/files/kibana/provisioning/web_overview.json
index db481e18671312b63a23ac5db58190e684d4f52f..b939a8037a2ae1a033a04ab126b740b9f3fafbb5 100644
--- a/roles/log-collector/files/kibana/provisioning/web_overview.json
+++ b/roles/log-collector/files/kibana/provisioning/web_overview.json
@@ -1,120 +1,206 @@
{
- "version": "6.3.2",
+ "version": "7.7.0",
"objects": [
+ {
+ "id": "AV9wDlJSJ4s36xPImL8m",
+ "type": "dashboard",
+ "updated_at": "2019-05-30T20:10:13.980Z",
+ "version": "WzI1LDFd",
+ "attributes": {
+ "title": "web: overview",
+ "hits": 0,
+ "description": "",
+ "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":32,\"y\":0,\"w\":16,\"h\":15,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"columns\":[\"status\",\"verb\",\"vhost\",\"request\",\"agent\"]},\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":40,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"}]",
+ "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
+ "version": 1,
+ "timeRestore": false,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ }
+ },
+ "references": [
+ {
+ "name": "panel_0",
+ "type": "visualization",
+ "id": "AWBcpcqhmhRvefO8Fqke"
+ },
+ {
+ "name": "panel_1",
+ "type": "visualization",
+ "id": "AWBcn9temhRvefO8Fkhj"
+ },
+ {
+ "name": "panel_2",
+ "type": "visualization",
+ "id": "AWBh8jIzmhRvefO8gLxW"
+ },
+ {
+ "name": "panel_3",
+ "type": "visualization",
+ "id": "6ddaf180-5614-11e8-b43b-036ee7010221"
+ },
+ {
+ "name": "panel_4",
+ "type": "search",
+ "id": "1e7053a0-5615-11e8-b43b-036ee7010221"
+ }
+ ],
+ "migrationVersion": {
+ "dashboard": "7.3.0"
+ }
+ },
{
"id": "AWBcpcqhmhRvefO8Fqke",
"type": "visualization",
- "updated_at": "2018-08-11T11:46:56.150Z",
- "version": 2,
+ "updated_at": "2020-05-17T17:38:01.116Z",
+ "version": "WzMzNywyXQ==",
"attributes": {
- "visState": "{\n \"title\": \"web: hits per site top 8\",\n \"type\": \"histogram\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"position\": \"bottom\",\n \"scale\": {\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"@timestamp per 5 minutes\"\n },\n \"type\": \"category\"\n }\n ],\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n },\n \"valueAxis\": \"ValueAxis-1\"\n },\n \"legendPosition\": \"right\",\n \"seriesParams\": [\n {\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Count\"\n },\n \"drawLinesBetweenPoints\": true,\n \"mode\": \"stacked\",\n \"show\": \"true\",\n \"showCircles\": true,\n \"type\": \"histogram\",\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"times\": [],\n \"type\": \"histogram\",\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"labels\": {\n \"filter\": false,\n \"rotate\": 0,\n \"show\": true,\n \"truncate\": 100\n },\n \"name\": \"LeftAxis-1\",\n \"position\": \"left\",\n \"scale\": {\n \"mode\": \"normal\",\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"Count\"\n },\n \"type\": \"value\"\n }\n ]\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"vhost\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 8,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {},\n \"customLabel\": \"time\"\n }\n }\n ]\n}",
- "description": "",
"title": "web: hits per site top 8",
+ "visState": "{\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vhost\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 5 minutes\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"web: hits per site top 8\"}",
"uiStateJSON": "{}",
+ "description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"da92a2d0-55fd-11e8-b43b-036ee7010221\",\n \"query\": {\n \"query\": {\n \"match_all\": {}\n },\n \"language\": \"lucene\"\n },\n \"filter\": []\n}"
+ "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "da92a2d0-55fd-11e8-b43b-036ee7010221"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "AWBcn9temhRvefO8Fkhj",
"type": "visualization",
- "updated_at": "2018-08-11T11:46:40.007Z",
- "version": 2,
+ "updated_at": "2020-05-17T17:39:07.652Z",
+ "version": "WzM0NiwyXQ==",
"attributes": {
- "visState": "{\n \"title\": \"web: bytes per site\",\n \"type\": \"histogram\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"position\": \"bottom\",\n \"scale\": {\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"@timestamp per 5 minutes\"\n },\n \"type\": \"category\"\n }\n ],\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n },\n \"valueAxis\": \"ValueAxis-1\"\n },\n \"legendPosition\": \"right\",\n \"seriesParams\": [\n {\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Count\"\n },\n \"drawLinesBetweenPoints\": true,\n \"mode\": \"stacked\",\n \"show\": \"true\",\n \"showCircles\": true,\n \"type\": \"histogram\",\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"times\": [],\n \"type\": \"histogram\",\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"labels\": {\n \"filter\": false,\n \"rotate\": 75,\n \"show\": true,\n \"truncate\": 100\n },\n \"name\": \"LeftAxis-1\",\n \"position\": \"left\",\n \"scale\": {\n \"mode\": \"normal\",\n \"type\": \"linear\",\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"Count\"\n },\n \"type\": \"value\"\n }\n ]\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"vhost\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {},\n \"customLabel\": \"time\"\n }\n }\n ]\n}",
- "description": "",
"title": "web: bytes per site",
+ "visState": "{\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vhost\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 5 minutes\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\",\"defaultYExtents\":false,\"setYExtents\":false},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"web: bytes per site\"}",
"uiStateJSON": "{}",
+ "description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"da92a2d0-55fd-11e8-b43b-036ee7010221\",\n \"query\": {\n \"query\": {\n \"match_all\": {}\n },\n \"language\": \"lucene\"\n },\n \"filter\": []\n}"
+ "searchSourceJSON": "{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+ }
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "da92a2d0-55fd-11e8-b43b-036ee7010221"
}
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "AWBh8jIzmhRvefO8gLxW",
"type": "visualization",
- "updated_at": "2018-08-11T11:47:07.483Z",
- "version": 2,
+ "updated_at": "2019-04-27T16:50:02.443Z",
+ "version": "WzEyLDFd",
"attributes": {
- "visState": "{\n \"title\": \"web: host piechart\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": false,\n \"type\": \"pie\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"host\",\n \"size\": 7,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"host\"\n }\n }\n ],\n \"listeners\": {}\n}",
+ "visState": "{\"title\":\"web: host piechart\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"size\":7,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"host\"}}],\"listeners\":{}}",
"description": "",
"title": "web: host piechart",
"uiStateJSON": "{}",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"da92a2d0-55fd-11e8-b43b-036ee7010221\",\n \"query\": {\n \"query\": {\n \"match_all\": {}\n },\n \"language\": \"lucene\"\n },\n \"filter\": []\n}"
+ "searchSourceJSON": "{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "da92a2d0-55fd-11e8-b43b-036ee7010221"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "6ddaf180-5614-11e8-b43b-036ee7010221",
"type": "visualization",
- "updated_at": "2018-08-11T11:48:12.753Z",
- "version": 2,
+ "updated_at": "2020-05-17T17:40:10.666Z",
+ "version": "WzM1MCwyXQ==",
"attributes": {
- "visState": "{\n \"title\": \"web: requests per backend\",\n \"type\": \"line\",\n \"params\": {\n \"type\": \"line\",\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"type\": \"category\",\n \"position\": \"bottom\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\"\n },\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"title\": {}\n }\n ],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"name\": \"LeftAxis-1\",\n \"type\": \"value\",\n \"position\": \"left\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\",\n \"mode\": \"normal\"\n },\n \"labels\": {\n \"show\": true,\n \"rotate\": 0,\n \"filter\": false,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"Count\"\n }\n }\n ],\n \"seriesParams\": [\n {\n \"show\": \"true\",\n \"type\": \"line\",\n \"mode\": \"normal\",\n \"data\": {\n \"label\": \"Count\",\n \"id\": \"1\"\n },\n \"valueAxis\": \"ValueAxis-1\",\n \"drawLinesBetweenPoints\": true,\n \"showCircles\": true\n }\n ],\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"times\": [],\n \"addTimeMarker\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"backend\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {},\n \"customLabel\": \"time\"\n }\n }\n ]\n}",
- "description": "",
- "title": "web: requests per backend",
+ "title": "web: requests per backend top 5",
+ "visState": "{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"backend\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"title\":\"web: requests per backend top 5\"}",
"uiStateJSON": "{}",
+ "description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\n \"index\": \"da92a2d0-55fd-11e8-b43b-036ee7010221\",\n \"filter\": [],\n \"query\": {\n \"query\": \"\",\n \"language\": \"lucene\"\n }\n}"
+ "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "da92a2d0-55fd-11e8-b43b-036ee7010221"
+ }
+ ],
+ "migrationVersion": {
+ "visualization": "7.7.0"
}
},
{
"id": "1e7053a0-5615-11e8-b43b-036ee7010221",
"type": "search",
- "updated_at": "2018-08-08T07:19:22.874Z",
- "version": 1,
+ "updated_at": "2019-04-27T16:50:02.443Z",
+ "version": "WzE0LDFd",
"attributes": {
"sort": [
- "@timestamp",
- "desc"
+ [
+ "@timestamp",
+ "desc"
+ ]
],
"hits": 0,
"description": "",
"title": "Default HTTP search",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"da92a2d0-55fd-11e8-b43b-036ee7010221\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
+ "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
},
"columns": [
"_source"
]
+ },
+ "references": [
+ {
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern",
+ "id": "da92a2d0-55fd-11e8-b43b-036ee7010221"
+ }
+ ],
+ "migrationVersion": {
+ "search": "7.4.0"
}
},
{
"id": "da92a2d0-55fd-11e8-b43b-036ee7010221",
"type": "index-pattern",
- "updated_at": "2018-08-11T12:25:25.052Z",
- "version": 4,
+ "updated_at": "2019-12-17T17:40:10.151Z",
+ "version": "WzkzLDFd",
"attributes": {
- "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"backend\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"httpversion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"originalmsg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"originalmsg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed-data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed-data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"verb\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vhost\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
+ "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"backend\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"httpversion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"originalmsg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed-data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"verb\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vhost\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
+ "fieldFormatMap": "{\"request_value\":{\"id\":\"string\"}}",
"timeFieldName": "@timestamp",
- "title": "http-*",
- "fieldFormatMap": "{\"request_value\":{\"id\":\"string\"}}"
- }
- },
- {
- "id": "AV9wDlJSJ4s36xPImL8m",
- "type": "dashboard",
- "updated_at": "2018-08-11T12:24:43.985Z",
- "version": 2,
- "attributes": {
- "title": "web: overview",
- "hits": 0,
- "description": "",
- "panelsJSON": "[{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":32,\"h\":15,\"i\":\"3\"},\"id\":\"AWBcpcqhmhRvefO8Fqke\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"4\"},\"id\":\"AWBcn9temhRvefO8Fkhj\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":32,\"y\":0,\"w\":16,\"h\":15,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"id\":\"AWBh8jIzmhRvefO8gLxW\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"9\"},\"id\":\"6ddaf180-5614-11e8-b43b-036ee7010221\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":40,\"i\":\"10\"},\"id\":\"1e7053a0-5615-11e8-b43b-036ee7010221\",\"type\":\"search\",\"version\":\"6.3.2\"}]",
- "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
- "version": 1,
- "timeRestore": false,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"match_all\":{}}}}"
- }
+ "title": "http-*"
+ },
+ "references": [],
+ "migrationVersion": {
+ "index-pattern": "7.6.0"
}
}
]
diff --git a/roles/log-collector/templates/elasticsearch/elasticsearch.yml b/roles/log-collector/templates/elasticsearch/elasticsearch.yml
index 5a581bc96b21365a788525e2bbcaaa4e0cb46aa0..9f6b005186424c38dad0af6e7f49c4e4103ffc20 100644
--- a/roles/log-collector/templates/elasticsearch/elasticsearch.yml
+++ b/roles/log-collector/templates/elasticsearch/elasticsearch.yml
@@ -93,3 +93,8 @@ gateway.expected_nodes: 1
#
#action.destructive_requires_name: true
#
+
+cluster.initial_master_nodes:
+{% for s in groups['log-collector']|sort %}
+ - "{{ s }}"
+{% endfor %}
diff --git a/roles/log-collector/templates/elasticsearch/jvm.options b/roles/log-collector/templates/elasticsearch/jvm.options
index e70e535a6c458ddac3959bf8f2cd2480e01bab31..9f6a42a7048e59fa5858da47ac97e6668916be00 100644
--- a/roles/log-collector/templates/elasticsearch/jvm.options
+++ b/roles/log-collector/templates/elasticsearch/jvm.options
@@ -32,10 +32,9 @@
##
################################################################
-## GC configuration
--XX:+UseConcMarkSweepGC
--XX:CMSInitiatingOccupancyFraction=75
--XX:+UseCMSInitiatingOccupancyOnly
+-XX:+UseG1GC
+-XX:G1ReservePercent=25
+-XX:InitiatingHeapOccupancyPercent=30
## optimizations
@@ -103,5 +102,5 @@
#9-:-Djava.locale.providers=COMPAT
# Silence annoying warning (cf. https://discuss.elastic.co/t/http-publish-host-was-printed-as-ip-port-instead-of-hostname-ip-port/170820/2)
--Des.http.cname_in_publish_address=true
+-Des.transport.cname_in_publish_address=true
diff --git a/roles/log-collector/templates/kibana/kibana.yml b/roles/log-collector/templates/kibana/kibana.yml
index 1992e6c773dc4c9e5e17c3931e096d152150358a..1533c36489f14f2d5a111d5efc86bad379d003f9 100644
--- a/roles/log-collector/templates/kibana/kibana.yml
+++ b/roles/log-collector/templates/kibana/kibana.yml
@@ -17,9 +17,6 @@ server.host: "0.0.0.0"
# The Kibana server's name. This is used for display purposes.
server.name: "logs.{{ domain_public[0] }}"
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://localhost:9200"
-
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
diff --git a/roles/log-collector/templates/loki-config.yaml.j2 b/roles/log-collector/templates/loki-config.yaml.j2
index e4ac9efa3bf710737c492603e424b6a7546007c2..73a0aeeb07b00b1f8a2c8ea44d4e63b0c3ebc831 100644
--- a/roles/log-collector/templates/loki-config.yaml.j2
+++ b/roles/log-collector/templates/loki-config.yaml.j2
@@ -1,9 +1,7 @@
auth_enabled: false
server:
- http_listen_address: 127.0.0.1
http_listen_port: 3100
- grpc_listen_address: 127.0.0.1
grpc_listen_port: 9095
ingester:
diff --git a/roles/log-collector/templates/rsyslog-collector.conf.j2 b/roles/log-collector/templates/rsyslog-collector.conf.j2
index 42f301bef95868b69d94f33ae4f0b485896f237d..cb662819fc6d9c78be5ecfe6f0c3a5c477f66cd0 100644
--- a/roles/log-collector/templates/rsyslog-collector.conf.j2
+++ b/roles/log-collector/templates/rsyslog-collector.conf.j2
@@ -54,7 +54,7 @@ template(name="lokiTemplate"
constant(value=",")
property(outname="priority" name="syslogpriority-text" caseConversion="upper" format="jsonf")
constant(value=",")
- property(outname="syslogtag" name="syslogtag" format="jsonf")
+ property(outname="job" name="programname" format="jsonf")
constant(value="},")
constant(value="\"values\": [[\"")
property(name="timegenerated" dateFormat="unixtimestamp" format="json")
@@ -68,36 +68,25 @@ template(name="lokiTemplateHTTP"
constant(value="\"stream\":")
constant(value="{")
property(outname="host" name="hostname" format="jsonf")
- constant(value="\"},")
- constant(value="\"values\": [[\"")
- property(outname="@timestamp" name="timereported" dateFormat="unixtimestamp" format="jsonf")
- constant(value="000000000")
- constant(value="\",\"") property(name="$!all-json" position.from="2" format="jsonf")
- constant(value="\"]]}")
-}
-template(name="lokiTemplateJSON"
- type="list" ) {
- constant(value="{")
- constant(value="\"stream\":")
- constant(value="{")
- property(outname="host" name="hostname" format="jsonf")
- property(outname="tag" name="syslogtag" format="jsonf")
- property(outname="program" name="programname" format="jsonf")
- constant(value="\"},")
+ constant(value=",\"job\":\"http\"")
+ constant(value=",") property(outname="vhost" name="$!vhost" format="jsonf")
+ constant(value=",") property(outname="status" name="$!status" format="jsonf")
+ constant(value=",") property(outname="method" name="$!verb" format="jsonf")
+ constant(value="},")
constant(value="\"values\": [[\"")
- property(outname="@timestamp" name="timereported" dateFormat="unixtimestamp" format="jsonf")
- constant(value="\",\"") property(name="$!all-json" position.from="2" format="jsonf")
- constant(value="\"]]}")
-}
-# Structured audit logs already contain a @timestamp field, so we
-# don't have to add our own.
-template(name="lokiTemplateAudit"
- type="list" ) {
- constant(value="{")
- constant(value="\"stream\":")
- constant(value="{")
- property(outname="host" name="hostname" format="jsonf")
- property(name="$!all-json" position.from="2")
+ property(name="timegenerated" dateFormat="unixtimestamp" format="json")
+ constant(value="000000000\",\"")
+ property(name="$!backend" format="json") constant(value=" ")
+ property(name="$!agent" format="json") constant(value=" ")
+ property(name="$!referrer" format="json") constant(value=" ")
+ property(name="$!bytes" format="json") constant(value=" ")
+ property(name="$!status"format="json") constant(value=" ")
+ property(name="$!httpversion" format="json") constant(value=" ")
+ property(name="$!request" format="json") constant(value=" ")
+ property(name="$!verb" format="json") constant(value=" ")
+ property(name="$!auth" format="json") constant(value=" ")
+ property(name="$!ident" format="json") constant(value=" ")
+ property(name="$!vhost" format="json") constant(value=" ")
constant(value="\"]]}")
}
{% endif %}
@@ -235,49 +224,7 @@ ruleset(name="incoming"){
if ($programname == "loki") then {
stop
}
-if (substring($msg, 1, 5) == "@cee:") then {
- action(type="mmjsonparse")
- if ($syslogfacility-text == "auth" and $programname == "audit") then {
- # Structured audit logs go to a dedicated Loki index.
- action(type="omhttp"
- server="127.0.0.1"
- serverport="3100"
- name="loki"
- useHttps="off"
- checkpath="ready"
- httpcontenttype="application/json"
- restpath="loki/api/v1/push"
- template="lokiTemplateAudit"
- batch.format="lokirest"
- batch="on"
- batch.maxsize="10"
- queue.size="10000"
- queue.type="linkedList"
- queue.workerthreads="3"
- queue.workerthreadMinimumMessages="1000"
- queue.timeoutWorkerthreadShutdown="500"
- queue.timeoutEnqueue="10000")
- } else {
- action(type="omhttp"
- server="127.0.0.1"
- serverport="3100"
- name="loki"
- useHttps="off"
- checkpath="ready"
- httpcontenttype="application/json"
- restpath="loki/api/v1/push"
- template="lokiTemplateJSON"
- batch.format="lokirest"
- batch="on"
- batch.maxsize="10"
- queue.size="10000"
- queue.type="linkedList"
- queue.workerthreads="3"
- queue.workerthreadMinimumMessages="1000"
- queue.timeoutWorkerthreadShutdown="500"
- queue.timeoutEnqueue="10000")
- }
- } else if ($syslogfacility-text == "local3") then {
+if ($syslogfacility-text == "local3") then {
# HTTP logs from the front-end. Run it through mmnormalize to
# convert the standard CommonLog format into JSON, then send it to
# Loki.
diff --git a/roles/nginx/files/nginx.service b/roles/nginx/files/nginx.service
index cf993894264b55d5203a02748bf40326e23ec90b..dda45307e70a7183df007d72151f3bea742c0f76 100644
--- a/roles/nginx/files/nginx.service
+++ b/roles/nginx/files/nginx.service
@@ -12,7 +12,7 @@ PIDFile=/run/nginx/nginx.pid
# option, force ownership here or nginx will refuse to (re)start.
ExecStartPre=+/usr/bin/install -v -d -m 700 -o nginx -g nginx /var/cache/nginx /var/cache/nginx/temp
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on; error_log stderr;'
-ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on; error_log stderr;'
+ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on; error_log /dev/null;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on; error_log stderr;' -s reload
ExecStop=/bin/kill -TERM $MAINPID
diff --git a/roles/nginx/templates/config/nginx.conf b/roles/nginx/templates/config/nginx.conf
index 60a2b2faaebf52f1608c99957f4d4f91544f334a..a0b58a6b50e59231db3cca67fff8bc99fa9e4dc7 100644
--- a/roles/nginx/templates/config/nginx.conf
+++ b/roles/nginx/templates/config/nginx.conf
@@ -6,7 +6,7 @@ events {
}
pid /run/nginx/nginx.pid;
-error_log syslog:server=unix:/dev/log,tag=nginx;
+error_log syslog:server=unix:/dev/log,tag=nginx,nohostname;
http {
server_tokens off;
diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml
index 6200419eec19024474bf86e2970635b03efaccac..366b8b4fa3a2023b59aa1384e7db1de0ca636cfb 100644
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -11,8 +11,11 @@ alertmanager_smtp_hello: "localhost"
alertmanager_smtp_auth_username: ""
alertmanager_smtp_auth_password: ""
-# Define if you have a playbook website
-#alertmanager_playbook_url: ""
+# Base URL for playbooks (no trailing slash).
+# Note: do not use template substitution in this var! We are
+# changing the template beg/end markers in the alert rules,
+# so using {{ here will generate broken rules files.
+alert_playbook_url: "https://playbooks"
# Custom blackbox probes.
prometheus_custom_blackbox_probes: {}
diff --git a/roles/prometheus/files/grafana/provisioning/datasources/loki.yaml b/roles/prometheus/files/grafana/provisioning/datasources/loki.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..67e0d3240f9cc623252a8fdc936386373bcfb1d6
--- /dev/null
+++ b/roles/prometheus/files/grafana/provisioning/datasources/loki.yaml
@@ -0,0 +1,8 @@
+apiVersion: 1
+datasources:
+ - name: Loki
+ type: loki
+ access: proxy
+ url: http://log-collector.infra.bitmask.net:3100
+ jsonData:
+ maxLines: 1000
diff --git a/roles/prometheus/files/rules/alerts_syslog.conf.yml b/roles/prometheus/files/rules/alerts_syslog.conf.yml
deleted file mode 100644
index 22079a95552fc2fb210bb3370aac006f9bbadc74..0000000000000000000000000000000000000000
--- a/roles/prometheus/files/rules/alerts_syslog.conf.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-groups:
- - name: roles/prometheus/files/rules/alerts_syslog.conf
- rules:
- - alert: SyslogDroppingLogs
- expr: rsyslog_queue_discarded:rate5m > 10
- for: 10m
- labels:
- severity: page
- annotations:
- description: Syslog collector is dropping logs on {{ $labels.host }}
- summary: Syslog collector is dropping logs
diff --git a/roles/prometheus/handlers/main.yml b/roles/prometheus/handlers/main.yml
index 1c96e36a62229b6038f51d5bd0ee04b71b1030e4..2b3ace888a455b9216e12ef1ea35301c52ff92a9 100644
--- a/roles/prometheus/handlers/main.yml
+++ b/roles/prometheus/handlers/main.yml
@@ -23,3 +23,9 @@
name: docker-prometheus-grafana.service
state: restarted
listen: "restart grafana"
+
+- name: restart karma
+ systemd:
+ name: docker-prometheus-karma.service
+ state: restarted
+ listen: "reload karma"
diff --git a/roles/prometheus/tasks/prometheus.yml b/roles/prometheus/tasks/prometheus.yml
index 42b83997604a3ea9a02556b2013dda97ea87b14c..efe5a79953a31f78f81a94393e897759f0db1296 100644
--- a/roles/prometheus/tasks/prometheus.yml
+++ b/roles/prometheus/tasks/prometheus.yml
@@ -1,6 +1,11 @@
---
# Configure Prometheus components.
+#
+# Since Prometheus configurations and templates are heavy with Go template
+# syntax, which uses the same escapes as Ansible, we override the Ansible
+# template variable delimiters to '[[' and ']]', so that they do not conflict
+# with the Go syntax.
- name: Create /etc/prometheus and subdirs
file:
@@ -14,17 +19,21 @@
- "/etc/prometheus/console_libraries"
- name: Install Prometheus rules
- copy:
+ template:
src: "{{ item }}"
dest: "/etc/prometheus/rules/"
+ variable_start_string: "[["
+ variable_end_string: "]]"
with_fileglob:
- - files/rules/*.conf.yml
+ - templates/rules/*.conf.yml
notify: "reload prometheus"
- name: Install alertmanager templates
template:
src: "{{ item }}"
dest: "/etc/prometheus/alertmanager_templates/"
+ variable_start_string: "[["
+ variable_end_string: "]]"
with_fileglob:
- templates/alertmanager_templates/*
notify: "reload prometheus"
@@ -49,3 +58,14 @@
loop:
- alertmanager
- metrics2
+
+- name: Create /etc/karma
+ file:
+ path: /etc/karma
+ state: directory
+
+- name: Install Karma configuration
+ template:
+ src: karma.yml.j2
+ dest: "/etc/karma/float.yml"
+ notify: "reload karma"
diff --git a/roles/prometheus/templates/alertmanager_templates/email.tmpl b/roles/prometheus/templates/alertmanager_templates/email.tmpl
index ff2e3320d366d2178af30618ece3f05a2848eb36..8d1c089c5d54f725f3240693c2d9cd9c19f8ffa4 100644
--- a/roles/prometheus/templates/alertmanager_templates/email.tmpl
+++ b/roles/prometheus/templates/alertmanager_templates/email.tmpl
@@ -1,14 +1,5 @@
-{% if alertmanager_playbook_url is defined %}
-{% raw %}{{ define "playbook_url.html" }}{% endraw %}
-<a href="{{ alertmanager_playbook_url }}/{% raw %}{{.Labels.alertname}}{% endraw %}.md">Playbook</a><br />
-{% raw %}{{ end }}{% endraw %}
-{% else %}
-{% raw %}
-{{ define "playbook_url.html" }}{{ end }}
-{% endraw %}
-{% endif %}
-
-{% raw %}
+{{ define "__alertmanagerURL" }}https://alerts.[[ domain_public[0] ]]/?q=%40state%3Dactive{{ end }}
+
{{ define "email.float.html" }}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
@@ -324,7 +315,7 @@ a {
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td class="content-block">
- <a href='{{ template "__alertmanagerURL" . }}' class="btn-primary">View in {{ template "__alertmanager" . }}</a>
+ <a href='{{ template "__alertmanagerURL" . }}' class="btn-primary">View in alerts dashboard</a>
</td>
</tr>
{{ if gt (len .Alerts.Firing) 0 }}
@@ -341,7 +332,6 @@ a {
{{ range .Labels.SortedPairs }}{{ .Name }} = {{ .Value }}<br />{{ end }}
{{ if gt (len .Annotations) 0 }}<strong>Annotations</strong><br />{{ end }}
{{ range .Annotations.SortedPairs }}{{ .Name }} = {{ .Value }}<br />{{ end }}
- {{ template "playbook_url.html" . }}
<a href="{{ .GeneratorURL }}">Source</a><br />
</td>
</tr>
@@ -382,7 +372,7 @@ a {
<div class="footer">
<table width="100%">
<tr>
- <td class="aligncenter content-block"><a href='{{ .ExternalURL }}'>Sent by {{ template "__alertmanager" . }}</a></td>
+ <td class="aligncenter content-block"><a href="https://alerts.[[ domain_public[0] ]]">Alerts dashboard</a></td>
</tr>
</table>
</div></div>
@@ -394,4 +384,3 @@ a {
</body>
</html>
{{ end }}
-{% endraw %}
diff --git a/roles/prometheus/templates/karma.yml.j2 b/roles/prometheus/templates/karma.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c23e0de6a0379c7e1b03961af67aedbe8badb9c6
--- /dev/null
+++ b/roles/prometheus/templates/karma.yml.j2
@@ -0,0 +1,21 @@
+# https://github.com/prymitive/karma/blob/master/docs/CONFIGURATION.md
+alertmanager:
+ servers:
+ - name: "{{ domain }}"
+ uri: "http://prometheus.{{ domain }}:9093"
+ proxy: true
+
+# Auto-fill silence dialog with the authenticated user
+authentication:
+ header:
+ name: X-Authenticated-User
+ value_re: ^(.+)$
+
+# Start with 'description' label collapsed
+annotations:
+ hidden:
+ - description
+
+filters:
+ default:
+ - "@state=active"
diff --git a/roles/prometheus/files/rules/alerts_acme.conf.yml b/roles/prometheus/templates/rules/alerts_acme.conf.yml
similarity index 96%
rename from roles/prometheus/files/rules/alerts_acme.conf.yml
rename to roles/prometheus/templates/rules/alerts_acme.conf.yml
index 6f15c9e6b3c06e4492cf873ed99f253f109c42c9..0b52fb559b092e94fa1fd3c20ab6fb35017b78d9 100644
--- a/roles/prometheus/files/rules/alerts_acme.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_acme.conf.yml
@@ -35,3 +35,4 @@ groups:
annotations:
summary: 'ACME automation completely broken'
description: 'It seems that the ACME automation has loaded zero valid certificates, something must be broken.'
+ runbook: '[[ alert_playbook_url ]]/ACMEBroken'
diff --git a/roles/prometheus/files/rules/alerts_backup.conf.yml b/roles/prometheus/templates/rules/alerts_backup.conf.yml
similarity index 92%
rename from roles/prometheus/files/rules/alerts_backup.conf.yml
rename to roles/prometheus/templates/rules/alerts_backup.conf.yml
index 6d5d0f7df2197721e0023097cbbbff23a771030e..d28e7b1165ebd64baa891fd905332645bdd821f9 100644
--- a/roles/prometheus/files/rules/alerts_backup.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_backup.conf.yml
@@ -17,3 +17,4 @@ groups:
annotations:
summary: '{{ $labels.dataset }} backup failure on {{ $labels.host }}'
description: 'Dataset {{ $labels.dataset }} has failed its backups on {{ $labels.host }} for two days.'
+ runbook: '[[ alert_playbook_url ]]/BackupFailed'
diff --git a/roles/prometheus/files/rules/alerts_base.conf.yml b/roles/prometheus/templates/rules/alerts_base.conf.yml
similarity index 94%
rename from roles/prometheus/files/rules/alerts_base.conf.yml
rename to roles/prometheus/templates/rules/alerts_base.conf.yml
index 1cc6bf60221baa7eac0fb0fff4f6b8f03f731f86..b6c9718a06601c0ff5678b7d586411444e4c863c 100644
--- a/roles/prometheus/files/rules/alerts_base.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_base.conf.yml
@@ -63,6 +63,7 @@ groups:
annotations:
summary: 'Job {{ $labels.job }} is down globally'
description: 'Job {{ $labels.job }} is down globally (availability {{ $value }}).'
+ runbook: '[[ alert_playbook_url ]]/JobDown'
- alert: ProbeFailure
expr: target:probe_success:ratio{probe!="ping",probeset!="service"} < 0.5
@@ -74,6 +75,7 @@ groups:
summary: 'Probe {{ $labels.probe }}@{{ $labels.target }} is failing'
description: 'Probe {{ $labels.probe }} ({{ $labels.zone }}) is failing
for target {{ $labels.target }} (success ratio {{ $value }}).'
+ runbook: '[[ alert_playbook_url ]]/ProbeFailure'
- alert: ProbeFailure
expr: probe:probe_success:ratio{probe!="ping",probeset!="service"} < 0.5
@@ -85,3 +87,4 @@ groups:
summary: 'Probe {{ $labels.probe }} is failing globally'
description: 'Probe {{ $labels.probe }} ({{ $labels.zone }}) is failing
globally (success ratio {{ $value }}).'
+ runbook: '[[ alert_playbook_url ]]/ProbeFailure'
diff --git a/roles/prometheus/files/rules/alerts_cpu.conf.yml b/roles/prometheus/templates/rules/alerts_cpu.conf.yml
similarity index 93%
rename from roles/prometheus/files/rules/alerts_cpu.conf.yml
rename to roles/prometheus/templates/rules/alerts_cpu.conf.yml
index bcc5912699fe8d4fe48cfbdbb904b6202edd39b7..7568f0f7c4b80f9159a3f1bd67220d8a7066199d 100644
--- a/roles/prometheus/files/rules/alerts_cpu.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_cpu.conf.yml
@@ -22,4 +22,5 @@ groups:
annotations:
summary: 'Host {{$labels.host}} is thrashing'
description: 'Load average on host {{$labels.host}} is very high ({{$value}}), the host is likely unresponsive.'
+ runbook: '[[ alert_playbook_url ]]/HostThrashing'
diff --git a/roles/prometheus/files/rules/alerts_disk.conf.yml b/roles/prometheus/templates/rules/alerts_disk.conf.yml
similarity index 88%
rename from roles/prometheus/files/rules/alerts_disk.conf.yml
rename to roles/prometheus/templates/rules/alerts_disk.conf.yml
index 2796b2986c379f8c6e270837772f72ea3cb278a3..b384df5d0a71daae213dfe4477dafcb81478e0a0 100644
--- a/roles/prometheus/files/rules/alerts_disk.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_disk.conf.yml
@@ -10,3 +10,4 @@ groups:
annotations:
summary: 'Disk {{ $labels.mountpoint }} on {{ $labels.instance }} is almost full'
description: 'Disk {{ $labels.mountpoint }} on {{ $labels.instance }} will be full in less than 4 hours'
+ runbook: '[[ alert_playbook_url ]]/DiskWillFillIn4Hours'
diff --git a/roles/prometheus/files/rules/alerts_mysql.conf.yml b/roles/prometheus/templates/rules/alerts_mysql.conf.yml
similarity index 86%
rename from roles/prometheus/files/rules/alerts_mysql.conf.yml
rename to roles/prometheus/templates/rules/alerts_mysql.conf.yml
index 4d33a13f14a57ea8b1fd41c9206756818d6af058..a74dbd1510d449a8e5d1717efeaaab198d0adbda 100644
--- a/roles/prometheus/files/rules/alerts_mysql.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_mysql.conf.yml
@@ -9,6 +9,8 @@ groups:
annotations:
description: Slave replication (IO or SQL) has been down for more than 2 minutes on {{ $labels.job }}@{{ $labels.host }}.
summary: Slave replication is not running for {{ $labels.job }}
+ runbook: '[[ alert_playbook_url ]]/MySQLReplicationBroken'
+
- alert: MySQLReplicationBehind
expr: (mysql_heartbeat_lag_seconds > 30) and on(instance) (predict_linear(mysql_heartbeat_lag_seconds[5m], 60 * 2) > 0)
for: 2m
@@ -17,6 +19,8 @@ groups:
annotations:
description: The mysql slave replication has fallen behind and is not recovering on {{ $labels.job }}@{{ $labels.host }}.
summary: MySQL slave replication is lagging for {{ $labels.job }}
+ runbook: '[[ alert_playbook_url ]]/MySQLReplicationBehind'
+
- alert: MySQLInnoDBLogWaits
expr: rate(mysql_global_status_innodb_log_waits[15m]) > 10
labels:
@@ -24,3 +28,5 @@ groups:
annotations:
description: The innodb logs are waiting for disk at a rate of {{$value}} / second on {{ $labels.job }}@{{ $labels.host }}
summary: MySQL innodb log writes stalling for {{ $labels.job }}
+ runbook: '[[ alert_playbook_url ]]/MySQLInnoDBLogWaits'
+
diff --git a/roles/prometheus/files/rules/alerts_net.conf.yml b/roles/prometheus/templates/rules/alerts_net.conf.yml
similarity index 85%
rename from roles/prometheus/files/rules/alerts_net.conf.yml
rename to roles/prometheus/templates/rules/alerts_net.conf.yml
index 2d9f2ebb2fe43a709580db52760f4766ab2ca9ad..3811fa6f3a9526cdb1edb64d15708aaa0fab5965 100644
--- a/roles/prometheus/files/rules/alerts_net.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_net.conf.yml
@@ -9,6 +9,8 @@ groups:
annotations:
description: 'Conntrack table on {{ $labels.instance }} is more than 90% full.'
summary: 'Conntrack table on {{ $labels.instance }} is almost full'
+ runbook: '[[ alert_playbook_url ]]/ConntrackTableFull'
+
- alert: NetworkErrors
expr: instance:node_network_errs_total:rate5m > 1
for: 15m
@@ -17,6 +19,8 @@ groups:
annotations:
summary: 'High rate of packet errors on {{ $labels.instance }}/{{ $labels.device }}'
description: 'High rate of packet errors on {{ $labels.instance }} device {{ $labels.device }}.'
+ runbook: '[[ alert_playbook_url ]]/NetworkErrors'
+
- alert: NetworkDrops
expr: instance:node_network_drop_total:rate5m > 1
for: 15m
@@ -25,6 +29,8 @@ groups:
annotations:
summary: 'High rate of packet drops on {{ $labels.instance }}/{{ $labels.device }}'
description: 'High rate of packet drops on {{ $labels.instance }} device {{ $labels.device }}.'
+ runbook: '[[ alert_playbook_url ]]/NetworkDrops'
+
- alert: HostUnreachable
expr: probe_success{job="blackbox_ping"} < 1
for: 5m
@@ -33,3 +39,4 @@ groups:
annotations:
summary: 'Host {{ $labels.instance }} is unreachable'
description: 'Host {{ $labels.instance }} is unreachable (does not respond to icmp).'
+ runbook: '[[ alert_playbook_url ]]/HostUnreachable'
diff --git a/roles/prometheus/files/rules/alerts_nginx.conf.yml b/roles/prometheus/templates/rules/alerts_nginx.conf.yml
similarity index 87%
rename from roles/prometheus/files/rules/alerts_nginx.conf.yml
rename to roles/prometheus/templates/rules/alerts_nginx.conf.yml
index 15d5e9673bc551e88d1bb63f933f49e6dc56ce55..1b6f099e5b7ca8483410be6f2838c34e58a9ab7c 100644
--- a/roles/prometheus/files/rules/alerts_nginx.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_nginx.conf.yml
@@ -12,6 +12,7 @@ groups:
annotations:
summary: 'High HTTP error ratio for {{$labels.vhost}} globally'
description: 'We are serving lots of 5xx errors for {{$labels.vhost}} on all frontends.'
+ runbook: '[[ alert_playbook_url ]]/HTTPErrorRatioHigh'
- alert: HTTPErrorRatioHigh
expr: (host:nginx_http_requests_errs:ratio > 0.2 and host:nginx_http_requests_total:rate5m > 0.1)
@@ -23,3 +24,5 @@ groups:
annotations:
summary: 'High HTTP error ratio for {{$labels.vhost}} on {{$labels.host}}'
description: 'We are serving lots of 5xx errors for {{$labels.vhost}} on {{$labels.host}}.'
+ runbook: '[[ alert_playbook_url ]]/HTTPErrorRatioHigh'
+
diff --git a/roles/prometheus/files/rules/alerts_prometheus.conf.yml b/roles/prometheus/templates/rules/alerts_prometheus.conf.yml
similarity index 71%
rename from roles/prometheus/files/rules/alerts_prometheus.conf.yml
rename to roles/prometheus/templates/rules/alerts_prometheus.conf.yml
index e384a7ba80c44d3cb4458ec2f5e0963f4b3df6b7..3ddea7b0d8afcbc4a87c4004610ca7c132d2b3f3 100644
--- a/roles/prometheus/files/rules/alerts_prometheus.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_prometheus.conf.yml
@@ -1,172 +1,164 @@
groups:
- name: roles/prometheus/files/rules/alerts_prometheus.conf
rules:
- - alert: PrometheusUnreachable
- expr: up{job=~"prometheus.*"} == 0
- for: 10m
- labels:
- pager: pagerduty
- service: prometheus
- severity: critical
- annotations:
- description: '{{$labels.job}} at {{$labels.instance}} could not be scraped for
- over 10 minutes.'
- title: '{{$labels.job}} is unreachable'
- - alert: PrometheusManyRestarts
- expr: changes(process_start_time_seconds{job=~"prometheus.*"}[30m]) > 3
- for: 30m
- labels:
- pager: pagerduty
- service: prometheus
- severity: critical
- annotations:
- description: '{{$labels.job}} at {{$labels.instance}} has restarted more than
- 3 times in the last 30 minutes. It might be crashlooping.'
- title: '{{$labels.job}} is restarting frequently'
- alert: PrometheusRuleEvaluationSlow
expr: prometheus_evaluator_duration_seconds{job=~"prometheus.*",quantile="0.9"}
> 60
for: 10m
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has a 90th percentile
latency of {{$value}}s completing rule evaluation cycles.'
- title: '{{$labels.job}} is evaluating rules too slowly'
+ summary: '{{$labels.job}} is evaluating rules too slowly'
+
- alert: PrometheusCheckpointingSlow
expr: avg_over_time(prometheus_local_storage_checkpoint_last_duration_seconds{job=~"prometheus.*"}[15m])
> prometheus_local_storage_max_chunks_to_persist{job=~"prometheus.*"} / 5000
for: 5m
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} needs {{$value}}s on average
for each checkpoint.'
- title: '{{$labels.job}} is checkpointing too slowly'
+ summary: '{{$labels.job}} is checkpointing too slowly'
+
- alert: PrometheusIndexingBacklog
expr: prometheus_local_storage_indexing_queue_length{job=~"prometheus.*"} / prometheus_local_storage_indexing_queue_capacity{job=~"prometheus.*"}
* 100 > 10
for: 30m
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} is backlogging on the
indexing queue for more than 30m. Queue is currently {{$value | printf `%.0f`}}%
full.'
- title: '{{$labels.job}} is backlogging on the indexing queue'
+ summary: '{{$labels.job}} is backlogging on the indexing queue'
+
- alert: PrometheusNotIngestingSamples
expr: rate(prometheus_local_storage_ingested_samples_total{job=~"prometheus.*"}[5m])
== 0
for: 5m
labels:
- service: prometheus
- severity: critical
+ scope: host
+ severity: page
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has not ingested any samples
in the last 10 minutes.'
- title: '{{$labels.job}} is not ingesting samples'
+ summary: '{{$labels.job}} is not ingesting samples'
+ runbook: '[[ alert_playbook_url ]]/PrometheusNotIngestingSamples'
+
- alert: PrometheusPersistErrors
expr: rate(prometheus_local_storage_persist_errors_total{job=~"prometheus.*"}[10m])
> 0
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has encountered {{$value}}
persist errors per second in the last 10 minutes.'
- title: '{{$labels.job}} has persist errors'
+ summary: '{{$labels.job}} has persist errors'
+
- alert: PrometheusNotificationsBacklog
expr: prometheus_notifications_queue_length{job=~"prometheus.*"} > 0
for: 10m
labels:
- pager: pagerduty
- service: prometheus
- severity: critical
+ scope: host
+ severity: page
annotations:
description: '{{$labels.job}} at {{$labels.instance}} is backlogging on the
notifications queue. The queue has not been empty for 10 minutes. Current
queue length: {{$value}}.'
- title: '{{$labels.job}} is backlogging on the notifications queue'
+ summary: '{{$labels.job}} is backlogging on the notifications queue'
+ runbook: '[[ alert_playbook_url ]]/PrometheusNotificationsBacklog'
+
- alert: PrometheusScrapingSlowly
expr: prometheus_target_interval_length_seconds{interval!~".*m.*",job=~"prometheus.*",quantile="0.9"}
> 2 * 60
for: 10m
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has a 90th percentile
latency of {{$value}}s for scraping targets in the {{$labels.interval}} target
pool.'
- title: '{{$labels.job}} is scraping targets slowly'
+ summary: '{{$labels.job}} is scraping targets slowly'
+
- alert: PrometheusStorageInconsistent
expr: prometheus_local_storage_inconsistencies_total{job=~"prometheus.*"} > 0
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has detected a storage
inconsistency. A server restart is needed to initiate recovery.'
- title: '{{$labels.job}} has an inconsistent storage'
+ summary: '{{$labels.job}} has an inconsistent storage'
+
- alert: PrometheusPersistencePressureTooHigh
expr: prometheus_local_storage_persistence_urgency_score{job=~"prometheus.*"}
> 0.8 and predict_linear(prometheus_local_storage_persistence_urgency_score{job=~"prometheus.*"}[30m],
3600 * 24) > 1
for: 30m
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} is approaching critical
persistence pressure. Throttled ingestion expected within the next 24h.'
- title: '{{$labels.job}} can not keep up persisting'
+ summary: '{{$labels.job}} can not keep up persisting'
+
- alert: PrometheusPersistencePressureTooHigh
expr: prometheus_local_storage_persistence_urgency_score{job=~"prometheus.*"}
> 0.85 and predict_linear(prometheus_local_storage_persistence_urgency_score{job=~"prometheus.*"}[30m],
3600 * 2) > 1
for: 30m
labels:
- service: prometheus
- severity: critical
+ scope: host
+ severity: page
annotations:
description: '{{$labels.job}} at {{$labels.instance}} is approaching critical
persistence pressure. Throttled ingestion expected within the next 2h.'
- title: '{{$labels.job}} can not keep up persisting'
+ summary: '{{$labels.job}} can not keep up persisting'
+ runbook: '[[ alert_playbook_url ]]/PrometheusPersistencePressureTooHigh'
+
- alert: PrometheusSeriesMaintenanceStalled
expr: prometheus_local_storage_memory_series{job=~"prometheus.*"} / ON(job, instance)
rate(prometheus_local_storage_series_ops_total{job=~"prometheus.*",type="maintenance_in_memory"}[5m])
/ 3600 > 24 and ON(job, instance) prometheus_local_storage_rushed_mode == 1
for: 1h
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} is maintaining memory
time series so slowly that it will take {{$value | printf `%.0f`}}h to complete
a full cycle. This will lead to persistence falling behind.'
- title: '{{$labels.job}} is maintaining memory time series too slowly'
+ summary: '{{$labels.job}} is maintaining memory time series too slowly'
+
- alert: PrometheusInvalidConfigFile
expr: prometheus_config_last_reload_successful{job=~"prometheus.*"} == 0
for: 30m
labels:
- pager: pagerduty
- service: prometheus
- severity: critical
+ scope: host
+ severity: page
annotations:
description: The configuration file for {{$labels.job}} at {{$labels.instance}}
is invalid and was therefore not reloaded.
- title: '{{$labels.job}} has an invalid config'
+ summary: '{{$labels.job}} has an invalid config'
+ runbook: '[[ alert_playbook_url ]]/PrometheusInvalidConfigFile'
+
- alert: PrometheusOutOfOrderSamplesDiscarded
expr: increase(prometheus_local_storage_out_of_order_samples_total{job=~"prometheus.*"}[10m])
> 0
for: 1h
labels:
- service: prometheus
+ scope: host
severity: warn
annotations:
description: '{{$labels.job}} at {{$labels.instance}} has discarded {{$value}}
out-of-order samples over the last hour.'
- title: '{{$labels.job}} is discarding out-of-order samples'
+ summary: '{{$labels.job}} is discarding out-of-order samples'
diff --git a/roles/prometheus/files/rules/alerts_services.conf.yml b/roles/prometheus/templates/rules/alerts_services.conf.yml
similarity index 92%
rename from roles/prometheus/files/rules/alerts_services.conf.yml
rename to roles/prometheus/templates/rules/alerts_services.conf.yml
index 56711a0de1412387b8f0d554a72517072a4febc7..cddd855a7148b59922ca69396e7eb0ba81ac02c8 100644
--- a/roles/prometheus/files/rules/alerts_services.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_services.conf.yml
@@ -10,6 +10,7 @@ groups:
annotations:
description: 'Availability too low for service {{ $labels.float_service }}'
summary: 'Availability too low for service {{ $labels.float_service }}'
+ runbook: '[[ alert_playbook_url ]]/ServiceAvailabilityTooLow'
- alert: ServiceDegraded
expr: float_service:ok_by_host == 0
diff --git a/roles/prometheus/files/rules/alerts_ssl_probes.conf.yml b/roles/prometheus/templates/rules/alerts_ssl_probes.conf.yml
similarity index 73%
rename from roles/prometheus/files/rules/alerts_ssl_probes.conf.yml
rename to roles/prometheus/templates/rules/alerts_ssl_probes.conf.yml
index cb43629150ad7a87d6b74a02758d668c73d1f662..3e68daa78d114672afc2a6cc5deafa0e1f6b21a4 100644
--- a/roles/prometheus/files/rules/alerts_ssl_probes.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_ssl_probes.conf.yml
@@ -2,11 +2,13 @@ groups:
- name: roles/prometheus/files/rules/alerts_ssl_probes.conf
rules:
- alert: SSLCertificateAboutToExpire
- expr: target:probe_ssl_cert_expiry:days < 15
- for: 1h
+ expr: target:probe_ssl_cert_expiry:days < 10
+ for: 3h
labels:
+ scope: global
severity: page
annotations:
summary: 'SSL certificate about to expire for {{ $labels.job }}@{{ $labels.target }}'
description: 'The "{{ $labels.job }}" prober reports that {{ $labels.target }} is serving a SSL certificate that will expire in {{ $value }} days.'
+ runbook: '[[ alert_playbook_url ]]/SSLCertificateAboutToExpire'
diff --git a/roles/prometheus/templates/rules/alerts_syslog.conf.yml b/roles/prometheus/templates/rules/alerts_syslog.conf.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a876b4ea71bc077b61ed891eb3cbc7eff4bba64a
--- /dev/null
+++ b/roles/prometheus/templates/rules/alerts_syslog.conf.yml
@@ -0,0 +1,13 @@
+groups:
+ - name: roles/prometheus/files/rules/alerts_syslog.conf
+ rules:
+ - alert: SyslogDroppingLogs
+ expr: rsyslog_queue_discarded:rate5m{job="rsyslog-collector"} > 10
+ for: 15m
+ labels:
+ scope: global
+ severity: page
+ annotations:
+ description: 'Syslog collector is dropping logs on {{ $labels.host }}'
+ summary: 'Syslog collector is dropping logs'
+ runbook: '[[ alert_playbook_url ]]/SyslogDroppingLogs'
diff --git a/roles/prometheus/files/rules/alerts_system_health.conf.yml b/roles/prometheus/templates/rules/alerts_system_health.conf.yml
similarity index 91%
rename from roles/prometheus/files/rules/alerts_system_health.conf.yml
rename to roles/prometheus/templates/rules/alerts_system_health.conf.yml
index 476c4654b60d287c6fac0aed24b677fec6e6773d..f0133ef9fba6555dfa96f6d85c88ebf84c05b1f2 100644
--- a/roles/prometheus/files/rules/alerts_system_health.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_system_health.conf.yml
@@ -19,12 +19,14 @@ groups:
summary: "RAID device {{ $labels.md_device }} on {{ $labels.host }} is unhealthy"
description: "The RAID device {{ $labels.md_device }} on {{ $labels.host }} is reporting a degraded state, which means that probably one or more of the disks in the array have failed."
- - alert: HostPhysicalComponentTooHot
+ - alert: PhysicalComponentTooHot
expr: node_hwmon_temp_celsius / node_hwmon_temp_crit_celsius > 0.95
for: 2h
labels:
+ scope: host
severity: page
annotations:
summary: "A physical component is running too hot on {{ $labels.host }}"
description: "A sensor is reporting that a physical component ({{ $labels.sensor }}/{{ $labels.chip }}) on {{ $labels.host }} has been running very close to the critical level ({{ $value }}) for the last 2 hours."
+ runbook: '[[ alert_playbook_url ]]/PhysicalComponentTooHot'
diff --git a/roles/prometheus/files/rules/alerts_systemd.conf.yml b/roles/prometheus/templates/rules/alerts_systemd.conf.yml
similarity index 89%
rename from roles/prometheus/files/rules/alerts_systemd.conf.yml
rename to roles/prometheus/templates/rules/alerts_systemd.conf.yml
index 07c2b48f4f5999aad52a7f4ef7015a725d0b2133..5986808e9a43dbc59d2b25df85027dbb5cd9181a 100644
--- a/roles/prometheus/files/rules/alerts_systemd.conf.yml
+++ b/roles/prometheus/templates/rules/alerts_systemd.conf.yml
@@ -9,11 +9,15 @@ groups:
annotations:
summary: '{{ $labels.name }} has failed on {{ $labels.host }}'
description: 'The systemd unit {{ $labels.name }} has failed on {{ $labels.host }}.'
+
- alert: SystemdUnitCrashLooping
expr: instance:systemd_unit_restarts:delta10m > 12
for: 30m
labels:
+ scope: host
severity: page
annotations:
summary: 'Service {{ $labels.unit }} is crash-looping on {{ $labels.host }}'
description: 'Systemd unit {{ $labels.unit }} is being restarted repeatedly. Likely a configuration problem.'
+ runbook: '[[ alert_playbook_url ]]/SystemdUnitCrashLooping'
+
diff --git a/roles/prometheus/files/rules/rules_acme.conf.yml b/roles/prometheus/templates/rules/rules_acme.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_acme.conf.yml
rename to roles/prometheus/templates/rules/rules_acme.conf.yml
diff --git a/roles/prometheus/files/rules/rules_base.conf.yml b/roles/prometheus/templates/rules/rules_base.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_base.conf.yml
rename to roles/prometheus/templates/rules/rules_base.conf.yml
diff --git a/roles/prometheus/files/rules/rules_cpu.conf.yml b/roles/prometheus/templates/rules/rules_cpu.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_cpu.conf.yml
rename to roles/prometheus/templates/rules/rules_cpu.conf.yml
diff --git a/roles/prometheus/files/rules/rules_disk.conf.yml b/roles/prometheus/templates/rules/rules_disk.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_disk.conf.yml
rename to roles/prometheus/templates/rules/rules_disk.conf.yml
diff --git a/roles/prometheus/files/rules/rules_elasticsearch.conf.yml b/roles/prometheus/templates/rules/rules_elasticsearch.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_elasticsearch.conf.yml
rename to roles/prometheus/templates/rules/rules_elasticsearch.conf.yml
diff --git a/roles/prometheus/files/rules/rules_mysql.conf.yml b/roles/prometheus/templates/rules/rules_mysql.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_mysql.conf.yml
rename to roles/prometheus/templates/rules/rules_mysql.conf.yml
diff --git a/roles/prometheus/files/rules/rules_net.conf.yml b/roles/prometheus/templates/rules/rules_net.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_net.conf.yml
rename to roles/prometheus/templates/rules/rules_net.conf.yml
diff --git a/roles/prometheus/files/rules/rules_nginx.conf.yml b/roles/prometheus/templates/rules/rules_nginx.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_nginx.conf.yml
rename to roles/prometheus/templates/rules/rules_nginx.conf.yml
diff --git a/roles/prometheus/files/rules/rules_node_016.conf.yml b/roles/prometheus/templates/rules/rules_node_016.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_node_016.conf.yml
rename to roles/prometheus/templates/rules/rules_node_016.conf.yml
diff --git a/roles/prometheus/files/rules/rules_services.conf.yml b/roles/prometheus/templates/rules/rules_services.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_services.conf.yml
rename to roles/prometheus/templates/rules/rules_services.conf.yml
diff --git a/roles/prometheus/files/rules/rules_ssl_probes.conf.yml b/roles/prometheus/templates/rules/rules_ssl_probes.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_ssl_probes.conf.yml
rename to roles/prometheus/templates/rules/rules_ssl_probes.conf.yml
diff --git a/roles/prometheus/files/rules/rules_syslog.conf.yml b/roles/prometheus/templates/rules/rules_syslog.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_syslog.conf.yml
rename to roles/prometheus/templates/rules/rules_syslog.conf.yml
diff --git a/roles/prometheus/files/rules/rules_systemd.conf.yml b/roles/prometheus/templates/rules/rules_systemd.conf.yml
similarity index 100%
rename from roles/prometheus/files/rules/rules_systemd.conf.yml
rename to roles/prometheus/templates/rules/rules_systemd.conf.yml
diff --git a/roles/sso-server/files/sso.service.yml b/roles/sso-server/files/sso.service.yml
index bbf4c419ca04d50fca11ecfbd73083d2cbbdd1e3..eabc6242db9757a1df0971fedac77399a99d6afc 100644
--- a/roles/sso-server/files/sso.service.yml
+++ b/roles/sso-server/files/sso.service.yml
@@ -10,3 +10,5 @@ sso:
- anti_bruteforce_blacklist
challenge_response: true
enable_device_tracking: true
+ enable_last_login_reporting: true
+
diff --git a/roles/sso-server/templates/user-meta-server.yml.j2 b/roles/sso-server/templates/user-meta-server.yml.j2
index 4867a2052f4c95c222da84ab9a9f994f3d8c1040..5473db5e68dc5a7df6f7bc1eeae833b1bb9c691c 100644
--- a/roles/sso-server/templates/user-meta-server.yml.j2
+++ b/roles/sso-server/templates/user-meta-server.yml.j2
@@ -15,7 +15,7 @@ http_server:
- path: "/api/set_last_login"
cn: "auth-server.{{ domain }}"
- path: "/api/get_.*"
- cn: "(accounts|accountadmin).{{ domain }}"
+ cn: "(accounts|accountadmin|account-automation).{{ domain }}"
- path: "/metrics"
cn: ".*"
max_inflight_requests: 100
diff --git a/roles/vagrant-compat/tasks/main.yml b/roles/vagrant-compat/tasks/main.yml
index c1c88d090b90762f1206abd13dff2dd5ad13fd9b..c9c1ad2b89482d16617175fa13a0ab0cea6df032 100644
--- a/roles/vagrant-compat/tasks/main.yml
+++ b/roles/vagrant-compat/tasks/main.yml
@@ -17,4 +17,4 @@
# Set up a SOCKS5 proxy for debugging purposes, running on 'host1'.
- include_tasks: debug-proxy.yml
- when: "inventory_hostname == 'host1' and enable_testing_socks_proxy|default(True) and testing|default(True)"
+ when: "enable_testing_socks_proxy|default(True) and testing|default(True)"
diff --git a/services.yml.default b/services.yml.default
index 934ebb93b8a8b75a54194014851e9ea64ef9b985..42b59bd48e38333efd36ef3ce62f15e6dfda885c 100644
--- a/services.yml.default
+++ b/services.yml.default
@@ -94,15 +94,21 @@ prometheus:
env:
QUERY_FLAGS: "--query.replica-label=monitor {% for h in groups['prometheus']|sort %} --store={{ h }}.prometheus.{{ domain }}:10901{% endfor %}"
SIDECAR_FLAGS: ""
+ - name: karma
+ image: registry.git.autistici.org/ai3/docker/karma:master
+ ports:
+ - 9193
+ env:
+ # https://github.com/prymitive/karma/blob/master/docs/CONFIGURATION.md#environment-variables
+ CONFIG_FILE: "/etc/karma/float.yml"
+ PORT: 9193
+ volumes:
+ - /etc/karma: /etc/karma
public_endpoints:
- name: monitor
port: 9090
scheme: http
enable_sso_proxy: true
- - name: alertmanager
- port: 9093
- scheme: http
- enable_sso_proxy: true
- name: prober
port: 9115
scheme: http
@@ -115,6 +121,10 @@ prometheus:
port: 10904
scheme: http
enable_sso_proxy: true
+ - name: alerts
+ port: 9193
+ scheme: http
+ enable_sso_proxy: true
monitoring_endpoints:
- job_name: prometheus
port: 9090
@@ -122,6 +132,9 @@ prometheus:
- job_name: alertmanager
port: 9093
scheme: http
+ - job_name: karma
+ port: 9193
+ scheme: http
- job_name: grafana
port: 2929
scheme: https
diff --git a/services.yml.elasticsearch b/services.yml.elasticsearch
index 56b1e1722e0eafc4b27faf15e3d97fb3a181fa8e..f3861148c99e10a0ea57cf1e7db2d4fc89fc45dc 100644
--- a/services.yml.elasticsearch
+++ b/services.yml.elasticsearch
@@ -128,6 +128,16 @@ prometheus:
env:
QUERY_FLAGS: "--query.replica-label=monitor {% for h in groups['prometheus']|sort %} --store={{ h }}.prometheus.{{ domain }}:10901{% endfor %}"
SIDECAR_FLAGS: ""
+ - name: karma
+ image: registry.git.autistici.org/ai3/docker/karma:master
+ ports:
+ - 9193
+ env:
+ # https://github.com/prymitive/karma/blob/master/docs/CONFIGURATION.md#environment-variables
+ CONFIG_FILE: "/etc/karma/float.yml"
+ PORT: 9193
+ volumes:
+ - /etc/karma: /etc/karma
public_endpoints:
- name: monitor
port: 9090
@@ -149,6 +159,10 @@ prometheus:
port: 10904
scheme: http
enable_sso_proxy: true
+ - name: alerts
+ port: 9193
+ scheme: http
+ enable_sso_proxy: true
monitoring_endpoints:
- job_name: prometheus
port: 9090
@@ -156,6 +170,9 @@ prometheus:
- job_name: alertmanager
port: 9093
scheme: http
+ - job_name: karma
+ port: 9193
+ scheme: http
- job_name: grafana
port: 2929
scheme: https
diff --git a/services.yml.loki b/services.yml.loki
index 377bdb357e0a842719862c630a283fc40035c7cb..86e5ce59c00a5270dd9bcfccdf323c8b357d64d8 100644
--- a/services.yml.loki
+++ b/services.yml.loki
@@ -125,10 +125,21 @@ prometheus:
port: 9115
scheme: http
enable_sso_proxy: true
+ - name: loki
+ port: 3100
+ scheme: http
- name: grafana
port: 2929
scheme: https
enable_sso_proxy: true
+ extra_nginx_config: |
+ location ^~ /api/datasources/proxy/2/loki/api/v1/tail {
+ proxy_pass http://be_loki_3100_prometheus;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $host;
+ }
- name: thanos
port: 10904
scheme: http
diff --git a/test/float_integration_test/http.py b/test/float_integration_test/http.py
index cc34cdf3ff6029ba536854bf8add49776c663849..904bc6594adb4cb16ebe058dbfdd32bf29827e89 100644
--- a/test/float_integration_test/http.py
+++ b/test/float_integration_test/http.py
@@ -4,7 +4,6 @@ import os
import re
import socket
import ssl
-import urllib.request, urllib.parse, urllib.error
import urllib.request, urllib.error, urllib.parse
import urllib.parse
diff --git a/test/float_integration_test/test_system.py b/test/float_integration_test/test_system.py
index 6415c381e14a848e78a36dbe72c5dd79158869b5..0dbc1032501a10289deca85cd8498489d457583b 100644
--- a/test/float_integration_test/test_system.py
+++ b/test/float_integration_test/test_system.py
@@ -12,8 +12,8 @@ class URLTestBase(TestBase):
url = 'https://%s.%s/' % (
public_endpoint_name, ANSIBLE_VARS['domain_public'][0])
result = c.request(url, self.frontend_ip())
- self.assertFalse(result.get('error'))
- self.assertEqual(200, result['status'])
+ self.assertFalse(result.get('error'), f'url={url}')
+ self.assertEqual(200, result['status'], f'url={url}')
class TestHTTPRouter(URLTestBase):
diff --git a/test/run-test.sh b/test/run-test.sh
index 92413cd3b76dbf26d77c6562eaca609e0fd405fb..4827717421fcad65ee175bb0112411d455559f70 100755
--- a/test/run-test.sh
+++ b/test/run-test.sh
@@ -10,7 +10,7 @@ float_dir="${bin_dir}/.."
# Used for all ansible/float invocations.
export ANSIBLE_VAULT_PASSWORD_FILE=".ansible_vault_pw"
export ANSIBLE_HOST_KEY_CHECKING=False
-export ANSIBLE_STDOUT_CALLBACK=actionable
+export ANSIBLE_STDOUT_CALLBACK=unixy
die() {
echo "ERROR: $*" >&2