代码拉取完成,页面将自动刷新
同步操作将从 现任明教教主-乾颐堂/ElasticFlow 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
{"attributes":{"fieldFormatMap":"{\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.port_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.service_port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.port_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.vlan\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"client.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.ip_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.ip_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"ipfix.cert_data_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.total_bytes_exp\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.riverbed_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.rev_flow_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_retrans_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_retrans_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.mul_dst_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.in_permanent_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.fwd_flow_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_waas_output_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_waas_input_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_nvzflow_l4_bytes_out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_nvzflow_l4_bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_server_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_server_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_client_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_client_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_app_media_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_resp_to_init_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_resp_to_init_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_init_to_resp_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_init_to_resp_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_if_stat_out_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_if_stat_in_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_flow_resp_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_flow_init_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.procera_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.procera_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_retrans_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_retrans_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_clientside_tx_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_clientside_rx_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id5_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id4_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id3_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id2_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id1_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ixia_rev_bytes_delta\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_waas_output_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_waas_input_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_nvzflow_l4_bytes_out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_nvzflow_l4_bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_server_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_server_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_client_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_client_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_app_media_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cert_rev_data_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cert_obsolete_rev_bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"sdestination.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ssource.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.udp_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.udp_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.sectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.transportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.octetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.octetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_radius_acct_out_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_radius_acct_in_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.notSentOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.notSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ignoredOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.transportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.flowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ignoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseResponderOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseSectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseTransportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseNotSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseInitiatorOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseIgnoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseFlowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.responderOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_radius_acct_out_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_radius_acct_in_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.notSentOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.notSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.initiatorOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ignoredOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ignoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.flowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.exportedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.tcp_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.tcp_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.tcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_sfe_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_outer_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_cfe_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.postNATPortBlockStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.postNATPortBlockEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_untunneled_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_untunneled_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_sip_rtp_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_sip_rtp_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_flow_proto_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.exporterTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ericsson_nat_external_port_start\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ericsson_nat_external_port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.collectorTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_nexus_fastpath_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_nexus_fastpath_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_fw_xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_fw_xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_transport_byte_loss_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_src_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_src_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_server_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_dst_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_dst_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_client_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tunnel_src_transport_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tunnel_dst_transport_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tenant_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tenant_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.udpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.udpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.tcpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.tcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_service_port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_service_port_begin\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_responder_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_initiator_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseUdpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseUdpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseTcpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseTcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePostNAPTSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePostNAPTDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePortRangeStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePortRangeEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.postNAPTSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.postNAPTDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.portRangeStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.portRangeEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_untunneled_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_untunneled_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_sip_rtp_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_sip_rtp_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_flow_proto_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.f5_trans_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.f5_trans_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.exporterTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.exportTransportProtocol\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.destinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.collectorTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_nexus_fastpath_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_nexus_fastpath_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_fw_xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_fw_xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_transport_byte_loss_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_src_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_src_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_server_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_dst_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_dst_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_client_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cert_dns_srv_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cace_remote_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cace_local_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.barracuda_conn_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.barracuda_bind_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_app_media_byte_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_app_media_byte_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.bgpDestinationAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.src_as\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.dst_as\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpSourceAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpPrevAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpNextAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpDestinationAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpSourceAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpPrevAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpNextAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"network.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"network.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"000_TEST\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"client.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"destination.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"server.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"source.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"as.organization.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.as.number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.as.organization.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.nat.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.nat.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.as.number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.as.organization.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.nat.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.nat.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_next_hop\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_valid_state\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_rep_tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mac_oui\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mask_len\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_rep_tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.input_ifname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.input_snmp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.next_hop\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.output_ifname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.output_snmp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.rep_tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.sampling_interval\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_rep_tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mac_oui\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mask_len\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_rep_tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tcp_flags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tos\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_locality\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.vlan\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.wifi_ssid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.wifi_sta_mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.wifi_wtp_mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ethernetType\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.exportedFlowRecordTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.exportedMessageTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.exportedOctetTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.exportingProcessId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowEndMilliseconds\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowEndReason\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowStartMilliseconds\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowset_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.icmpTypeCodeIPv4\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.interfaceDescription\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.interfaceName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.notSentFlowTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.notSentOctetTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.notSentPacketTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.observationDomainId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.observationDomainName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.observedFlowTotalCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.octetDeltaCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.packetDeltaCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.privateEnterpriseNumber\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.systemInitTimeMilliseconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.tcpOptions\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.transportOctetDeltaCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.userName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_agent_guid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_file_sig\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_file_sig_algo_char\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_image_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_parent_pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.ziften_unk_269\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"netflow.dst_as\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.engine_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.engine_type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_records\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flowset_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.in_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.in_pkts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.bottom_of_stack\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.experimental\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.label\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.sampling_algorithm\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.src_as\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.application\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.egress.interface.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.egress.interface.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.egress.interface.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.egress.vlan.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.egress.vlan.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ingress.interface.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ingress.interface.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ingress.interface.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ingress.vlan.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ingress.vlan.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.as.number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.as.organization.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.nat.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.nat.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.drops\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.dst_priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.eth_type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.frame_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.ip_ecn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.ip_flags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.ip_ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.sflow_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.source_id_index\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.source_id_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.src_priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.sub_agent_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.tcp_urgent_pointer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.tcp_window_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.vlan_cfi\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.vlan_priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.vlan_type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"elastiflow-*"},"id":"elastiflow-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-08-12T09:52:31.136Z","version":"WzM4MjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.traffic_locality\",\"customLabel\":\"Traffic Localities\"}}]}"},"id":"003b4bd0-5618-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzkwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name\\\"}}}\\n ]\\n }\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"00a54450-5630-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLANs (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: VLANs (bits/s) - TSVB (stacked area)\"}"},"id":"00b3a860-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:31:13.754Z","version":"WzM4NTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Servers (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"server.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"01eab6e0-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:32.510Z","version":"WzE3MjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Source Ports - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Source Ports - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"02e25f10-671a-11e7-b5b8-29fbded8e37c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":{\"match_all\":{}}},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[](https://github.com/robcowart/elastiflow)\",\"openLinksInNewTab\":true,\"fontSize\":12},\"aggs\":[]}"},"id":"AWFhGnANugC1WJLdzaom","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-01T18:54:35.778Z","version":"WzE3ODYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Blank","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Blank\",\"type\":\"markdown\",\"params\":{\"fontSize\":8,\"markdown\":\"\",\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"flow.input_ifname\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.output_ifname\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"a65eb880-5609-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)\"}"},"id":"1f0f0340-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:19:38.639Z","version":"WzM4MzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)\"}"},"id":"86262810-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:26:44.228Z","version":"WzM4NDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"a00fcbf0-5612-11e8-833a-d52124abe7ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a25ec500-5612-11e8-833a-d52124abe7ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"b79dce60-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"83a0e580-5612-11e8-9770-ed998bc0982c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"88cdd130-5612-11e8-9770-ed998bc0982c\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c481fa20-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:33:00.068Z","version":"WzI3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Exporters\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [**Exporters**](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c2506770-336a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":15,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"title\":\"Egress Interfaces (bits/s)\"},\"title\":\"Egress Interfaces (bits/s)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":15,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"title\":\"Ingress Interfaces (bits/s)\"},\"title\":\"Ingress Interfaces (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":24,\"h\":15,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"title\":\"Ingress Interfaces (pkts/s)\"},\"title\":\"Ingress Interfaces (pkts/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":24,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"title\":\"Egress Interfaces (pkts/s)\"},\"title\":\"Egress Interfaces (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Flow Exporters","version":1},"id":"04157d70-6591-11e7-bfc3-d74b7bb89482","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_1","type":"visualization"},{"id":"a65eb880-5609-11e8-b711-83a5f93b17f3","name":"panel_2","type":"visualization"},{"id":"1f0f0340-55d6-11e8-a695-171fb712da36","name":"panel_3","type":"visualization"},{"id":"86262810-55d6-11e8-a695-171fb712da36","name":"panel_4","type":"visualization"},{"id":"b79dce60-5613-11e8-b711-83a5f93b17f3","name":"panel_5","type":"visualization"},{"id":"c481fa20-5613-11e8-b711-83a5f93b17f3","name":"panel_6","type":"visualization"},{"id":"c2506770-336a-11e9-aec0-c1d93190f676","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"id":"04990fe0-6592-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.transport\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"05719e40-55d4-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:04.870Z","version":"WzI3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}i/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"05aa2550-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:04.777Z","version":"WzE3NDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"id":"066b9700-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"}}]}"},"id":"f41316d0-8020-11e7-bcae-4bd056c878e8","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Services (bits/s) - TSVB (stacked area)\"}"},"id":"b22f5660-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:28:00.065Z","version":"WzM4NDUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Types, Exporters & Services - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types, Exporters & Services - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526140705539\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top IP Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top IP Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Protocols\"}}]}"},"id":"a04e4ba0-55fe-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [**Top-N**](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (services)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [**Services**](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"33f660e0-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":30,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\"},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":30,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"ElastiFlow: Top Services","version":1},"id":"0809c1f0-6719-11e7-b5b8-29fbded8e37c","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"f41316d0-8020-11e7-bcae-4bd056c878e8","name":"panel_0","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_1","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"a04e4ba0-55fe-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"33f660e0-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExLDFd"}
{"attributes":{"columns":["host.name","source.domain","flow.src_port_name","destination.domain","flow.dst_port_name","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"version\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastiFlow: Flow Records (src/dst) - search","version":1},"id":"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5","migrationVersion":{"search":"7.4.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-04-12T17:17:00.840Z","version":"WzUyLDFd"}
{"attributes":{"bounds":{"coordinates":[[[-137.04504,65.84476],[-137.04504,-45.45573],[176.4324,-45.45573],[176.4324,65.84476],[-137.04504,65.84476]]],"type":"Polygon"},"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"069cfadc-78cf-499a-bc8f-f96a4d5aba8b\",\"label\":\"World Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Flows\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":2,\"maxSize\":12,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":10}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"d640d560-9bdb-4ea8-9bfb-039a6df49b1b\",\"sourceGeoField\":\"client.geo.location\",\"destGeoField\":\"server.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"applyGlobalQuery\":true},\"id\":\"545d12d4-132c-46b9-bf82-ad5a79cf959d\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality: \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"6a0aaf6c-9b01-4017-b741-5c2e3b9f8a63\",\"type\":\"ES_SEARCH\",\"geoField\":\"server.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"server.domain\",\"server.ip\",\"server.as.organization.name\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"server.domain\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}}}},\"id\":\"d473d6d5-7a38-47ee-b101-52894c2d3642\",\"label\":\"Servers\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"8987ad1c-1c79-4f8b-b0cc-8b0a5b6f2c4f\",\"type\":\"ES_SEARCH\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"client.domain\",\"client.ip\",\"client.as.organization.name\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSize\":100,\"topHitsSplitField\":\"client.domain\",\"indexPatternRefName\":\"layer_3_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"circle\"}}}},\"id\":\"76d27f2b-f3a6-4d20-9635-51d45ad97e67\",\"label\":\"Clients\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality : \\\"public\\\" \",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":2.07,\"center\":{\"lon\":19.69368,\"lat\":18.28101},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}","title":"ElastiFlow: Client/Server Flows","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"id":"0df73330-2815-11ea-bb6a-cd9c0b9d2958","migrationVersion":{"map":"7.8.0"},"references":[{"id":"elastiflow-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"type":"map","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"id":"0e130320-55c7-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"0edebc40-801b-11e7-b4bd-5b3ceedd298a","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"id":"1026edb0-2fcc-11e7-842d-39925ea8ac40","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.domain\",\"customLabel\":\"Clients\"}}]}"},"id":"1e6fb550-8017-11e7-9e6a-575834c68c0e","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.domain\",\"customLabel\":\"Servers\"}}]}"},"id":"2e450d90-8017-11e7-9e6a-575834c68c0e","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Service Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.service_name\",\"customLabel\":\"Services\"}}]}"},"id":"2f7d7110-8018-11e7-9e6a-575834c68c0e","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Clients (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Clients (bits/s) - TSVB (stacked area)\"}"},"id":"9d557dd0-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:16:22.742Z","version":"WzM4MzIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Servers (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"1\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Servers (bits/s) - TSVB (stacked area)\"}"},"id":"f7b9c440-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:27:36.325Z","version":"WzM4NDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Application Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"network.application\",\"customLabel\":\"Applications\"}}]}"},"id":"c1bbc780-560e-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":0},\"title\":\"ElastiFlow: Applications (bits/s) - TSVB (stacked area)\"}"},"id":"13b75a00-55cd-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:07:28.293Z","version":"WzM4MjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"b907a980-5611-11e8-9d88-a7d70f388fc4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bbfd42d0-5611-11e8-9d88-a7d70f388fc4\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)\"}"},"id":"fa458eb0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:33:03.488Z","version":"WzM4NTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"35bed8e0-5612-11e8-9abc-51bfe6c5250a\",\"type\":\"calculation\",\"variables\":[{\"id\":\"38885920-5612-11e8-9abc-51bfe6c5250a\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"de476b70-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:25:17.960Z","version":"WzI0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Servers (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"d5c99c80-5612-11e8-a6a3-f9047d0437a6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d7fecc00-5612-11e8-a6a3-f9047d0437a6\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"98d03770-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:58.637Z","version":"WzE3MjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Services (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"dfd5f020-5612-11e8-8874-4b2cb46d3ac9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e35ca5e0-5612-11e8-8874-4b2cb46d3ac9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"8b7247d0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:40:03.376Z","version":"WzE3MjcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Types - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Types - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"client.domain\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"server.domain\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"network.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"b577fca0-561d-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"id":"d0e385d0-55ba-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"69f4d440-8019-11e7-af24-27fa1061e1bd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"be065300-801a-11e7-a69e-1db8cf608fe4","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [**Traffic Details**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (types)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Types**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d2c71350-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI0LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":9,\"w\":8,\"h\":11,\"i\":\"59\"},\"panelIndex\":\"59\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":50,\"w\":8,\"h\":11,\"i\":\"64\"},\"panelIndex\":\"64\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"75\"},\"panelIndex\":\"75\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"79\"},\"panelIndex\":\"79\",\"embeddableConfig\":{\"title\":\"Clients (bits/s)\"},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"81\"},\"panelIndex\":\"81\",\"embeddableConfig\":{\"title\":\"Servers (bits/s)\"},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":61,\"w\":24,\"h\":15,\"i\":\"82\"},\"panelIndex\":\"82\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\"},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":50,\"w\":8,\"h\":11,\"i\":\"91\"},\"panelIndex\":\"91\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":61,\"w\":24,\"h\":15,\"i\":\"92\"},\"panelIndex\":\"92\",\"embeddableConfig\":{\"title\":\"Applications (bits/s)\"},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":76,\"w\":24,\"h\":15,\"i\":\"106\"},\"panelIndex\":\"106\",\"embeddableConfig\":{\"title\":\"Applications (pkts/s)\"},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"109\"},\"panelIndex\":\"109\",\"embeddableConfig\":{\"title\":\"Clients (pkts/s)\"},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"112\"},\"panelIndex\":\"112\",\"embeddableConfig\":{\"title\":\"Servers (pkts/s)\"},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":15,\"i\":\"113\"},\"panelIndex\":\"113\",\"embeddableConfig\":{\"title\":\"Services (pkts/s)\"},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"119\"},\"panelIndex\":\"119\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":50,\"w\":16,\"h\":11,\"i\":\"122\"},\"panelIndex\":\"122\",\"embeddableConfig\":{\"title\":\"Applications (flow records)\"},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\"},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":9,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\"},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":50,\"w\":16,\"h\":11,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"title\":\"Services (flow records)\"},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"127\"},\"panelIndex\":\"127\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (types)","version":1},"id":"10584050-6234-11e7-8236-19b4b4941e22","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"1e6fb550-8017-11e7-9e6a-575834c68c0e","name":"panel_0","type":"visualization"},{"id":"2e450d90-8017-11e7-9e6a-575834c68c0e","name":"panel_1","type":"visualization"},{"id":"2f7d7110-8018-11e7-9e6a-575834c68c0e","name":"panel_2","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_3","type":"visualization"},{"id":"9d557dd0-55d9-11e8-a695-171fb712da36","name":"panel_4","type":"visualization"},{"id":"f7b9c440-55d2-11e8-a695-171fb712da36","name":"panel_5","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"panel_6","type":"visualization"},{"id":"c1bbc780-560e-11e8-b711-83a5f93b17f3","name":"panel_7","type":"visualization"},{"id":"13b75a00-55cd-11e8-a695-171fb712da36","name":"panel_8","type":"visualization"},{"id":"fa458eb0-5613-11e8-b711-83a5f93b17f3","name":"panel_9","type":"visualization"},{"id":"de476b70-5613-11e8-b711-83a5f93b17f3","name":"panel_10","type":"visualization"},{"id":"98d03770-5613-11e8-b711-83a5f93b17f3","name":"panel_11","type":"visualization"},{"id":"8b7247d0-5613-11e8-b711-83a5f93b17f3","name":"panel_12","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_13","type":"visualization"},{"id":"b577fca0-561d-11e8-b711-83a5f93b17f3","name":"panel_14","type":"visualization"},{"id":"d0e385d0-55ba-11e8-a1f3-452446793d46","name":"panel_15","type":"visualization"},{"id":"69f4d440-8019-11e7-af24-27fa1061e1bd","name":"panel_16","type":"visualization"},{"id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","name":"panel_17","type":"visualization"},{"id":"be065300-801a-11e7-a69e-1db8cf608fe4","name":"panel_18","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"panel_19","type":"visualization"},{"id":"d2c71350-336b-11e9-aec0-c1d93190f676","name":"panel_20","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [**Flows**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"1094b850-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)\"}"},"id":"114eba40-55d4-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:25:27.465Z","version":"WzM4NDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ZFlow - Platforms (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"ipfix.ziften_platform\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: *\",\"language\":\"kuery\"},\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: ZFlow - Platforms (bits/s) - TSVB (stacked area)\"}"},"id":"11a64c90-33b1-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:32:17.724Z","version":"WzM4NTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Servers (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"server.domain\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"11b0a5d0-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:42.017Z","version":"WzE3MjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"id":"1418ce10-6592-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"id":"14fb54b0-556a-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"id":"aefd37a0-33ad-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"id":"19873c10-33ae-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"id":"601e5470-33ad-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ZFlow - Commands (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: *\",\"language\":\"kuery\"},\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: ZFlow - Commands (bits/s) - TSVB (stacked area)\"}"},"id":"d827d2e0-33b0-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:31:44.880Z","version":"WzM4NTIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ZFlow - Users (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"ipfix.userName\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: * \",\"language\":\"kuery\"},\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: ZFlow - Users (bits/s) - TSVB (stacked area)\"}"},"id":"f3c9cc60-33b0-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:32:38.988Z","version":"WzM4NTQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ZFlow - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"ipfix.ziften_hostname\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"ipfix.userName\",\"label\":\"User\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"network.application\",\"label\":\"Command\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"4ba1be70-33b1-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzI5LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":12,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"title\":\"Commands (bytes) \"},\"title\":\"Commands (bytes) \",\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":5,\"w\":12,\"h\":12,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"title\":\"Users (bytes)\"},\"title\":\"Users (bytes)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":29,\"w\":12,\"h\":12,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"title\":\"Platforms (bytes)\"},\"title\":\"Platforms (bytes)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":17,\"w\":36,\"h\":12,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":5,\"w\":36,\"h\":12,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":42,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":29,\"w\":36,\"h\":12,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Ziften ZFlow","version":1},"id":"153634a0-33b2-11e9-aec0-c1d93190f676","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"aefd37a0-33ad-11e9-aec0-c1d93190f676","name":"panel_1","type":"visualization"},{"id":"19873c10-33ae-11e9-aec0-c1d93190f676","name":"panel_2","type":"visualization"},{"id":"601e5470-33ad-11e9-aec0-c1d93190f676","name":"panel_3","type":"visualization"},{"id":"d827d2e0-33b0-11e9-aec0-c1d93190f676","name":"panel_4","type":"visualization"},{"id":"f3c9cc60-33b0-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"4ba1be70-33b1-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"},{"id":"11a64c90-33b1-11e9-aec0-c1d93190f676","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzMwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"id":"16438600-2fcb-11e7-befb-31e033c79e4e","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"id":"178b0af0-6230-11e7-9a50-efc26ded795d","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":500,\"order\":\"desc\",\"dynamicOptions\":false},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"source.domain\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\",\"dynamicOptions\":false},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"destination.domain\",\"label\":\"Destnation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"destination.port\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"17c29c50-55bd-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM2LDFd"}
{"attributes":{"columns":["host.name","client.domain","server.domain","flow.service_name","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"version\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastiFlow: Flow Records (client/server) - search","version":1},"id":"18a8f720-55dd-11e8-b711-83a5f93b17f3","migrationVersion":{"search":"7.4.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"id":"1a9184b0-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"id":"1b6b9b90-55c7-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"as.organization.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"}},\"aggs\":[]}"},"id":"1bf3da30-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"id":"1c1f5550-801a-11e7-8b60-018ea0aa61a0","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Servers (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"1d3b5c10-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:49.834Z","version":"WzE3MjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Record Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"bdd65820-55db-11e8-a230-6b3654bd4d61\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flow Records\",\"terms_field\":\"event.dataset\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"background_color_rules\":[{\"id\":\"c5d26960-55db-11e8-a230-6b3654bd4d61\"}],\"axis_scale\":\"normal\"},\"aggs\":[]}"},"id":"1d773d80-55dc-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (talkers)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Talkers**](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"1d9c7c30-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"1e7d8770-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"id":"1fa2c100-6592-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)\"}"},"id":"1fb54370-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:29:12.294Z","version":"WzM4NDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"IP Reputation\",\"type\":\"exists\",\"key\":\"flow.rep_tags\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.rep_tags\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.rep_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputations\"}}]}"},"id":"1fdbf870-330a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzgyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"id":"21671b80-55bf-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"23d6dc80-2fd6-11e7-bc99-41245d9394f2","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"24530d50-55be-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.output_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"25b5bdb0-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"264fb270-2fdb-11e7-84e6-333bd21ad9fd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"266da690-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:59.573Z","version":"WzI2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Threats\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [**Threats**](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"279aff10-336a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzg2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)\"}"},"id":"28ddcaf0-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:30:36.854Z","version":"WzM4NTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Source Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"id":"290d5be0-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:28:37.966Z","version":"WzM4NDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"id":"2aeac270-6230-11e7-84f1-9728c106b1b6","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"2b35e790-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:41:15.155Z","version":"WzE3MzYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"source.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"2d872430-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:40:44.200Z","version":"WzE3MzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.output_ifname\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"2e0f7f50-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"id":"30214c20-33b0-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"id":"3026fe40-658f-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"313a9880-2fd6-11e7-bc99-41245d9394f2","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"_exists_: flow.client_rep_tags AND server.as.organization.name: private\"}}],\"filter\":[{\"script\":{\"script\":\"doc['server.ip'].value == doc['destination.ip'].value\"}}]}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"At-Risk Servers\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"query_string\\\":{\\\"query\\\":\\\"_exists_: flow.client_rep_tags AND server.as.organization.name: private\\\"}}],\\\"filter\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['server.ip'].value == doc['destination.ip'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"31db9c00-3310-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzg1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"source.as.organization.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"32231a80-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:40:52.690Z","version":"WzE3MzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"source.domain\",\"customLabel\":\"Sources\"}}]}"},"id":"3277ea90-6578-11e7-8471-e5432f50acbd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"id":"35464390-55bc-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"36e56dc0-801a-11e7-8b60-018ea0aa61a0","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"37a8b330-8019-11e7-af24-27fa1061e1bd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"39a495d0-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"39c991b0-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Countries (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Countries (bits/s) - TSVB (stacked area)\"}"},"id":"3a281650-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:16:52.845Z","version":"WzM4MzMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tos\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"3d778910-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:59.672Z","version":"WzE3NTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"packets\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"3f597140-3374-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"}},\"aggs\":[]}"},"id":"4023c4b0-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"id":"40904c50-33b0-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"id":"41a7e3a0-658f-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"4440e130-2fdd-11e7-afd7-595689f3f18c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Countries (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"geo.country_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"446257c0-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:25:36.967Z","version":"WzI1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"44b3cb70-2fd6-11e7-bc99-41245d9394f2","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"bb92fa50-8020-11e7-bcae-4bd056c878e8","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzMxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Types, Exporters & Apps - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types, Exporters & Apps - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526140705539\",\"fieldName\":\"network.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"72ac9770-560c-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzMyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"6aa2ae10-560d-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzMzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (apps)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [**Apps**](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"610605e0-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM0LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"network.application\"},\"meta\":{\"alias\":\"Application\",\"disabled\":false,\"key\":\"network.application\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":32,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"title\":\"Applications (bits/s)\"},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":28,\"h\":32,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"ElastiFlow: Top Applications","version":1},"id":"44d6d8c0-560b-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"bb92fa50-8020-11e7-bcae-4bd056c878e8","name":"panel_0","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_1","type":"visualization"},{"id":"13b75a00-55cd-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"72ac9770-560c-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"6aa2ae10-560d-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"610605e0-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"47bf0c10-8019-11e7-af24-27fa1061e1bd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"47d426a0-2fc8-11e7-8b06-97426538fddd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (conversations)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [**Conversations**](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"47ee87d0-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"4898db90-2fdb-11e7-84e6-333bd21ad9fd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"4aad7a20-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:41:24.079Z","version":"WzE3NDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"id":"4abad150-55bc-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (flow records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"id":"4b025da0-55e8-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"id":"4f3525d0-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzM3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Src/Dst**](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"75a2aa30-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"id":"5fd2fe30-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"7c2cfd10-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"8a52f7a0-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"id":"af1425a0-2fc7-11e7-8936-6f5fd5520124","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (bytes) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"bytes\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.80 : 0.40\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.80}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"8dc8f0d0-3374-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ1LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"title\":\"Destinations (flow records)\"},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"title\":\"Sources (flow records)\"},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"title\":\"Destinations (bytes)\"},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"55\"},\"panelIndex\":\"55\",\"embeddableConfig\":{\"title\":\"Sources (bytes)\"},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"56\"},\"panelIndex\":\"56\",\"embeddableConfig\":{\"title\":\"Sources (packets)\"},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"58\"},\"panelIndex\":\"58\",\"embeddableConfig\":{\"title\":\"Destinations (packets)\"},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"59\"},\"panelIndex\":\"59\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow: Flows (src/dst)","version":1},"id":"4b86b4c0-5628-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_1","type":"visualization"},{"id":"17c29c50-55bd-11e8-a1f3-452446793d46","name":"panel_2","type":"visualization"},{"id":"4f3525d0-2fc7-11e7-8936-6f5fd5520124","name":"panel_3","type":"visualization"},{"id":"1e7d8770-2fc7-11e7-8936-6f5fd5520124","name":"panel_4","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"75a2aa30-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"},{"id":"5fd2fe30-2fc7-11e7-8936-6f5fd5520124","name":"panel_7","type":"visualization"},{"id":"7c2cfd10-2fc7-11e7-8936-6f5fd5520124","name":"panel_8","type":"visualization"},{"id":"8a52f7a0-2fc7-11e7-8936-6f5fd5520124","name":"panel_9","type":"visualization"},{"id":"af1425a0-2fc7-11e7-8936-6f5fd5520124","name":"panel_10","type":"visualization"},{"id":"8dc8f0d0-3374-11e9-aec0-c1d93190f676","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Reputations (flow records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.rep_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputation\"}}]}"},"id":"4c2019f0-55f9-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzcwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"id":"4c52f1f0-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"id":"4ce6de10-33b0-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"id":"4dc994a0-2fd7-11e7-97a8-85d8d5a99269","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"id":"4ea0a8d0-658f-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tos\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"532f1340-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:46:07.836Z","version":"WzE3NTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Types & Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types & Exporters - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (bytes) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"bytes\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"54525bd0-3373-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"id":"55234750-55bf-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\",\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destination.domain\",\"customLabel\":\"Destinations\"}}]}"},"id":"55be8550-655e-11e7-9dda-9f993e2ba58b","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"55f66b20-2fdd-11e7-afd7-595689f3f18c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Countries (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"geo.country_name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"561570b0-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:27:18.915Z","version":"WzI1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Applications (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.application\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"58714360-55cb-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(27,169,245,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flows\",\"terms_field\":\"event.dataset\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"644c9760-55db-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzQ3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [**Flow Records**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzUwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [**Src/Dst**](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e0216400-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzUxLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.8.1\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":19,\"y\":4,\"w\":29,\"h\":10,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":10,\"y\":4,\"w\":9,\"h\":7,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":10,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":10,\"y\":11,\"w\":9,\"h\":3,\"i\":\"def7e579-ee90-4275-abcf-eb96f54ac830\"},\"panelIndex\":\"def7e579-ee90-4275-abcf-eb96f54ac830\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"78b18afd-1011-42d7-99e7-9b2b8bb1dfdd\"},\"panelIndex\":\"78b18afd-1011-42d7-99e7-9b2b8bb1dfdd\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (src/dst)","version":1},"id":"58858cb0-55e1-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"644c9760-55db-11e8-a695-171fb712da36","name":"panel_1","type":"visualization"},{"id":"1d773d80-55dc-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","name":"panel_4","type":"visualization"},{"id":"e0216400-336c-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_6","type":"visualization"},{"id":"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-08-09T19:41:42.534Z","version":"WzIwOTgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"id":"5a0b1a10-55c7-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"4a7ea020-5613-11e8-9991-679c12b3fef7\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4d43b390-5613-11e8-9991-679c12b3fef7\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"5af01150-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:47:17.392Z","version":"WzE3NjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE2OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Types of Service (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"5e5bf210-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:46:16.249Z","version":"WzE3NjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Reputations (flows) - TSVB (stacked bar)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.rep_tags\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"flow.rep_tags\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"flow.rep_tags: *\",\"language\":\"kuery\"},\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"5ece5010-3345-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:41.098Z","version":"WzI4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"3a636540-5613-11e8-bbfc-bb680694cbb3\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3e0a2620-5613-11e8-bbfc-bb680694cbb3\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"604bae20-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:46:25.759Z","version":"WzE3NjAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Attributes - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Attributes - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"network.transport\",\"label\":\"IP Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"flow.vlan\",\"label\":\"VLAN\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"flow.tos\",\"label\":\"Type of Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"flow.tcp_flags\",\"label\":\"TCP Flag\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"61ed9a20-561a-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"6486b700-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:48.896Z","version":"WzI2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"id":"64b144f0-658e-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ToS Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ToS Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.tos\",\"customLabel\":\"Types of Service\"}}]}"},"id":"9accd4a0-657a-11e7-8471-e5432f50acbd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzUzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLAN Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.vlan\",\"customLabel\":\"VLANs\"}}]}"},"id":"b13956f0-657a-11e7-8471-e5432f50acbd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flags (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: TCP Flags (bits/s) - TSVB (stacked area)\"}"},"id":"8b09a0f0-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:29:51.656Z","version":"WzM4NDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocol Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocol Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"network.transport\",\"customLabel\":\"IP Protocols\"}}]}"},"id":"e607f720-560f-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flag Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.tcp_flags\",\"customLabel\":\"TCP Flags\"}}]}"},"id":"be939000-560f-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"ac032f10-5612-11e8-987a-399b859ae9e0\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aefebbd0-5612-11e8-987a-399b859ae9e0\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"b3007880-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:32.464Z","version":"WzI4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"21a94970-5613-11e8-932f-d5f0b2e476ba\",\"type\":\"calculation\",\"variables\":[{\"id\":\"23e04db0-5613-11e8-932f-d5f0b2e476ba\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"6a815bb0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:44:56.104Z","version":"WzE3NDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"id":"d297fe60-2fd7-11e7-af27-99e728e71e91","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzU4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"}}]}"},"id":"661ff9d0-55c5-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzYwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"d23a33d0-55c8-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzYxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (attributes)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [**Attributes**](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"fadebf50-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzYyLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":50,\"w\":8,\"h\":11,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":9,\"w\":8,\"h\":11,\"i\":\"49\"},\"panelIndex\":\"49\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"75\"},\"panelIndex\":\"75\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"80\"},\"panelIndex\":\"80\",\"embeddableConfig\":{\"title\":\"IP Protocols (bits/s)\"},\"title\":\"IP Protocols (bits/s)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":61,\"w\":24,\"h\":15,\"i\":\"84\"},\"panelIndex\":\"84\",\"embeddableConfig\":{\"title\":\"TCP Flags (bits/s)\"},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":61,\"w\":24,\"h\":15,\"i\":\"86\"},\"panelIndex\":\"86\",\"embeddableConfig\":{\"title\":\"Types of Service (bits/s)\"},\"title\":\"Types of Service (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"87\"},\"panelIndex\":\"87\",\"embeddableConfig\":{\"title\":\"VLANs (bits/s)\"},\"title\":\"VLANs (bits/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":11,\"i\":\"88\"},\"panelIndex\":\"88\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":50,\"w\":8,\"h\":11,\"i\":\"94\"},\"panelIndex\":\"94\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"111\"},\"panelIndex\":\"111\",\"embeddableConfig\":{\"title\":\"IP Protocols (pkts/s)\"},\"title\":\"IP Protocols (pkts/s)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":76,\"w\":24,\"h\":15,\"i\":\"114\"},\"panelIndex\":\"114\",\"embeddableConfig\":{\"title\":\"TCP Flags (pkts/s)\"},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":15,\"i\":\"116\"},\"panelIndex\":\"116\",\"embeddableConfig\":{\"title\":\"Types of Service (pkts/s)\"},\"title\":\"Types of Service (pkts/s)\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"117\"},\"panelIndex\":\"117\",\"embeddableConfig\":{\"title\":\"VLANs (pkts/s)\"},\"title\":\"VLANs (pkts/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"118\"},\"panelIndex\":\"118\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"120\"},\"panelIndex\":\"120\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":9,\"w\":16,\"h\":11,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"title\":\"VLANs (flow records)\"},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":50,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"title\":\"Types of Service (flow records)\"},\"title\":\"Types of Service (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":50,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"title\":\"TCP Flags (flow records)\"},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":11,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"title\":\"IP Protocols (flow records)\"},\"title\":\"IP Protocols (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"127\"},\"panelIndex\":\"127\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (attributes)","version":1},"id":"64c19720-5619-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"9accd4a0-657a-11e7-8471-e5432f50acbd","name":"panel_0","type":"visualization"},{"id":"b13956f0-657a-11e7-8471-e5432f50acbd","name":"panel_1","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_2","type":"visualization"},{"id":"114eba40-55d4-11e8-a695-171fb712da36","name":"panel_3","type":"visualization"},{"id":"8b09a0f0-55d1-11e8-a695-171fb712da36","name":"panel_4","type":"visualization"},{"id":"28ddcaf0-55d1-11e8-a695-171fb712da36","name":"panel_5","type":"visualization"},{"id":"00b3a860-55d1-11e8-a695-171fb712da36","name":"panel_6","type":"visualization"},{"id":"e607f720-560f-11e8-b711-83a5f93b17f3","name":"panel_7","type":"visualization"},{"id":"be939000-560f-11e8-b711-83a5f93b17f3","name":"panel_8","type":"visualization"},{"id":"b3007880-5613-11e8-b711-83a5f93b17f3","name":"panel_9","type":"visualization"},{"id":"6a815bb0-5613-11e8-b711-83a5f93b17f3","name":"panel_10","type":"visualization"},{"id":"604bae20-5613-11e8-b711-83a5f93b17f3","name":"panel_11","type":"visualization"},{"id":"5af01150-5613-11e8-b711-83a5f93b17f3","name":"panel_12","type":"visualization"},{"id":"61ed9a20-561a-11e8-b711-83a5f93b17f3","name":"panel_13","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_14","type":"visualization"},{"id":"d297fe60-2fd7-11e7-af27-99e728e71e91","name":"panel_15","type":"visualization"},{"id":"4dc994a0-2fd7-11e7-97a8-85d8d5a99269","name":"panel_16","type":"visualization"},{"id":"661ff9d0-55c5-11e8-a1f3-452446793d46","name":"panel_17","type":"visualization"},{"id":"d23a33d0-55c8-11e8-a1f3-452446793d46","name":"panel_18","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"panel_19","type":"visualization"},{"id":"fadebf50-336b-11e9-aec0-c1d93190f676","name":"panel_20","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzYzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sources (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Sources (bits/s) - TSVB (stacked area)\"}"},"id":"64d369b0-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:29:32.643Z","version":"WzM4NDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"id":"64d75bf0-55bf-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"2fbfdab0-5613-11e8-9246-a5562341aeaa\",\"type\":\"calculation\",\"variables\":[{\"id\":\"31d17ca0-5613-11e8-9246-a5562341aeaa\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"65162e80-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:41.504Z","version":"WzE3NTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"client.domain\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"server.domain\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"95799400-55b3-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"id":"98519990-55bb-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"7b10dd00-55e3-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"cc28fff0-801f-11e7-8a72-651c4183643b","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzY4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Overview\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Overview**](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"70567480-335d-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzcxLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":16,\"h\":16,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"title\":\"Services (bytes)\"},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":16,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bytes)\"},\"title\":\"Autonomous Systems (bytes)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":16,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"title\":\"IP Versions and Protocols (bytes)\"},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":16,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"title\":\"Servers and Clients (bytes)\"},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":9,\"w\":16,\"h\":10,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":32,\"y\":19,\"w\":16,\"h\":22,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow: Overview","version":1},"id":"653cf1e0-2fd2-11e7-99ed-49759aed30f5","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"36e56dc0-801a-11e7-8b60-018ea0aa61a0","name":"panel_0","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_1","type":"visualization"},{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"panel_2","type":"visualization"},{"id":"98519990-55bb-11e8-a1f3-452446793d46","name":"panel_3","type":"visualization"},{"id":"7b10dd00-55e3-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"cc28fff0-801f-11e7-8a72-651c4183643b","name":"panel_5","type":"visualization"},{"id":"4b025da0-55e8-11e8-b711-83a5f93b17f3","name":"panel_6","type":"visualization"},{"id":"4c2019f0-55f9-11e8-b711-83a5f93b17f3","name":"panel_7","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_8","type":"visualization"},{"id":"70567480-335d-11e9-aec0-c1d93190f676","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-08-01T18:45:06.545Z","version":"WzE3ODUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"packets\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"65ec5200-3374-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"id":"69f864d0-2fd7-11e7-97a8-85d8d5a99269","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"type\":\"table\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":6,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":7,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}]}"},"id":"6d0c50a0-801d-11e7-bcae-4bd056c878e8","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sources (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"source.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"6f3cf880-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:42:01.396Z","version":"WzE3NDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"6f6d05b0-2fc8-11e7-bf24-57efade8fd83","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3MywxXQ=="}
{"attributes":{"accessibility:disableAnimations":null,"buildNum":32141,"defaultIndex":"elastiflow-*","doc_table:highlight":false,"filters:pinnedByDefault":true,"format:bytes:defaultPattern":"0,0.[00]b","format:number:defaultPattern":"0,0.[00]","format:percent:defaultPattern":"0,0.[00]%","siem:defaultIndex":["elastiflow-*","apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","packetbeat-*","winlogbeat-*"],"siem:enableNewsFeed":false,"siem:timeDefaults":"{\n \"from\": \"now-1h\",\n \"to\": \"now\"\n}","state:storeInSessionStorage":true,"theme:darkMode":true,"timepicker:quickRanges":"[\n {\n \"from\": \"now-15m/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 15 minutes\"\n },\n {\n \"from\": \"now-30m/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 30 minutes\"\n },\n {\n \"from\": \"now-1h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 1 hour\"\n },\n {\n \"from\": \"now-2h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 2 hours\"\n },\n {\n \"from\": \"now-4h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 4 hours\"\n },\n {\n \"from\": \"now-12h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 12 hours\"\n },\n {\n \"from\": \"now-24h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 24 hours\"\n },\n {\n \"from\": \"now-48h/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 48 hours\"\n },\n {\n \"from\": \"now-7d/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 7 days\"\n },\n {\n \"from\": \"now-30d/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 30 days\"\n },\n {\n \"from\": \"now-60d/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 60 days\"\n },\n {\n \"from\": \"now-90d/m\",\n \"to\": \"now/m\",\n \"display\": \"Last 90 days\"\n },\n {\n \"from\": \"now/d\",\n \"to\": \"now/d\",\n \"display\": \"Today\"\n },\n {\n \"from\": \"now/w\",\n \"to\": \"now/w\",\n \"display\": \"This week\"\n },\n {\n \"from\": \"now/M\",\n \"to\": \"now/M\",\n \"display\": \"This month\"\n },\n {\n \"from\": \"now/d\",\n \"to\": \"now\",\n \"display\": \"Today so far\"\n },\n {\n \"from\": \"now/w\",\n \"to\": \"now\",\n \"display\": \"Week to date\"\n },\n {\n \"from\": \"now/M\",\n \"to\": \"now\",\n \"display\": \"Month to date\"\n }\n]","timepicker:timeDefaults":"{\n \"from\": \"now-1h/m\",\n \"to\": \"now/m\"\n}"},"id":"7.8.1","references":[],"type":"config","updated_at":"2020-08-02T13:49:33.122Z","version":"WzE3ODgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"70733c50-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:39.935Z","version":"WzI2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sources (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"05cb3150-5613-11e8-95ce-e7b2166211be\",\"type\":\"calculation\",\"variables\":[{\"id\":\"0f6b0780-5613-11e8-95ce-e7b2166211be\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"70ad67e0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:42:29.003Z","version":"WzE3NDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Port Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.src_port_name\",\"customLabel\":\"Source Ports\"}}]}"},"id":"71272b10-6579-11e7-8471-e5432f50acbd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Countries (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"71b7df60-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:27:29.849Z","version":"WzI1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"NOT server.as.organization.name: private\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"id":"72ff0a90-55c7-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"packets\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"734fbfe0-3374-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"id":"73c37440-658e-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"74cc8db0-55be-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"source.as.organization.name\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"destination.as.organization.name\",\"label\":\"Destnation AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzcyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"id":"77255120-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzczLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (AS)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Src/Dst](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [**AS**](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"9b135210-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"id":"88a5e860-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"id":"97885520-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzc5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (bytes) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name\\\"}}}\\n ]\\n },\\n \\t\\t\\t\\\"aggs\\\": {\\n \\t\\t\\t\\t\\\"bytes\\\": {\\n \\t\\t\\t\\t\\t\\\"sum\\\": {\\n \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n \\t\\t\\t\\t\\t}\\n \\t\\t\\t\\t}\\n \\t\\t\\t}\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"819e7820-3374-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzgwLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Source AS Private\",\"type\":\"phrase\",\"key\":\"source.as.organization.name\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"source.as.organization.name\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Destination AS Private\",\"type\":\"phrase\",\"key\":\"destination.as.organization.name\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"destination.as.organization.name\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"title\":\"Destination Autonomous Systems (flow records)\"},\"title\":\"Destination Autonomous Systems (flow records)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"47\"},\"panelIndex\":\"47\",\"embeddableConfig\":{\"title\":\"Source Autonomous Systems (flow records)\"},\"title\":\"Source Autonomous Systems (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"51\"},\"panelIndex\":\"51\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"title\":\"Source Autonomous Systems (packets)\"},\"title\":\"Source Autonomous Systems (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"title\":\"Source Autonomous Systems (bytes)\"},\"title\":\"Source Autonomous Systems (bytes)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"55\"},\"panelIndex\":\"55\",\"embeddableConfig\":{\"title\":\"Destination Autonomous Systems (bytes)\"},\"title\":\"Destination Autonomous Systems (bytes)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"56\"},\"panelIndex\":\"56\",\"embeddableConfig\":{\"title\":\"Destination Autonomous Systems (packets)\"},\"title\":\"Destination Autonomous Systems (packets)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"57\"},\"panelIndex\":\"57\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow: Flows (AS)","version":1},"id":"757d59f0-5628-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_1","type":"visualization"},{"id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","name":"panel_2","type":"visualization"},{"id":"77255120-55c6-11e8-a1f3-452446793d46","name":"panel_3","type":"visualization"},{"id":"4c52f1f0-55c6-11e8-a1f3-452446793d46","name":"panel_4","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"9b135210-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"},{"id":"066b9700-55c6-11e8-a1f3-452446793d46","name":"panel_7","type":"visualization"},{"id":"1a9184b0-55c6-11e8-a1f3-452446793d46","name":"panel_8","type":"visualization"},{"id":"88a5e860-55c6-11e8-a1f3-452446793d46","name":"panel_9","type":"visualization"},{"id":"97885520-55c6-11e8-a1f3-452446793d46","name":"panel_10","type":"visualization"},{"id":"819e7820-3374-11e9-aec0-c1d93190f676","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzgxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)\"}"},"id":"7884d160-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:18:18.045Z","version":"WzM4MzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"793a6f00-2fdd-11e7-afd7-595689f3f18c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE3OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f82d7990-5612-11e8-aa3f-47704e17ccf8\",\"type\":\"calculation\",\"variables\":[{\"id\":\"fc0f6eb0-5612-11e8-aa3f-47704e17ccf8\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"7a609f00-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:41:45.233Z","version":"WzE3MzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sources (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"source.domain\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"7ef9bfb0-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:42:12.132Z","version":"WzE3NDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"7f7aac00-2fc8-11e7-8bc1-177080983dbf","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Clients (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"81128960-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:25:06.820Z","version":"WzI1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Ports (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"822d3da0-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:41:32.304Z","version":"WzE3MzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"849562d0-55be-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"id":"84e4c9f0-2fd7-11e7-97a8-85d8d5a99269","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Port Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.dst_port_name\",\"customLabel\":\"Destination Ports\"}}]}"},"id":"8500a670-6579-11e7-8471-e5432f50acbd","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"eb6ed730-5612-11e8-88fd-2774a33bc32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f0d103b0-5612-11e8-88fd-2774a33bc32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"854eee30-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Src/Dst](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"88535d00-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"id":"8be71430-55c7-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"8dcbcce0-2fd6-11e7-a82c-3146dd695923","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Clients (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"client.domain\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"8dd6aa00-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:24:56.347Z","version":"WzI1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"flow.server_rep_tags\"},\"meta\":{\"alias\":\"Bad Server Reputation\",\"disabled\":false,\"key\":\"flow.server_rep_tags\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"de602310-330b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzgzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client_rep_tags\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client_rep_tags\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"ee65abb0-330e-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzg0LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":8,\"h\":29,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":35,\"y\":19,\"w\":13,\"h\":29,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":8,\"y\":19,\"w\":14,\"h\":29,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":22,\"y\":19,\"w\":13,\"h\":29,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"title\":\"IP Reputations (flows)\"},\"title\":\"IP Reputations (flows)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Threats","version":1},"id":"8e383000-3309-11e9-aec0-c1d93190f676","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"1fdbf870-330a-11e9-aec0-c1d93190f676","name":"panel_1","type":"visualization"},{"id":"de602310-330b-11e9-aec0-c1d93190f676","name":"panel_2","type":"visualization"},{"id":"ee65abb0-330e-11e9-aec0-c1d93190f676","name":"panel_3","type":"visualization"},{"id":"31db9c00-3310-11e9-aec0-c1d93190f676","name":"panel_4","type":"visualization"},{"id":"5ece5010-3345-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"panel_6","type":"visualization"},{"id":"279aff10-336a-11e9-aec0-c1d93190f676","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzg3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.input_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"8e644b60-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sources (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"8f6da1e0-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:42:19.894Z","version":"WzE3NDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"id":"91653f10-55c5-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Destination Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"id":"9271c180-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:17:49.009Z","version":"WzM4MzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Client Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"id":"92720510-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:15:47.018Z","version":"WzM4MzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"92d2bb50-2820-11ea-bb6a-cd9c0b9d2958","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flags (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"94b202a0-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:44:28.608Z","version":"WzE3NDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Clients (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"client.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"94bf2860-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:24:46.298Z","version":"WzI0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"id":"e1a87390-55cd-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:12:14.196Z","version":"WzM4MjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous System Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"as.organization.name\",\"customLabel\":\"Autonomous Systems\"}}]}"},"id":"d5e94030-5617-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzg5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: City Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geo.city_name\",\"customLabel\":\"Cities\"}}]}"},"id":"c01e5510-5617-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzkxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Country Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geo.country_name\",\"customLabel\":\"Countries\"}}]}"},"id":"afa2d1c0-5617-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzkyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Cities (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Cities (bits/s) - TSVB (stacked area)\"}"},"id":"c6e39d30-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:14:39.045Z","version":"WzM4MzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"e64ae1a0-5611-11e8-ace5-73cdd5366849\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e9f01be0-5611-11e8-ace5-73cdd5366849\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)\"}"},"id":"f2b5acc0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:14:04.554Z","version":"WzM4MjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f5d79820-5611-11e8-937b-f9dd7f7e8b36\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f9111840-5611-11e8-937b-f9dd7f7e8b36\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ebd23770-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"47b1b9f0-5612-11e8-8f25-dd843d63ccd9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4ba84880-5612-11e8-8f25-dd843d63ccd9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d8e1bc80-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:27:46.215Z","version":"WzI0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"flow.traffic_locality\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"as.organization.name\",\"label\":\"Autonomous System\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"geo.country_name\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"geo.city_name\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"id":"c0ca16b0-561d-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"Wzk1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (locality)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [**Locality**](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e79ec4d0-336b-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwMCwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"75\"},\"panelIndex\":\"75\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"78\"},\"panelIndex\":\"78\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bits/s)\"},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"85\"},\"panelIndex\":\"85\",\"embeddableConfig\":{\"title\":\"Traffic Locality (bits/s)\"},\"title\":\"Traffic Locality (bits/s)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":9,\"w\":8,\"h\":11,\"i\":\"96\"},\"panelIndex\":\"96\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":11,\"i\":\"98\"},\"panelIndex\":\"98\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":50,\"w\":8,\"h\":11,\"i\":\"100\"},\"panelIndex\":\"100\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":16,\"y\":50,\"w\":8,\"h\":11,\"i\":\"101\"},\"panelIndex\":\"101\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":61,\"w\":24,\"h\":15,\"i\":\"103\"},\"panelIndex\":\"103\",\"embeddableConfig\":{\"title\":\"Countries (bits/s)\"},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":61,\"w\":24,\"h\":15,\"i\":\"105\"},\"panelIndex\":\"105\",\"embeddableConfig\":{\"title\":\"Cities (bits/s)\"},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"107\"},\"panelIndex\":\"107\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (pkts/s)\"},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":76,\"w\":24,\"h\":15,\"i\":\"108\"},\"panelIndex\":\"108\",\"embeddableConfig\":{\"title\":\"Cities (pkts/s)\"},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":15,\"i\":\"110\"},\"panelIndex\":\"110\",\"embeddableConfig\":{\"title\":\"Countries (pkts/s)\"},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"115\"},\"panelIndex\":\"115\",\"embeddableConfig\":{\"title\":\"Traffic Locality (pkts/s)\"},\"title\":\"Traffic Locality (pkts/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"117\"},\"panelIndex\":\"117\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"120\"},\"panelIndex\":\"120\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":9,\"w\":16,\"h\":11,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (flow records)\"},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":50,\"w\":16,\"h\":11,\"i\":\"122\"},\"panelIndex\":\"122\",\"embeddableConfig\":{\"title\":\"Cities (flow records)\"},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":50,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"title\":\"Countries (flow records)\"},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"title\":\"Traffic Locality (flow records)\"},\"title\":\"Traffic Locality (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (locality)","version":1},"id":"95ccacb0-5619-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"e1a87390-55cd-11e8-a695-171fb712da36","name":"panel_1","type":"visualization"},{"id":"05aa2550-55d2-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"d5e94030-5617-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"003b4bd0-5618-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"c01e5510-5617-11e8-b711-83a5f93b17f3","name":"panel_5","type":"visualization"},{"id":"afa2d1c0-5617-11e8-b711-83a5f93b17f3","name":"panel_6","type":"visualization"},{"id":"3a281650-55d9-11e8-a695-171fb712da36","name":"panel_7","type":"visualization"},{"id":"c6e39d30-55d9-11e8-a695-171fb712da36","name":"panel_8","type":"visualization"},{"id":"f2b5acc0-5613-11e8-b711-83a5f93b17f3","name":"panel_9","type":"visualization"},{"id":"ebd23770-5613-11e8-b711-83a5f93b17f3","name":"panel_10","type":"visualization"},{"id":"d8e1bc80-5613-11e8-b711-83a5f93b17f3","name":"panel_11","type":"visualization"},{"id":"65162e80-5613-11e8-b711-83a5f93b17f3","name":"panel_12","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_13","type":"visualization"},{"id":"c0ca16b0-561d-11e8-b711-83a5f93b17f3","name":"panel_14","type":"visualization"},{"id":"4abad150-55bc-11e8-a1f3-452446793d46","name":"panel_15","type":"visualization"},{"id":"849562d0-55be-11e8-a1f3-452446793d46","name":"panel_16","type":"visualization"},{"id":"64d75bf0-55bf-11e8-a1f3-452446793d46","name":"panel_17","type":"visualization"},{"id":"178b0af0-6230-11e7-9a50-efc26ded795d","name":"panel_18","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"panel_19","type":"visualization"},{"id":"e79ec4d0-336b-11e9-aec0-c1d93190f676","name":"panel_20","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.input_ifname\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"96e6a3a0-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Applications (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"97a057b0-55cb-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"destination.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"981e3d70-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:00.487Z","version":"WzI1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"client.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"9b6dfa20-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"9e614fe0-55d6-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Destinations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Destinations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"9f113d80-6719-11e7-b5b8-29fbded8e37c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"id":"9f5fe3e0-55c5-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"9f9e54b0-2fd6-11e7-a82c-3146dd695923","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"ce9157f0-8020-11e7-bcae-4bd056c878e8","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwMiwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":30,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":30,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\"},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"ElastiFlow: Top Talkers","version":1},"id":"AWFgr4DaugC1WJLdy9iE","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"bb92fa50-8020-11e7-bcae-4bd056c878e8","name":"panel_0","type":"visualization"},{"id":"ce9157f0-8020-11e7-bcae-4bd056c878e8","name":"panel_1","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_2","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"panel_3","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"1d9c7c30-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwNCwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"h\":30,\"i\":\"16\",\"w\":48,\"x\":0,\"y\":19},\"panelIndex\":\"16\",\"embeddableConfig\":{\"title\":\"\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":4,\"i\":\"21\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"21\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":15,\"i\":\"22\",\"w\":38,\"x\":10,\"y\":4},\"panelIndex\":\"22\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\"},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":15,\"i\":\"23\",\"w\":10,\"x\":0,\"y\":4},\"panelIndex\":\"23\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":4,\"i\":\"24\",\"w\":29,\"x\":0,\"y\":0},\"panelIndex\":\"24\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"h\":4,\"i\":\"25\",\"w\":14,\"x\":29,\"y\":0},\"panelIndex\":\"25\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"ElastiFlow: Top Conversations","version":1},"id":"AWFgw02HugC1WJLdzCFZ","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"6d0c50a0-801d-11e7-bcae-4bd056c878e8","name":"panel_0","type":"visualization"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_1","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"panel_4","type":"visualization"},{"id":"47ee87d0-336c-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"id":"AWFgzeMpugC1WJLdzEfQ","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Geo IP**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f16133a0-336a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Geo IP (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**Src/Dst**](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"af914ad0-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEwOSwxXQ=="}
{"attributes":{"bounds":{"coordinates":[[[-180,77.2157],[-180,-56.28471],[180,-56.28471],[180,77.2157],[-180,77.2157]]],"type":"Polygon"},"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"a483fdbc-a682-4c0a-99ee-c3d51d722580\",\"label\":\"World Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":2,\"maxSize\":12,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":10}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"b17d561c-a694-4b62-acf5-2a2728296c3c\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"applyGlobalQuery\":true},\"id\":\"41f8b532-dbc7-41d3-830e-b3bca68248cc\",\"label\":\"Flow\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"20ce6fa9-674e-49bb-b9f9-91340305adc2\",\"type\":\"ES_SEARCH\",\"geoField\":\"destination.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"destination.domain\",\"destination.ip\",\"destination.as.organization.name\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"destination.domain\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}}}},\"id\":\"a19049f1-93ac-47cc-9755-5f8005904ac5\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"c8d3c4e4-7ac4-4d20-963c-d99bbec54349\",\"type\":\"ES_SEARCH\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"source.domain\",\"source.ip\",\"source.as.organization.name\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"source.domain\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_3_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"id\":\"3f53425f-79c0-4eba-8bbf-90ff5425559e\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"flow.traffic_locality : \\\"public\\\" \",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.6,\"center\":{\"lon\":13.3199,\"lat\":27.39736},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}","title":"ElastiFlow: Source/Destination Flows","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"id":"c7190d00-2894-11ea-bb6a-cd9c0b9d2958","migrationVersion":{"map":"7.8.0"},"references":[{"id":"elastiflow-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"type":"map","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"a6194580-2820-11ea-bb6a-cd9c0b9d2958","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExMywxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"flow.traffic_locality\",\"negate\":false,\"params\":{\"query\":\"public\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"flow.traffic_locality\":{\"query\":\"public\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":5,\"i\":\"354c3b8e-30e4-4b18-b229-b2649b22c3d8\"},\"panelIndex\":\"354c3b8e-30e4-4b18-b229-b2649b22c3d8\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":39,\"y\":4,\"w\":9,\"h\":5,\"i\":\"37046cc7-9321-4772-947a-04968b0cdf00\"},\"panelIndex\":\"37046cc7-9321-4772-947a-04968b0cdf00\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"b5d91c44-f79c-4270-9b17-bec654cbb523\"},\"panelIndex\":\"b5d91c44-f79c-4270-9b17-bec654cbb523\",\"embeddableConfig\":{\"title\":\"Destinations and Sources (bytes)\"},\"title\":\"Destinations and Sources (bytes)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":9,\"w\":36,\"h\":33,\"i\":\"1257a855-1848-4fc6-a3ff-31bd011773a1\"},\"panelIndex\":\"1257a855-1848-4fc6-a3ff-31bd011773a1\",\"embeddableConfig\":{\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":27.39736,\"lon\":13.3199,\"zoom\":1.6},\"openTOCDetails\":[],\"title\":\"\",\"hiddenLayers\":[]},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":11,\"i\":\"3e52f111-0b05-4ec3-9f80-297de04d70a2\"},\"panelIndex\":\"3e52f111-0b05-4ec3-9f80-297de04d70a2\",\"embeddableConfig\":{\"title\":\"Destination and Source Ports (bytes)\"},\"title\":\"Destination and Source Ports (bytes)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":31,\"w\":12,\"h\":11,\"i\":\"fd7465e5-e316-431e-9954-abadddf96544\"},\"panelIndex\":\"fd7465e5-e316-431e-9954-abadddf96544\",\"embeddableConfig\":{\"title\":\"Countries and Cities (bytes)\"},\"title\":\"Countries and Cities (bytes)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (src/dst)","version":1},"id":"AWFhE8NZugC1WJLdzYri","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"f16133a0-336a-11e9-aec0-c1d93190f676","name":"panel_1","type":"visualization"},{"id":"af914ad0-336c-11e9-aec0-c1d93190f676","name":"panel_2","type":"visualization"},{"id":"17c29c50-55bd-11e8-a1f3-452446793d46","name":"panel_3","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_4","type":"visualization"},{"id":"4440e130-2fdd-11e7-afd7-595689f3f18c","name":"panel_5","type":"visualization"},{"id":"c7190d00-2894-11ea-bb6a-cd9c0b9d2958","name":"panel_6","type":"map"},{"id":"4898db90-2fdb-11e7-84e6-333bd21ad9fd","name":"panel_7","type":"visualization"},{"id":"a6194580-2820-11ea-bb6a-cd9c0b9d2958","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a109f3f0-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:44:39.378Z","version":"WzE3NTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"destination.as.organization.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a2722160-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:08.412Z","version":"WzI1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Autonomous Systems\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**AS Traffic**](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a44cb030-336a-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"id":"a4ade270-658e-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"id":"a76ff350-55ba-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Conversation Partners","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}]}"},"id":"a7a47e70-2fde-11e7-9d02-3f49bde5c1d5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzE5OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"client.as.organization.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a819b0c0-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"c89ecad0-5612-11e8-b8f4-81e5f5de0f37\",\"type\":\"calculation\",\"variables\":[{\"id\":\"cb30e760-5612-11e8-b8f4-81e5f5de0f37\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a8323470-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:16.760Z","version":"WzI4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"a8b68cb0-2fc8-11e7-8d8b-45ec51795dad","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Geo IP (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Src/Dst](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c0e6b360-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExNSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"flow.traffic_locality\",\"negate\":false,\"params\":{\"query\":\"public\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"flow.traffic_locality\":{\"query\":\"public\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"679d9f0b-e107-4903-bc59-f7d751de7704\"},\"panelIndex\":\"679d9f0b-e107-4903-bc59-f7d751de7704\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"db87bdf2-ab11-4401-92f2-2abb287a1888\"},\"panelIndex\":\"db87bdf2-ab11-4401-92f2-2abb287a1888\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"9f62e1e4-3e7f-4110-bf57-ef955d2b54c6\"},\"panelIndex\":\"9f62e1e4-3e7f-4110-bf57-ef955d2b54c6\",\"embeddableConfig\":{\"title\":\"Servers and Clients (bytes)\"},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":12,\"y\":9,\"w\":36,\"h\":33,\"i\":\"3bc0baf3-6b21-41d6-8758-49299d4f220a\"},\"panelIndex\":\"3bc0baf3-6b21-41d6-8758-49299d4f220a\",\"embeddableConfig\":{\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":29.37361,\"lon\":14.21715,\"zoom\":1.66},\"openTOCDetails\":[],\"title\":\"\",\"hiddenLayers\":[]},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":11,\"i\":\"6045ce35-ad49-469d-8388-d85fa5205d94\"},\"panelIndex\":\"6045ce35-ad49-469d-8388-d85fa5205d94\",\"embeddableConfig\":{\"title\":\"Services (bytes)\"},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":31,\"w\":12,\"h\":11,\"i\":\"25621a58-e8ce-4123-ad52-1ac77089ada6\"},\"panelIndex\":\"25621a58-e8ce-4123-ad52-1ac77089ada6\",\"embeddableConfig\":{\"title\":\"Countries and Cities (bytes)\"},\"title\":\"Countries and Cities (bytes)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (client/server)","version":1},"id":"a932b600-2fd2-11e7-99ed-49759aed30f5","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"f16133a0-336a-11e9-aec0-c1d93190f676","name":"panel_1","type":"visualization"},{"id":"c0e6b360-336c-11e9-aec0-c1d93190f676","name":"panel_2","type":"visualization"},{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"panel_3","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_4","type":"visualization"},{"id":"cc28fff0-801f-11e7-8a72-651c4183643b","name":"panel_5","type":"visualization"},{"id":"0df73330-2815-11ea-bb6a-cd9c0b9d2958","name":"panel_6","type":"map"},{"id":"36e56dc0-801a-11e7-8b60-018ea0aa61a0","name":"panel_7","type":"visualization"},{"id":"a6194580-2820-11ea-bb6a-cd9c0b9d2958","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"a9d0ba20-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:16.937Z","version":"WzI1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ae3c66c0-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:44:46.946Z","version":"WzE3NDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"bc2c73b0-5612-11e8-a8ff-859eba5de32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bf205f50-5612-11e8-a8ff-859eba5de32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ae9de1b0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:49:38.160Z","version":"WzE3NjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"id":"b02faaf0-2fcb-11e7-8df8-b363df28ab61","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"id":"b2c9a3d0-658e-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"b3ed2340-55e3-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)\"}"},"id":"b48fcce0-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:24:39.371Z","version":"WzM4MzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"b577fd40-55c8-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Sources - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Sources - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"b58e1380-6719-11e7-b5b8-29fbded8e37c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"id":"b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"b74bbb70-2fd6-11e7-a82c-3146dd695923","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"id":"b88a8790-2fd7-11e7-bd03-932d3e38a4ff","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIwOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"id":"ba360b70-2820-11ea-bb6a-cd9c0b9d2958","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Services (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"beb869d0-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:39:36.294Z","version":"WzE3MzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"95108cd0-5612-11e8-8cf4-f1fcac410c6e\",\"type\":\"calculation\",\"variables\":[{\"id\":\"97231920-5612-11e8-8cf4-f1fcac410c6e\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"bf600af0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:34:26.136Z","version":"WzI3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: IP Version (bits/s) - TSVB (stacked area)\"}"},"id":"c060cd30-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:26:02.916Z","version":"WzM4NDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"c0997620-55e3-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c3861b50-55ce-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"id":"c4f8cce0-55c8-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"c6b36620-2fc8-11e7-87d6-cdce05879baf","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"host.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c7534460-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:34:00.532Z","version":"WzI3MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain\\\"}}}\\n ]\\n }\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"c824e870-5629-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"73319730-5612-11e8-aef2-8d6be7224727\",\"type\":\"calculation\",\"variables\":[{\"id\":\"76164090-5612-11e8-aef2-8d6be7224727\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"c8e924d0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:29:52.662Z","version":"WzI2OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV: Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_less\":\"p {\\n color: #aaaaaa;\\n margin-top: 0px;\\n margin-bottom: 12px;\\n}\\np a {\\n color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n background-color: #aaaaaa;\\n margin: 0px;\\n height: 1px;\\n}\\na:hover {\\n opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [Src/Dst](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n***\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f06e8450-336c-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzExOSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.8.1\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":19,\"y\":4,\"w\":29,\"h\":10,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":10,\"y\":4,\"w\":9,\"h\":7,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":10,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.8.1\",\"gridData\":{\"x\":10,\"y\":11,\"w\":9,\"h\":3,\"i\":\"a679e537-064d-4750-9461-6a277927701b\"},\"panelIndex\":\"a679e537-064d-4750-9461-6a277927701b\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (client/server)","version":1},"id":"ca480720-2fdf-11e7-9d02-3f49bde5c1d5","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"644c9760-55db-11e8-a695-171fb712da36","name":"panel_1","type":"visualization"},{"id":"1d773d80-55dc-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","name":"panel_3","type":"visualization"},{"id":"18a8f720-55dd-11e8-b711-83a5f93b17f3","name":"panel_4","type":"search"},{"id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"f06e8450-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-08-09T19:40:54.432Z","version":"WzIwOTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"id":"caea3760-6591-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"rawData\\\",\\n \\\"url\\\": {\\n \\\"%context%\\\": true,\\n \\\"%timefield%\\\": \\\"@timestamp\\\",\\n \\\"index\\\": \\\"elastiflow-*\\\",\\n \\\"body\\\": {\\n \\\"size\\\": 0,\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain\\\"}}},\\n {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain\\\"}}}\\n ]\\n }\\n }\\n }\\n }\\n },\\n \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"nodes\\\",\\n \\\"source\\\": \\\"rawData\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n \\\"as\\\": \\\"sortField\\\"\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"size\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groups\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\n \\\"type\\\": \\\"aggregate\\\",\\n \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n \\\"fields\\\": [\\\"size\\\"],\\n \\\"ops\\\": [\\\"sum\\\"],\\n \\\"as\\\": [\\\"total\\\"]\\n },\\n {\\n \\\"type\\\": \\\"stack\\\",\\n \\\"groupby\\\": [\\\"stack\\\"],\\n \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n \\\"field\\\": \\\"total\\\"\\n },\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n },\\n {\\n \\\"name\\\": \\\"destinationNodes\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n },\\n {\\n \\\"name\\\": \\\"edges\\\",\\n \\\"source\\\": \\\"nodes\\\",\\n \\\"transform\\\": [\\n {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n {\\n \\\"type\\\": \\\"lookup\\\",\\n \\\"from\\\": \\\"destinationNodes\\\",\\n \\\"key\\\": \\\"key\\\",\\n \\\"fields\\\": [\\\"key\\\"],\\n \\\"as\\\": [\\\"target\\\"]\\n },\\n {\\n \\\"type\\\": \\\"linkpath\\\",\\n \\\"orient\\\": \\\"horizontal\\\",\\n \\\"shape\\\": \\\"diagonal\\\",\\n \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n \\\"as\\\": \\\"strokeWidth\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\",\\n \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n \\\"as\\\": \\\"percentage\\\"\\n }\\n ]\\n }\\n ],\\n \\\"scales\\\": [\\n {\\n \\\"name\\\": \\\"x\\\",\\n \\\"type\\\": \\\"band\\\",\\n \\\"range\\\": \\\"width\\\",\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n \\\"paddingOuter\\\": 0.01,\\n \\\"paddingInner\\\": 0.98\\n },\\n {\\n \\\"name\\\": \\\"y\\\",\\n \\\"type\\\": \\\"linear\\\",\\n \\\"range\\\": \\\"height\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n },\\n {\\n \\\"name\\\": \\\"color\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": \\\"category\\\",\\n \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n },\\n {\\n \\\"name\\\": \\\"stackNames\\\",\\n \\\"type\\\": \\\"ordinal\\\",\\n \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n }\\n ],\\n \\\"axes\\\": [\\n {\\n \\\"orient\\\": \\\"bottom\\\",\\n \\\"scale\\\": \\\"x\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14}\\n }\\n }\\n }\\n },\\n {\\n \\\"orient\\\": \\\"left\\\",\\n \\\"scale\\\": \\\"y\\\",\\n \\\"labelColor\\\": {\\n \\\"value\\\": \\\"#888888\\\"\\n },\\n \\\"encode\\\": {\\n \\\"labels\\\": {\\n \\\"update\\\": {\\n \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12}\\n }\\n }\\n }\\n }\\n ],\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"path\\\",\\n \\\"name\\\": \\\"edgeMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n \\\"clip\\\": true,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"stroke\\\": [\\n {\\n \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n \\\"scale\\\": \\\"color\\\",\\n \\\"field\\\": \\\"stk2\\\"\\n },\\n {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n ],\\n \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n \\\"strokeOpacity\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n },\\n \\\"zindex\\\": {\\n \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n },\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"rect\\\",\\n \\\"name\\\": \\\"groupMark\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n },\\n \\\"update\\\": {\\n \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n \\\"tooltip\\\": {\\n \\\"signal\\\": \\\"datum.grpId + ' ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n }\\n },\\n \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n }\\n },\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"update\\\": {\\n \\\"x\\\": {\\n \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n },\\n \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 12},\\n \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n \\\"text\\\": {\\n \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n }\\n }\\n }\\n },\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"data\\\": [\\n {\\n \\\"name\\\": \\\"dataForShowAll\\\",\\n \\\"values\\\": [{}],\\n \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n }\\n ],\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n \\\"y\\\": {\\\"value\\\": 30},\\n \\\"width\\\": {\\\"value\\\": 100},\\n \\\"height\\\": {\\\"value\\\": 36}\\n }\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"group\\\",\\n \\\"name\\\": \\\"groupReset\\\",\\n \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n },\\n \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n },\\n \\\"marks\\\": [\\n {\\n \\\"type\\\": \\\"text\\\",\\n \\\"interactive\\\": false,\\n \\\"encode\\\": {\\n \\\"enter\\\": {\\n \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n \\\"fontSize\\\": {\\\"value\\\": 14},\\n \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n }\\n }\\n }\\n ]\\n }\\n ]\\n }\\n ],\\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"groupHover\\\",\\n \\\"value\\\": {},\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n ]\\n },\\n {\\n \\\"name\\\": \\\"groupSelector\\\",\\n \\\"value\\\": false,\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"@groupMark:click!\\\",\\n \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n },\\n {\\n \\\"events\\\": [\\n {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n {\\\"type\\\": \\\"dblclick\\\"}\\n ],\\n \\\"update\\\": \\\"false\\\"\\n }\\n ]\\n }\\n ]\\n}\"},\"aggs\":[]}"},"id":"cd197750-562f-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"cdb8b440-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:31.513Z","version":"WzE3NTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"670b6440-5612-11e8-b312-79bc7794402d\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6ac62250-5612-11e8-b312-79bc7794402d\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ce449a90-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:29:07.800Z","version":"WzI2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Applications (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} pkts\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Applications (packets) - TSVB (stacked area)\"}"},"id":"ce773100-55cb-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:09:41.340Z","version":"WzM4MjYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Services (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"cebac580-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:39:44.084Z","version":"WzE3MzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.type\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d1548dc0-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:59.549Z","version":"WzI4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"host.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d2606630-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:34:08.399Z","version":"WzI3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Cities (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"geo.city_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d3271c20-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:23:54.764Z","version":"WzI0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"5b93e7e0-5612-11e8-b71a-cfa3c16427ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"5f2c77f0-5612-11e8-b71a-cfa3c16427ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"NOT destination.as.organization.name: private\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d45c0d50-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:28:24.586Z","version":"WzI1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"d6729740-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:23.120Z","version":"WzE3NTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"id":"fa3371f0-801a-11e7-b4bd-5b3ceedd298a","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyNSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\"},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\"},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":29,\"y\":0,\"w\":14,\"h\":4,\"i\":\"49\"},\"panelIndex\":\"49\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"50\"},\"panelIndex\":\"50\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"51\"},\"panelIndex\":\"51\",\"embeddableConfig\":{\"title\":\"Clients (bytes)\"},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"title\":\"Clients (packets)\"},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"title\":\"Servers (bytes)\"},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"title\":\"Servers (packets)\"},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow: Flows (client/server)","version":1},"id":"d7124e80-5625-11e8-b711-83a5f93b17f3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"panel_1","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_2","type":"visualization"},{"id":"69f4d440-8019-11e7-af24-27fa1061e1bd","name":"panel_3","type":"visualization"},{"id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","name":"panel_4","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"panel_5","type":"visualization"},{"id":"88535d00-336c-11e9-aec0-c1d93190f676","name":"panel_6","type":"visualization"},{"id":"54525bd0-3373-11e9-aec0-c1d93190f676","name":"panel_7","type":"visualization"},{"id":"37a8b330-8019-11e7-af24-27fa1061e1bd","name":"panel_8","type":"visualization"},{"id":"47bf0c10-8019-11e7-af24-27fa1061e1bd","name":"panel_9","type":"visualization"},{"id":"1c1f5550-801a-11e7-8b60-018ea0aa61a0","name":"panel_10","type":"visualization"},{"id":"fa3371f0-801a-11e7-b4bd-5b3ceedd298a","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyNiwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"meta\":{\"alias\":\"Source AS Private\",\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"source.as.organization.name\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"source.as.organization.name\":\"private\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"Destination AS Private\",\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"destination.as.organization.name\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.as.organization.name\":\"private\"}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.6.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":15,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"title\":\"Destination Autonomous Systems (bits/s)\"},\"title\":\"Destination Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":15,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"title\":\"Source Autonomous Systems (bits/s)\"},\"title\":\"Source Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":24,\"y\":24,\"w\":24,\"h\":15,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"title\":\"Destination Autonomous Systems (pkts/s)\"},\"title\":\"Destination Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":24,\"h\":15,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"title\":\"Source Autonomous Systems (pkts/s)\"},\"title\":\"Source Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: AS Traffic","version":1},"id":"d7e31d40-6589-11e7-bfc3-d74b7bb89482","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"AWFhGnANugC1WJLdzaom","name":"panel_0","type":"visualization"},{"id":"9271c180-55cf-11e8-a695-171fb712da36","name":"panel_1","type":"visualization"},{"id":"290d5be0-55d0-11e8-a695-171fb712da36","name":"panel_2","type":"visualization"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"panel_3","type":"visualization"},{"id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","name":"panel_4","type":"visualization"},{"id":"d45c0d50-5613-11e8-b711-83a5f93b17f3","name":"panel_5","type":"visualization"},{"id":"854eee30-5613-11e8-b711-83a5f93b17f3","name":"panel_6","type":"visualization"},{"id":"a44cb030-336a-11e9-aec0-c1d93190f676","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-04-12T17:17:00.840Z","version":"WzEyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"id":"d8ab4a30-55c6-11e8-a1f3-452446793d46","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIxOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.type\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"da14d960-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:36:07.268Z","version":"WzI4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Services (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"da47ecc0-55d2-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:39:53.867Z","version":"WzE3MjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)\"}"},"id":"dccd45d0-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:18:54.343Z","version":"WzM4MzYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"id":"de88ee40-33af-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"de9b3dd0-2fc8-11e7-844c-67b9b101127b","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"deb4d510-55d8-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:34:16.418Z","version":"WzI3MiwxXQ=="}
{"attributes":{"description":"","fields":{"container":"container.id","host":"host.name","pod":"kubernetes.pod.uid","tiebreaker":"_doc","timestamp":"@timestamp"},"logAlias":"elastiflow-*","logColumns":[{"timestampColumn":{"id":"5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f"}},{"fieldColumn":{"field":"event.dataset","id":" eb9777a8-fcd3-420e-ba7d-172fff6da7a2"}},{"messageColumn":{"id":"b645d6da-824b-4723-9a2a-e8cece1645c0"}}],"metricAlias":"metricbeat-*","name":"Default"},"id":"default","references":[],"type":"infrastructure-ui-source","updated_at":"2020-04-13T13:52:35.549Z","version":"WzE3NjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"df88de80-801f-11e7-8a72-651c4183643b","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLANs (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e12188f0-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:47:06.801Z","version":"WzE3NjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"title\":\"ElastiFlow: Server Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"id":"e160f860-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-08-12T10:27:15.204Z","version":"WzM4NDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e2f1d4c0-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:36:14.568Z","version":"WzI4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"id":"e2f43d10-6591-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destinations (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"destination.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e68a40f0-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:29:25.467Z","version":"WzI2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"0c862c80-5612-11e8-9c03-ebe615bd9c32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"142047a0-5612-11e8-9c03-ebe615bd9c32\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"e71599c0-5613-11e8-b711-83a5f93b17f3","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"id":"e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLANs (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"eab88580-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:46:56.820Z","version":"WzE3NjYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ead75f80-55cd-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"eada0e30-801f-11e7-8a72-651c4183643b","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"server.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"ec11c960-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:36:50.769Z","version":"WzI5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"id":"ef3b6010-33af-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Destination Ports - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Destination Ports - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.dst_port_name\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"id":"ef7699a0-6719-11e7-b5b8-29fbded8e37c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destinations (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"destination.domain\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f058c840-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:29:34.411Z","version":"WzI2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"id":"f11380e0-6591-11e7-bfc3-d74b7bb89482","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Cities (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"geo.city_name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f15da330-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:24:05.961Z","version":"WzI0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"server.as.organization.name\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f262c2b0-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:36:59.307Z","version":"WzE3MjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f279d050-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:23.965Z","version":"WzI4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f4939a80-55d1-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:45:12.740Z","version":"WzE3NTIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLANs (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f54e7b80-55d0-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:46:46.099Z","version":"WzE3NjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"id":"f6be96c0-622f-11e7-abbc-93bb293f5057","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"id":"f8731d50-2fd6-11e7-97a8-85d8d5a99269","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destinations (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"f98654a0-55d7-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:29:43.124Z","version":"WzI2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"fa17b8d0-55cf-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:37:07.600Z","version":"WzI5MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Cities (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"fb44e2a0-55d9-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Protocols (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.transport\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false},\"aggs\":[]}"},"id":"fe07e1f0-55d3-11e8-a695-171fb712da36","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-04-12T17:35:14.054Z","version":"WzI3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"id":"ff6edde0-33af-11e9-aec0-c1d93190f676","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-04-12T17:17:00.840Z","version":"WzIzNCwxXQ=="}
{"exportedCount":339,"missingRefCount":0,"missingReferences":[]}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手