{"attributes":{"allowHidden":false,"fieldAttrs":"{\"source.geo.location.lon\":{\"customLabel\":\"source.geo.location\"},\"destination.geo.location.lon\":{\"customLabel\":\"destination.geo.location\"}}","fieldFormatMap":"{\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.port_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.service_port.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.port_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.as.number.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.as.number.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.as.number\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.vlan.keyword\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"client.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.ip.keyword_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.ip.keyword_trans\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"ipfix.cert_data_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.total_bytes_exp\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.riverbed_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.rev_flow_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_retrans_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_retrans_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.mul_dst_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.in_permanent_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.fwd_flow_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_waas_output_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_waas_input_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_nvzflow_l4_bytes_out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_nvzflow_l4_bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_server_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_server_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_client_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_client_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_app_media_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_resp_to_init_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_resp_to_init_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_init_to_resp_delta_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_init_to_resp_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_if_stat_out_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_if_stat_in_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_flow_resp_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sonic_flow_init_bytes_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.procera_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.procera_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_retrans_out_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_retrans_in_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_clientside_tx_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_clientside_rx_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id5_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id4_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id3_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id2_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.netscaler_ica_channel_id1_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ixia_rev_bytes_delta\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_waas_output_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_waas_input_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_nvzflow_l4_bytes_out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_nvzflow_l4_bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_server_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_server_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_client_retrans_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_client_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_app_media_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cert_rev_data_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cert_obsolete_rev_bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"sdestination.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ssource.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.udp_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.udp_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.sectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.transportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.postLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.octetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.octetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_radius_acct_out_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ntop_radius_acct_in_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.notSentOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.notSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.layer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ignoredOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.sectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.transportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.droppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.flowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.ignoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseResponderOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseSectionExportedOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseTransportOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reversePostLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseNotSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseInitiatorOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseIgnoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseFlowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.reverseDroppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.responderOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postMCastLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.postLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.octetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_radius_acct_out_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ntop_radius_acct_in_octets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.notSentOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.notSentLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetTotalSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetDeltaSumOfSquares\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.layer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.initiatorOctets\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ignoredOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.ignoredLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.flowSelectedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.exportedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedOctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedOctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedLayer2OctetTotalCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.droppedLayer2OctetDeltaCount\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.tcp_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.tcp_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.tcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_sfe_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_outer_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.riverbed_cfe_tcp_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.postNATPortBlockStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.postNATPortBlockEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_untunneled_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_untunneled_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_sip_rtp_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_sip_rtp_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_flow_proto_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.exporterTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ericsson_nat_external_port_start\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ericsson_nat_external_port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.collectorTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_nexus_fastpath_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_nexus_fastpath_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_fw_xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_fw_xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_transport_byte_loss_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_src_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_src_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_server_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_dst_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_dst_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.cisco_avc_client_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tunnel_src_transport_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tunnel_dst_transport_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tenant_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.vmware_tenant_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.udpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.udpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.tcpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.tcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_service_port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_service_port_begin\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_responder_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.sonic_initiator_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseUdpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseUdpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseTcpSourcePort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseTcpDestinationPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePostNAPTSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePostNAPTDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePortRangeStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reversePortRangeEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.postNAPTSourceTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.postNAPTDestinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.portRangeStart\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.portRangeEnd\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_untunneled_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_untunneled_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_sip_rtp_l4_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_sip_rtp_l4_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_flow_proto_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.f5_trans_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.f5_trans_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.exporterTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.exportTransportProtocol\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.destinationTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.collectorTransportPort\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_nexus_fastpath_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_nexus_fastpath_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_fw_xlate_src_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_fw_xlate_dst_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_transport_byte_loss_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.cisco_avc_src_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_src_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_server_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_dst_port_min\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_dst_port_max\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_client_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cert_dns_srv_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cace_remote_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cace_local_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.barracuda_conn_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.barracuda_bind_l4_port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.cisco_avc_app_media_byte_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"netflow.cisco_avc_app_media_byte_rate\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"ipfix.bgpDestinationAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.src_as\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_src_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.dst_as\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpSourceAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpPrevAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpNextAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.reverseBgpDestinationAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_src_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_9\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_7\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_6\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_5\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_4\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_3\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_2\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_10\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_1\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpSourceAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpPrevAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.bgpNextAdjacentAsNumber\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ipfix.ntop_dst_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"netflow.ntop_dst_as_path_8\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"network.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"network.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"000_TEST\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"client.bytes.keyword\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"server.bytes.keyword\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"client.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.nat.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"destination.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"server.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"source.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://elastiflow.irobert.info\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}}}","fields":"[]","name":"elastiflow-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"elastiflow-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"elastiflow-*","managed":false,"references":[],"sort":[1714616462017,8589934679],"type":"index-pattern","typeMigrationVersion":"7.11.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.traffic_locality.keyword\",\"customLabel\":\"Traffic Localities\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"003b4bd0-5618-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934681],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name.keyword\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"00a54450-5630-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934682],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: VLANs (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: VLANs (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"00b3a860-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934683],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Servers (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"server.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"01eab6e0-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934684],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Source Ports - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Source Ports - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"02e25f10-671a-11e7-b5b8-29fbded8e37c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934686],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset.keyword\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"flow.input_ifname.keyword\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.output_ifname.keyword\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a65eb880-5609-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934691],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1f0f0340-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934692],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"86262810-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934693],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"a00fcbf0-5612-11e8-833a-d52124abe7ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a25ec500-5612-11e8-833a-d52124abe7ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b79dce60-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934694],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"83a0e580-5612-11e8-9770-ed998bc0982c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"88cdd130-5612-11e8-9770-ed998bc0982c\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c481fa20-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934695],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Exporters\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [**Exporters**](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c2506770-336a-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934696],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_15\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":15,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Egress Interfaces (bits/s)\",\"panelRefName\":\"panel_16\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":15,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Ingress Interfaces (bits/s)\",\"panelRefName\":\"panel_18\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":24,\"w\":24,\"h\":15,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Ingress Interfaces (pkts/s)\",\"panelRefName\":\"panel_19\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":24,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Egress Interfaces (pkts/s)\",\"panelRefName\":\"panel_20\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_21\"}]","timeRestore":false,"title":"ElastiFlow: Flow Exporters","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"04157d70-6591-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"a65eb880-5609-11e8-b711-83a5f93b17f3","name":"15:panel_15","type":"visualization"},{"id":"1f0f0340-55d6-11e8-a695-171fb712da36","name":"16:panel_16","type":"visualization"},{"id":"86262810-55d6-11e8-a695-171fb712da36","name":"18:panel_18","type":"visualization"},{"id":"b79dce60-5613-11e8-b711-83a5f93b17f3","name":"19:panel_19","type":"visualization"},{"id":"c481fa20-5613-11e8-b711-83a5f93b17f3","name":"20:panel_20","type":"visualization"},{"id":"c2506770-336a-11e9-aec0-c1d93190f676","name":"21:panel_21","type":"visualization"}],"sort":[1714616462017,8589934703],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"04990fe0-6592-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934705],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.transport.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"05719e40-55d4-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934706],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}i/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"05aa2550-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934707],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"066b9700-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934709],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f41316d0-8020-11e7-bcae-4bd056c878e8","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934711],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Services (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b22f5660-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934712],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Types, Exporters & Services - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types, Exporters & Services - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset.keyword\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526140705539\",\"fieldName\":\"flow.service_name.keyword\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7546a110-55fd-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934716],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top IP Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top IP Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Protocols\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a04e4ba0-55fe-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934718],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [**Top-N**](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"30ff5d70-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934719],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (services)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [**Services**](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"33f660e0-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934720],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":30,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_13\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_23\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_24\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":30,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_27\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_28\"}]","timeRestore":false,"title":"ElastiFlow: Top Services","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"0809c1f0-6719-11e7-b5b8-29fbded8e37c","managed":false,"references":[{"id":"f41316d0-8020-11e7-bcae-4bd056c878e8","name":"13:panel_13","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"23:panel_23","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"24:panel_24","type":"visualization"},{"id":"a04e4ba0-55fe-11e8-b711-83a5f93b17f3","name":"26:panel_26","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"27:panel_27","type":"visualization"},{"id":"33f660e0-336c-11e9-aec0-c1d93190f676","name":"28:panel_28","type":"visualization"}],"sort":[1714616462017,8589934727],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ2LDFd"}
{"attributes":{"columns":["host.name.keyword","source.domain.keyword","flow.src_port_name.keyword","destination.domain.keyword","flow.dst_port_name.keyword","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"version\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastiFlow: Flow Records (src/dst) - search","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934729],"type":"search","typeMigrationVersion":"10.2.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ3LDFd"}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"069cfadc-78cf-499a-bc8f-f96a4d5aba8b\",\"label\":\"World Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"EMS_VECTOR_TILE\"},{\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Flows\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":2,\"maxSize\":12,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":10}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"d640d560-9bdb-4ea8-9bfb-039a6df49b1b\",\"sourceGeoField\":\"client.geo.location\",\"destGeoField\":\"server.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"applyGlobalQuery\":true},\"id\":\"545d12d4-132c-46b9-bf82-ad5a79cf959d\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword: \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"6a0aaf6c-9b01-4017-b741-5c2e3b9f8a63\",\"type\":\"ES_SEARCH\",\"geoField\":\"server.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"server.domain.keyword\",\"server.ip.keyword\",\"server.as.organization.name.keyword\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"server.domain.keyword\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}}}},\"id\":\"d473d6d5-7a38-47ee-b101-52894c2d3642\",\"label\":\"Servers\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"8987ad1c-1c79-4f8b-b0cc-8b0a5b6f2c4f\",\"type\":\"ES_SEARCH\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"client.domain.keyword\",\"client.ip.keyword\",\"client.as.organization.name.keyword\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSize\":100,\"topHitsSplitField\":\"client.domain.keyword\",\"indexPatternRefName\":\"layer_3_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"circle\"}}}},\"id\":\"76d27f2b-f3a6-4d20-9635-51d45ad97e67\",\"label\":\"Clients\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword : \\\"public\\\" \",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":2.07,\"center\":{\"lon\":19.69368,\"lat\":18.28101},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}","title":"ElastiFlow: Client/Server Flows","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"0df73330-2815-11ea-bb6a-cd9c0b9d2958","managed":false,"references":[{"id":"elastiflow-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934733],"type":"map","typeMigrationVersion":"8.4.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"0e130320-55c7-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934735],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzQ5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"0edebc40-801b-11e7-b4bd-5b3ceedd298a","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934737],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzUwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1026edb0-2fcc-11e7-842d-39925ea8ac40","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934739],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzUxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.domain.keyword\",\"customLabel\":\"Clients\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1e6fb550-8017-11e7-9e6a-575834c68c0e","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934741],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzUyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.domain.keyword\",\"customLabel\":\"Servers\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2e450d90-8017-11e7-9e6a-575834c68c0e","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934743],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzUzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Service Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.service_name.keyword\",\"customLabel\":\"Services\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2f7d7110-8018-11e7-9e6a-575834c68c0e","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934745],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Clients (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Clients (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9d557dd0-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934746],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Servers (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"1\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Servers (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f7b9c440-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934747],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Application Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"network.application\",\"customLabel\":\"Applications\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c1bbc780-560e-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934749],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"drop_last_bucket\":0,\"use_kibana_indexes\":false},\"title\":\"ElastiFlow: Applications (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"13b75a00-55cd-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934750],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"b907a980-5611-11e8-9d88-a7d70f388fc4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bbfd42d0-5611-11e8-9d88-a7d70f388fc4\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fa458eb0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934751],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzU5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"35bed8e0-5612-11e8-9abc-51bfe6c5250a\",\"type\":\"calculation\",\"variables\":[{\"id\":\"38885920-5612-11e8-9abc-51bfe6c5250a\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"de476b70-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934752],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzYwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Servers (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"d5c99c80-5612-11e8-a6a3-f9047d0437a6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d7fecc00-5612-11e8-a6a3-f9047d0437a6\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"98d03770-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934753],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzYxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Services (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"dfd5f020-5612-11e8-8874-4b2cb46d3ac9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e35ca5e0-5612-11e8-8874-4b2cb46d3ac9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8b7247d0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934754],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzYyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Types - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Types - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"client.domain.keyword\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"server.domain.keyword\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"flow.service_name.keyword\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"network.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b577fca0-561d-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934759],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzYzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d0e385d0-55ba-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934761],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"69f4d440-8019-11e7-af24-27fa1061e1bd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934763],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934765],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"be065300-801a-11e7-a69e-1db8cf608fe4","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934767],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [**Traffic Details**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934768],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (types)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Types**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d2c71350-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934769],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzY5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_54\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":16,\"i\":\"59\"},\"panelIndex\":\"59\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_59\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":50,\"w\":8,\"h\":11,\"i\":\"64\"},\"panelIndex\":\"64\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_64\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"79\"},\"panelIndex\":\"79\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_79\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"81\"},\"panelIndex\":\"81\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_81\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":61,\"w\":24,\"h\":15,\"i\":\"82\"},\"panelIndex\":\"82\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_82\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":50,\"w\":8,\"h\":11,\"i\":\"91\"},\"panelIndex\":\"91\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_91\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":61,\"w\":24,\"h\":15,\"i\":\"92\"},\"panelIndex\":\"92\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_92\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":76,\"w\":24,\"h\":15,\"i\":\"106\"},\"panelIndex\":\"106\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_106\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"109\"},\"panelIndex\":\"109\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_109\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"112\"},\"panelIndex\":\"112\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_112\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":15,\"i\":\"113\"},\"panelIndex\":\"113\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_113\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":40,\"h\":5,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_121\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":50,\"w\":16,\"h\":11,\"i\":\"122\"},\"panelIndex\":\"122\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_122\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_123\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_124\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":16,\"h\":11,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_125\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_126\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"127\"},\"panelIndex\":\"127\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_127\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (types)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"10584050-6234-11e7-8236-19b4b4941e22","managed":false,"references":[{"id":"1e6fb550-8017-11e7-9e6a-575834c68c0e","name":"54:panel_54","type":"visualization"},{"id":"2e450d90-8017-11e7-9e6a-575834c68c0e","name":"59:panel_59","type":"visualization"},{"id":"2f7d7110-8018-11e7-9e6a-575834c68c0e","name":"64:panel_64","type":"visualization"},{"id":"9d557dd0-55d9-11e8-a695-171fb712da36","name":"79:panel_79","type":"visualization"},{"id":"f7b9c440-55d2-11e8-a695-171fb712da36","name":"81:panel_81","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"82:panel_82","type":"visualization"},{"id":"c1bbc780-560e-11e8-b711-83a5f93b17f3","name":"91:panel_91","type":"visualization"},{"id":"13b75a00-55cd-11e8-a695-171fb712da36","name":"92:panel_92","type":"visualization"},{"id":"fa458eb0-5613-11e8-b711-83a5f93b17f3","name":"106:panel_106","type":"visualization"},{"id":"de476b70-5613-11e8-b711-83a5f93b17f3","name":"109:panel_109","type":"visualization"},{"id":"98d03770-5613-11e8-b711-83a5f93b17f3","name":"112:panel_112","type":"visualization"},{"id":"8b7247d0-5613-11e8-b711-83a5f93b17f3","name":"113:panel_113","type":"visualization"},{"id":"b577fca0-561d-11e8-b711-83a5f93b17f3","name":"121:panel_121","type":"visualization"},{"id":"d0e385d0-55ba-11e8-a1f3-452446793d46","name":"122:panel_122","type":"visualization"},{"id":"69f4d440-8019-11e7-af24-27fa1061e1bd","name":"123:panel_123","type":"visualization"},{"id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","name":"124:panel_124","type":"visualization"},{"id":"be065300-801a-11e7-a69e-1db8cf608fe4","name":"125:panel_125","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"126:panel_126","type":"visualization"},{"id":"d2c71350-336b-11e9-aec0-c1d93190f676","name":"127:panel_127","type":"visualization"}],"sort":[1714616462017,8589934789],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzcwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [**Flows**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1094b850-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934790],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzcxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"114eba40-55d4-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934791],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzcyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: ZFlow - Platforms (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"ipfix.ziften_platform\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: *\",\"language\":\"kuery\"},\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: ZFlow - Platforms (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"11a64c90-33b1-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934792],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzczLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Servers (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"server.domain.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"11b0a5d0-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934793],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1418ce10-6592-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934795],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"14fb54b0-556a-11e8-a695-171fb712da36","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934797],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"aefd37a0-33ad-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934800],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"19873c10-33ae-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934803],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"601e5470-33ad-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934805],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzc5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: ZFlow - Commands (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: *\",\"language\":\"kuery\"},\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: ZFlow - Commands (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d827d2e0-33b0-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934806],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzgwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: ZFlow - Users (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"ipfix.userName\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"ipfix.ziften_agent_guid: * \",\"language\":\"kuery\"},\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: ZFlow - Users (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f3c9cc60-33b0-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934807],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzgxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ZFlow - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"ipfix.ziften_hostname\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"ipfix.userName\",\"label\":\"User\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"network.application\",\"label\":\"Command\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name.keyword\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\",\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4ba1be70-33b1-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934812],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzgyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":12,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Commands (bytes) \",\"panelRefName\":\"panel_38\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":5,\"w\":12,\"h\":12,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users (bytes)\",\"panelRefName\":\"panel_39\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":29,\"w\":12,\"h\":12,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Platforms (bytes)\",\"panelRefName\":\"panel_40\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":17,\"w\":36,\"h\":12,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_41\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":5,\"w\":36,\"h\":12,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_42\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":5,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_43\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":29,\"w\":36,\"h\":12,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_44\"}]","timeRestore":false,"title":"ElastiFlow: Ziften ZFlow","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"153634a0-33b2-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"aefd37a0-33ad-11e9-aec0-c1d93190f676","name":"38:panel_38","type":"visualization"},{"id":"19873c10-33ae-11e9-aec0-c1d93190f676","name":"39:panel_39","type":"visualization"},{"id":"601e5470-33ad-11e9-aec0-c1d93190f676","name":"40:panel_40","type":"visualization"},{"id":"d827d2e0-33b0-11e9-aec0-c1d93190f676","name":"41:panel_41","type":"visualization"},{"id":"f3c9cc60-33b0-11e9-aec0-c1d93190f676","name":"42:panel_42","type":"visualization"},{"id":"4ba1be70-33b1-11e9-aec0-c1d93190f676","name":"43:panel_43","type":"visualization"},{"id":"11a64c90-33b1-11e9-aec0-c1d93190f676","name":"44:panel_44","type":"visualization"}],"sort":[1714616462017,8589934820],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzgzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"16438600-2fcb-11e7-befb-31e033c79e4e","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934822],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg0LDFd"}
{"attributes":{"description":"","layout":"vertical","links":[{"destination":"https://songxwn.com/","id":"a5d6b1b9-ed21-4ac8-97ce-c0900976b4b7","order":0,"type":"externalLink"}],"title":"Blog"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"17433e02-2920-4eda-bc21-6a83f9d39993","managed":false,"references":[],"type":"links","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"178b0af0-6230-11e7-9a50-efc26ded795d","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934825],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":500,\"order\":\"desc\",\"dynamicOptions\":false},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"source.domain.keyword\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\",\"dynamicOptions\":false},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"destination.domain.keyword\",\"label\":\"Destnation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"destination.port\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"17c29c50-55bd-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934830],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg3LDFd"}
{"attributes":{"columns":["host.name.keyword","client.domain.keyword","server.domain.keyword","flow.service_name.keyword","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"version\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastiFlow: Flow Records (client/server) - search","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"18a8f720-55dd-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934832],"type":"search","typeMigrationVersion":"10.2.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1a9184b0-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934834],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzg5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1b6b9b90-55c7-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934836],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzkwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"as.organization.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1bf3da30-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934837],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzkxLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1c1f5550-801a-11e7-8b60-018ea0aa61a0","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934839],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzkyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Servers (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1d3b5c10-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934840],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzkzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Record Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"bdd65820-55db-11e8-a230-6b3654bd4d61\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flow Records\",\"terms_field\":\"event.dataset.keyword\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"background_color_rules\":[{\"id\":\"c5d26960-55db-11e8-a230-6b3654bd4d61\"}],\"axis_scale\":\"normal\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1d773d80-55dc-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934841],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (talkers)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Talkers**](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1d9c7c30-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934842],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk1LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1e7d8770-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934844],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk2LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Egress Interfaces (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1fa2c100-6592-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934846],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1fb54370-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934847],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"IP Reputation\",\"type\":\"exists\",\"key\":\"flow.rep_tags.keyword\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.rep_tags.keyword\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.rep_tags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputations\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"1fdbf870-330a-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934850],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"Wzk5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"21671b80-55bf-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934852],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"23d6dc80-2fd6-11e7-bc99-41245d9394f2","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934854],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"24530d50-55be-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934856],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.output_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"25b5bdb0-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934857],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"264fb270-2fdb-11e7-84e6-333bd21ad9fd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934859],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"266da690-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934860],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Threats\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [**Threats**](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"279aff10-336a-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934861],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"28ddcaf0-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934862],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Source Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"290d5be0-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934863],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2aeac270-6230-11e7-84f1-9728c106b1b6","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934865],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEwOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2b35e790-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934866],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"source.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2d872430-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934867],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.output_ifname.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"2e0f7f50-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934868],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"30214c20-33b0-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934871],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"3026fe40-658f-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934873],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"313a9880-2fd6-11e7-bc99-41245d9394f2","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934875],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"_exists_: flow.client_rep_tags.keyword AND server.as.organization.name.keyword: private\"}}],\"filter\":[{\"script\":{\"script\":\"doc['server.ip.keyword'].value == doc['destination.ip.keyword'].value\"}}]}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"At-Risk Servers\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"query_string\\\":{\\\"query\\\":\\\"_exists_: flow.client_rep_tags.keyword AND server.as.organization.name.keyword: private\\\"}}],\\\"filter\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['server.ip.keyword'].value == doc['destination.ip.keyword'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"31db9c00-3310-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934878],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"source.as.organization.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"32231a80-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934879],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"source.domain.keyword\",\"customLabel\":\"Sources\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"3277ea90-6578-11e7-8471-e5432f50acbd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934881],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"35464390-55bc-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934883],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzExOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"36e56dc0-801a-11e7-8b60-018ea0aa61a0","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934885],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"37a8b330-8019-11e7-af24-27fa1061e1bd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934887],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"39a495d0-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934888],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"39c991b0-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934889],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Countries (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Countries (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"3a281650-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934890],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tos.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"3d778910-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934891],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"packets\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"3f597140-3374-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934892],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4023c4b0-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934893],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"40904c50-33b0-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934895],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"41a7e3a0-658f-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934897],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4440e130-2fdd-11e7-afd7-595689f3f18c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934899],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Countries (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"geo.country_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"446257c0-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934900],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"44b3cb70-2fd6-11e7-bc99-41245d9394f2","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934902],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"bb92fa50-8020-11e7-bcae-4bd056c878e8","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934904],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Types, Exporters & Apps - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types, Exporters & Apps - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset.keyword\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526140705539\",\"fieldName\":\"network.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"72ac9770-560c-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934908],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6aa2ae10-560d-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934910],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (apps)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [**Apps**](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"610605e0-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934911],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Application\",\"disabled\":false,\"key\":\"network.application\",\"negate\":false,\"type\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"exists\":{\"field\":\"network.application\"}}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":19,\"w\":20,\"h\":32,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_24\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_25\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":19,\"w\":28,\"h\":32,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_27\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_28\"}]","timeRestore":false,"title":"ElastiFlow: Top Applications","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"44d6d8c0-560b-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"bb92fa50-8020-11e7-bcae-4bd056c878e8","name":"10:panel_10","type":"visualization"},{"id":"13b75a00-55cd-11e8-a695-171fb712da36","name":"24:panel_24","type":"visualization"},{"id":"72ac9770-560c-11e8-b711-83a5f93b17f3","name":"25:panel_25","type":"visualization"},{"id":"6aa2ae10-560d-11e8-b711-83a5f93b17f3","name":"26:panel_26","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"27:panel_27","type":"visualization"},{"id":"610605e0-336c-11e9-aec0-c1d93190f676","name":"28:panel_28","type":"visualization"}],"sort":[1714616462017,8589934919],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"47bf0c10-8019-11e7-af24-27fa1061e1bd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934921],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"47d426a0-2fc8-11e7-8b06-97426538fddd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934923],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzEzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Top-N (conversations)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [Services](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [**Conversations**](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"47ee87d0-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934924],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4898db90-2fdb-11e7-84e6-333bd21ad9fd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934926],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.src_port_name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4aad7a20-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934927],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4abad150-55bc-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934929],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (flow records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4b025da0-55e8-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934931],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4f3525d0-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934933],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Src/Dst**](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"75a2aa30-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934934],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5fd2fe30-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934936],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7c2cfd10-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934938],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8a52f7a0-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934940],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"af1425a0-2fc7-11e7-8936-6f5fd5520124","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934942],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (bytes) - vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.80 : 0.40\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' to ' + datum.stk2 + ' ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.80}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8dc8f0d0-3374-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934943],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_45\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_46\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_52\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_53\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_54\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"55\"},\"panelIndex\":\"55\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_55\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"56\"},\"panelIndex\":\"56\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_56\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"58\"},\"panelIndex\":\"58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_58\"},{\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"59\"},\"panelIndex\":\"59\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_59\"}]","timeRestore":false,"title":"ElastiFlow: Flows (src/dst)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4b86b4c0-5628-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"17c29c50-55bd-11e8-a1f3-452446793d46","name":"45:panel_45","type":"visualization"},{"id":"4f3525d0-2fc7-11e7-8936-6f5fd5520124","name":"46:panel_46","type":"visualization"},{"id":"1e7d8770-2fc7-11e7-8936-6f5fd5520124","name":"48:panel_48","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"52:panel_52","type":"visualization"},{"id":"75a2aa30-336c-11e9-aec0-c1d93190f676","name":"53:panel_53","type":"visualization"},{"id":"5fd2fe30-2fc7-11e7-8936-6f5fd5520124","name":"54:panel_54","type":"visualization"},{"id":"7c2cfd10-2fc7-11e7-8936-6f5fd5520124","name":"55:panel_55","type":"visualization"},{"id":"8a52f7a0-2fc7-11e7-8936-6f5fd5520124","name":"56:panel_56","type":"visualization"},{"id":"af1425a0-2fc7-11e7-8936-6f5fd5520124","name":"58:panel_58","type":"visualization"},{"id":"8dc8f0d0-3374-11e9-aec0-c1d93190f676","name":"59:panel_59","type":"visualization"}],"sort":[1714616462017,8589934954],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Reputations (flow records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.rep_tags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputation\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4c2019f0-55f9-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934956],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4c52f1f0-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934958],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4ce6de10-33b0-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589934961],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4dc994a0-2fd7-11e7-97a8-85d8d5a99269","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934963],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Types (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"4ea0a8d0-658f-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934965],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tos.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"532f1340-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934966],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Types & Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types & Exporters - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"event.dataset.keyword\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589934969],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (bytes) - vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' to ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"54525bd0-3373-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934970],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"55234750-55bf-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934972],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\",\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destination.domain.keyword\",\"customLabel\":\"Destinations\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"55be8550-655e-11e7-9dda-9f993e2ba58b","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934974],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"55f66b20-2fdd-11e7-afd7-595689f3f18c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934976],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Countries (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"geo.country_name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"561570b0-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934977],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Applications (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.application\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"58714360-55cb-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934978],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(27,169,245,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flows\",\"terms_field\":\"event.dataset.keyword\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"644c9760-55db-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934979],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [**Flow Records**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934980],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [**Src/Dst**](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e0216400-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934981],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":4,\"w\":29,\"h\":10,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":9,\"h\":10,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_9\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":10,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_12\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_13\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"78b18afd-1011-42d7-99e7-9b2b8bb1dfdd\"},\"panelIndex\":\"78b18afd-1011-42d7-99e7-9b2b8bb1dfdd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_78b18afd-1011-42d7-99e7-9b2b8bb1dfdd\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (src/dst)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"58858cb0-55e1-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"644c9760-55db-11e8-a695-171fb712da36","name":"8:panel_8","type":"visualization"},{"id":"1d773d80-55dc-11e8-a695-171fb712da36","name":"9:panel_9","type":"visualization"},{"id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","name":"10:panel_10","type":"visualization"},{"id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","name":"12:panel_12","type":"visualization"},{"id":"e0216400-336c-11e9-aec0-c1d93190f676","name":"13:panel_13","type":"visualization"},{"id":"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5","name":"78b18afd-1011-42d7-99e7-9b2b8bb1dfdd:panel_78b18afd-1011-42d7-99e7-9b2b8bb1dfdd","type":"search"}],"sort":[1714616462017,8589934988],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE2OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5a0b1a10-55c7-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934990],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"4a7ea020-5613-11e8-9991-679c12b3fef7\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4d43b390-5613-11e8-9991-679c12b3fef7\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5af01150-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934991],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589934993],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Types of Service (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5e5bf210-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589934994],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Reputations (flows) - TSVB (stacked bar)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.rep_tags.keyword\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bit Rate\",\"terms_field\":\"flow.rep_tags.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"filter\":{\"query\":\"flow.rep_tags.keyword: *\",\"language\":\"kuery\"},\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"5ece5010-3345-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589934995],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"3a636540-5613-11e8-bbfc-bb680694cbb3\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3e0a2620-5613-11e8-bbfc-bb680694cbb3\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"604bae20-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589934996],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Attributes - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Attributes - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"network.transport.keyword\",\"label\":\"IP Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"flow.vlan.keyword\",\"label\":\"VLAN\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"flow.tos.keyword\",\"label\":\"Type of Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"flow.tcp_flags.keyword\",\"label\":\"TCP Flag\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"61ed9a20-561a-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589935001],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_port_name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6486b700-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935002],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"64b144f0-658e-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935004],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ToS Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ToS Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.tos.keyword\",\"customLabel\":\"Types of Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9accd4a0-657a-11e7-8471-e5432f50acbd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935006],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE3OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLAN Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.vlan.keyword\",\"customLabel\":\"VLANs\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b13956f0-657a-11e7-8471-e5432f50acbd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935008],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: TCP Flags (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: TCP Flags (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8b09a0f0-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935009],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocol Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocol Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"network.transport.keyword\",\"customLabel\":\"IP Protocols\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e607f720-560f-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935011],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flag Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.tcp_flags.keyword\",\"customLabel\":\"TCP Flags\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"be939000-560f-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935013],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"ac032f10-5612-11e8-987a-399b859ae9e0\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aefebbd0-5612-11e8-987a-399b859ae9e0\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b3007880-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935014],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"21a94970-5613-11e8-932f-d5f0b2e476ba\",\"type\":\"calculation\",\"variables\":[{\"id\":\"23e04db0-5613-11e8-932f-d5f0b2e476ba\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6a815bb0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935015],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d297fe60-2fd7-11e7-af27-99e728e71e91","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935017],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"661ff9d0-55c5-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935019],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d23a33d0-55c8-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935021],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (attributes)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [**Attributes**](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fadebf50-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935022],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":52,\"w\":8,\"h\":11,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":11,\"w\":8,\"h\":11,\"i\":\"49\"},\"panelIndex\":\"49\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_49\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":22,\"w\":24,\"h\":15,\"i\":\"80\"},\"panelIndex\":\"80\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"IP Protocols (bits/s)\",\"panelRefName\":\"panel_80\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"84\"},\"panelIndex\":\"84\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_84\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"86\"},\"panelIndex\":\"86\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Types of Service (bits/s)\",\"panelRefName\":\"panel_86\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":22,\"w\":24,\"h\":15,\"i\":\"87\"},\"panelIndex\":\"87\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"VLANs (bits/s)\",\"panelRefName\":\"panel_87\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":11,\"w\":8,\"h\":11,\"i\":\"88\"},\"panelIndex\":\"88\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_88\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":52,\"w\":8,\"h\":11,\"i\":\"94\"},\"panelIndex\":\"94\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_94\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":37,\"w\":24,\"h\":15,\"i\":\"111\"},\"panelIndex\":\"111\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"IP Protocols (pkts/s)\",\"panelRefName\":\"panel_111\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":15,\"i\":\"114\"},\"panelIndex\":\"114\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_114\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":15,\"i\":\"116\"},\"panelIndex\":\"116\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Types of Service (pkts/s)\",\"panelRefName\":\"panel_116\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":37,\"w\":24,\"h\":15,\"i\":\"117\"},\"panelIndex\":\"117\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"VLANs (pkts/s)\",\"panelRefName\":\"panel_117\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":5,\"w\":48,\"h\":6,\"i\":\"118\"},\"panelIndex\":\"118\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_118\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":16,\"h\":11,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_121\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Types of Service (flow records)\",\"panelRefName\":\"panel_123\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":52,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_124\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":11,\"w\":16,\"h\":11,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"IP Protocols (flow records)\",\"panelRefName\":\"panel_125\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_126\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":5,\"i\":\"127\"},\"panelIndex\":\"127\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_127\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (attributes)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"64c19720-5619-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"9accd4a0-657a-11e7-8471-e5432f50acbd","name":"48:panel_48","type":"visualization"},{"id":"b13956f0-657a-11e7-8471-e5432f50acbd","name":"49:panel_49","type":"visualization"},{"id":"114eba40-55d4-11e8-a695-171fb712da36","name":"80:panel_80","type":"visualization"},{"id":"8b09a0f0-55d1-11e8-a695-171fb712da36","name":"84:panel_84","type":"visualization"},{"id":"28ddcaf0-55d1-11e8-a695-171fb712da36","name":"86:panel_86","type":"visualization"},{"id":"00b3a860-55d1-11e8-a695-171fb712da36","name":"87:panel_87","type":"visualization"},{"id":"e607f720-560f-11e8-b711-83a5f93b17f3","name":"88:panel_88","type":"visualization"},{"id":"be939000-560f-11e8-b711-83a5f93b17f3","name":"94:panel_94","type":"visualization"},{"id":"b3007880-5613-11e8-b711-83a5f93b17f3","name":"111:panel_111","type":"visualization"},{"id":"6a815bb0-5613-11e8-b711-83a5f93b17f3","name":"114:panel_114","type":"visualization"},{"id":"604bae20-5613-11e8-b711-83a5f93b17f3","name":"116:panel_116","type":"visualization"},{"id":"5af01150-5613-11e8-b711-83a5f93b17f3","name":"117:panel_117","type":"visualization"},{"id":"61ed9a20-561a-11e8-b711-83a5f93b17f3","name":"118:panel_118","type":"visualization"},{"id":"d297fe60-2fd7-11e7-af27-99e728e71e91","name":"121:panel_121","type":"visualization"},{"id":"4dc994a0-2fd7-11e7-97a8-85d8d5a99269","name":"123:panel_123","type":"visualization"},{"id":"661ff9d0-55c5-11e8-a1f3-452446793d46","name":"124:panel_124","type":"visualization"},{"id":"d23a33d0-55c8-11e8-a1f3-452446793d46","name":"125:panel_125","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"126:panel_126","type":"visualization"},{"id":"fadebf50-336b-11e9-aec0-c1d93190f676","name":"127:panel_127","type":"visualization"}],"sort":[1714616462017,8589935042],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Sources (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Sources (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"64d369b0-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935043],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"64d75bf0-55bf-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935045],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"2fbfdab0-5613-11e8-9246-a5562341aeaa\",\"type\":\"calculation\",\"variables\":[{\"id\":\"31d17ca0-5613-11e8-9246-a5562341aeaa\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"65162e80-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935046],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"client.domain.keyword\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"server.domain.keyword\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name.keyword\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"95799400-55b3-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589935051],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Blank","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Blank\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":8,\"markdown\":\"![](https://img.songxwn.com/file/34b6ee6536f0d26bd2827.gif)\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8fee97e0-55b5-11e8-a1f3-452446793d46","managed":false,"references":[],"sort":[1714616462017,8589935052],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Overview\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Overview**](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"70567480-335d-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935053],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":12,\"w\":16,\"h\":16,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Services (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-fc1eeb70-e5aa-48e1-959a-7a2951636d6b\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"fc1eeb70-e5aa-48e1-959a-7a2951636d6b\",\"layerType\":\"data\",\"primaryGroups\":[\"e15a8a02-eb7a-4a03-ad85-3c3358e0b103\"],\"secondaryGroups\":[],\"metrics\":[\"7b260c79-106d-4da4-9426-36166366dcae\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fc1eeb70-e5aa-48e1-959a-7a2951636d6b\":{\"ignoreGlobalFilters\":false,\"columns\":{\"e15a8a02-eb7a-4a03-ad85-3c3358e0b103\":{\"label\":\"Service\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"flow.service_name.keyword\",\"isBucketed\":true,\"params\":{\"size\":35,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7b260c79-106d-4da4-9426-36166366dcae\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7b260c79-106d-4da4-9426-36166366dcae\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e15a8a02-eb7a-4a03-ad85-3c3358e0b103\",\"7b260c79-106d-4da4-9426-36166366dcae\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":8,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_36\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":16,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-fed0ff01-15c6-4375-b2bc-263578d3290f\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"fed0ff01-15c6-4375-b2bc-263578d3290f\",\"layerType\":\"data\",\"primaryGroups\":[\"1945fecd-840f-44eb-b24d-c4c1bc037f28\"],\"secondaryGroups\":[],\"metrics\":[\"f24dfbfc-4fa4-4d54-abc6-60bcd4c87689\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fed0ff01-15c6-4375-b2bc-263578d3290f\":{\"ignoreGlobalFilters\":false,\"columns\":{\"1945fecd-840f-44eb-b24d-c4c1bc037f28\":{\"label\":\"AS\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"as.organization.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":35,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f24dfbfc-4fa4-4d54-abc6-60bcd4c87689\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f24dfbfc-4fa4-4d54-abc6-60bcd4c87689\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"1945fecd-840f-44eb-b24d-c4c1bc037f28\",\"f24dfbfc-4fa4-4d54-abc6-60bcd4c87689\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":16,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-a678d4c1-70e7-49b2-8759-0385b5d6312c\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"a678d4c1-70e7-49b2-8759-0385b5d6312c\",\"layerType\":\"data\",\"primaryGroups\":[\"351f5a72-951c-4332-b912-58039f2c86b8\",\"50698acb-c330-4e19-9d30-0107f719da53\"],\"secondaryGroups\":[],\"metrics\":[\"96534b9b-4dac-43f6-b1a6-4e7c108ce099\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a678d4c1-70e7-49b2-8759-0385b5d6312c\":{\"ignoreGlobalFilters\":false,\"columns\":{\"351f5a72-951c-4332-b912-58039f2c86b8\":{\"label\":\"IP Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.type.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96534b9b-4dac-43f6-b1a6-4e7c108ce099\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"50698acb-c330-4e19-9d30-0107f719da53\":{\"label\":\"IP Protocol\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96534b9b-4dac-43f6-b1a6-4e7c108ce099\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"96534b9b-4dac-43f6-b1a6-4e7c108ce099\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"351f5a72-951c-4332-b912-58039f2c86b8\",\"50698acb-c330-4e19-9d30-0107f719da53\",\"96534b9b-4dac-43f6-b1a6-4e7c108ce099\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":16,\"h\":16,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-1374b638-1700-4d16-8b52-2144ac72b105\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"1374b638-1700-4d16-8b52-2144ac72b105\",\"layerType\":\"data\",\"primaryGroups\":[\"50998850-893b-45a3-a4f0-f987d5ecf4c0\",\"80ab20b9-a6db-4906-bf85-884f95d236a4\"],\"secondaryGroups\":[],\"metrics\":[\"bcb64d3d-d7bd-434e-83b6-5b91a8fc2751\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1374b638-1700-4d16-8b52-2144ac72b105\":{\"ignoreGlobalFilters\":false,\"columns\":{\"50998850-893b-45a3-a4f0-f987d5ecf4c0\":{\"label\":\"Server\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"server.domain.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bcb64d3d-d7bd-434e-83b6-5b91a8fc2751\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"80ab20b9-a6db-4906-bf85-884f95d236a4\":{\"label\":\"Client\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"client.domain.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bcb64d3d-d7bd-434e-83b6-5b91a8fc2751\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bcb64d3d-d7bd-434e-83b6-5b91a8fc2751\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"50998850-893b-45a3-a4f0-f987d5ecf4c0\",\"80ab20b9-a6db-4906-bf85-884f95d236a4\",\"bcb64d3d-d7bd-434e-83b6-5b91a8fc2751\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":16,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: TCP Flags (flow records) - tag cloud（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-981c1068-1988-4f8c-a571-6c7207af9203\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"981c1068-1988-4f8c-a571-6c7207af9203\",\"primaryGroups\":[\"e3e5a707-7acd-4965-b679-a776284fe357\"],\"metrics\":[\"45ca9bd8-be79-4b6c-beba-9d977ec20e93\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"eui_amsterdam_color_blind\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"981c1068-1988-4f8c-a571-6c7207af9203\":{\"ignoreGlobalFilters\":false,\"columns\":{\"e3e5a707-7acd-4965-b679-a776284fe357\":{\"label\":\"TCP Flag\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"flow.tcp_flags.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"45ca9bd8-be79-4b6c-beba-9d977ec20e93\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"45ca9bd8-be79-4b6c-beba-9d977ec20e93\":{\"label\":\"计数\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e3e5a707-7acd-4965-b679-a776284fe357\",\"45ca9bd8-be79-4b6c-beba-9d977ec20e93\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":12,\"w\":16,\"h\":16,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: IP Reputations (flow records) - tag cloud（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsTagcloud\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-a9c0019e-b6b4-4894-af6f-047227cde346\"}],\"state\":{\"visualization\":{\"layerId\":\"a9c0019e-b6b4-4894-af6f-047227cde346\",\"tagAccessor\":\"ec9368b0-6695-457e-ad2e-ac3e07e7bbe0\",\"valueAccessor\":\"8acb40a7-4bdf-457b-aebf-fd27284a4562\",\"maxFontSize\":48,\"minFontSize\":16,\"orientation\":\"single\",\"showLabel\":false,\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"eui_amsterdam_color_blind\",\"colorMode\":{\"type\":\"categorical\"}},\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a9c0019e-b6b4-4894-af6f-047227cde346\":{\"ignoreGlobalFilters\":false,\"columns\":{\"ec9368b0-6695-457e-ad2e-ac3e07e7bbe0\":{\"label\":\"IP Reputation\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"flow.rep_tags.keyword\",\"isBucketed\":true,\"params\":{\"size\":30,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8acb40a7-4bdf-457b-aebf-fd27284a4562\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8acb40a7-4bdf-457b-aebf-fd27284a4562\":{\"label\":\"Flow Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ec9368b0-6695-457e-ad2e-ac3e07e7bbe0\",\"8acb40a7-4bdf-457b-aebf-fd27284a4562\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":0,\"w\":9,\"h\":12,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_43\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":33,\"h\":4,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_44\"},{\"type\":\"links\",\"gridData\":{\"x\":33,\"y\":0,\"w\":6,\"h\":4,\"i\":\"87c0d169-7fa2-46d9-be38-0a18897c52cf\"},\"panelIndex\":\"87c0d169-7fa2-46d9-be38-0a18897c52cf\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}},\"title\":\"个人博客\",\"panelRefName\":\"panel_87c0d169-7fa2-46d9-be38-0a18897c52cf\"}]","timeRestore":false,"title":"ElastiFlow: Overview","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"653cf1e0-2fd2-11e7-99ed-49759aed30f5","managed":false,"references":[{"id":"elastiflow-*","name":"34:indexpattern-datasource-layer-fc1eeb70-e5aa-48e1-959a-7a2951636d6b","type":"index-pattern"},{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"36:panel_36","type":"visualization"},{"id":"elastiflow-*","name":"37:indexpattern-datasource-layer-fed0ff01-15c6-4375-b2bc-263578d3290f","type":"index-pattern"},{"id":"elastiflow-*","name":"39:indexpattern-datasource-layer-a678d4c1-70e7-49b2-8759-0385b5d6312c","type":"index-pattern"},{"id":"elastiflow-*","name":"40:indexpattern-datasource-layer-1374b638-1700-4d16-8b52-2144ac72b105","type":"index-pattern"},{"id":"elastiflow-*","name":"41:indexpattern-datasource-layer-981c1068-1988-4f8c-a571-6c7207af9203","type":"index-pattern"},{"id":"elastiflow-*","name":"42:indexpattern-datasource-layer-a9c0019e-b6b4-4894-af6f-047227cde346","type":"index-pattern"},{"id":"8fee97e0-55b5-11e8-a1f3-452446793d46","name":"43:panel_43","type":"visualization"},{"id":"70567480-335d-11e9-aec0-c1d93190f676","name":"44:panel_44","type":"visualization"},{"id":"17433e02-2920-4eda-bc21-6a83f9d39993","name":"87c0d169-7fa2-46d9-be38-0a18897c52cf:panel_87c0d169-7fa2-46d9-be38-0a18897c52cf","type":"links"}],"sort":[1714616462017,8589935064],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"packets\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"65ec5200-3374-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935065],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"69f864d0-2fd7-11e7-97a8-85d8d5a99269","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935067],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzE5OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"type\":\"table\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":6,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":7,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6d0c50a0-801d-11e7-bcae-4bd056c878e8","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935069],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Sources (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"source.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6f3cf880-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935070],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"6f6d05b0-2fc8-11e7-bf24-57efade8fd83","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935072],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"70733c50-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935073],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Sources (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"05cb3150-5613-11e8-95ce-e7b2166211be\",\"type\":\"calculation\",\"variables\":[{\"id\":\"0f6b0780-5613-11e8-95ce-e7b2166211be\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"70ad67e0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935074],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Port Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"customLabel\":\"Source Ports\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"71272b10-6579-11e7-8471-e5432f50acbd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935076],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Countries (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"71b7df60-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935077],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"NOT server.as.organization.name.keyword: private\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"72ff0a90-55c7-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935079],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (packets) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (packets) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"packets\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.packets\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.packets.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + ' packets (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"734fbfe0-3374-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935080],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"73c37440-658e-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935082],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIwOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"74cc8db0-55be-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935084],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"fieldName\":\"host.name.keyword\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107640219\",\"fieldName\":\"source.as.organization.name.keyword\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526108883717\",\"fieldName\":\"destination.as.organization.name.keyword\",\"label\":\"Destnation AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526108909005\",\"fieldName\":\"flow.service_name.keyword\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589935089],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"77255120-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935091],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (AS)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Src/Dst](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [**AS**](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9b135210-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935092],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"88a5e860-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935094],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"97885520-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935096],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src AS/Dst AS (bytes) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (bytes) - vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.as.organization.name.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.as.organization.name.keyword\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' to ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"819e7820-3374-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935097],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Source AS Private\",\"type\":\"phrase\",\"key\":\"source.as.organization.name.keyword\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"source.as.organization.name.keyword\":{\"query\":\"private\"}}}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Destination AS Private\",\"type\":\"phrase\",\"key\":\"destination.as.organization.name.keyword\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"destination.as.organization.name.keyword\":{\"query\":\"private\"}}}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_45\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination Autonomous Systems (flow records)\",\"panelRefName\":\"panel_46\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"47\"},\"panelIndex\":\"47\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Source Autonomous Systems (flow records)\",\"panelRefName\":\"panel_47\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"51\"},\"panelIndex\":\"51\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_51\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_52\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Source Autonomous Systems (packets)\",\"panelRefName\":\"panel_53\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Source Autonomous Systems (bytes)\",\"panelRefName\":\"panel_54\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"55\"},\"panelIndex\":\"55\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination Autonomous Systems (bytes)\",\"panelRefName\":\"panel_55\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"56\"},\"panelIndex\":\"56\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination Autonomous Systems (packets)\",\"panelRefName\":\"panel_56\"},{\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"57\"},\"panelIndex\":\"57\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_57\"}]","timeRestore":false,"title":"ElastiFlow: Flows (AS)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"757d59f0-5628-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","name":"45:panel_45","type":"visualization"},{"id":"77255120-55c6-11e8-a1f3-452446793d46","name":"46:panel_46","type":"visualization"},{"id":"4c52f1f0-55c6-11e8-a1f3-452446793d46","name":"47:panel_47","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"51:panel_51","type":"visualization"},{"id":"9b135210-336c-11e9-aec0-c1d93190f676","name":"52:panel_52","type":"visualization"},{"id":"066b9700-55c6-11e8-a1f3-452446793d46","name":"53:panel_53","type":"visualization"},{"id":"1a9184b0-55c6-11e8-a1f3-452446793d46","name":"54:panel_54","type":"visualization"},{"id":"88a5e860-55c6-11e8-a1f3-452446793d46","name":"55:panel_55","type":"visualization"},{"id":"97885520-55c6-11e8-a1f3-452446793d46","name":"56:panel_56","type":"visualization"},{"id":"819e7820-3374-11e9-aec0-c1d93190f676","name":"57:panel_57","type":"visualization"}],"sort":[1714616462017,8589935110],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7884d160-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935111],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"793a6f00-2fdd-11e7-afd7-595689f3f18c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935113],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIxOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f82d7990-5612-11e8-aa3f-47704e17ccf8\",\"type\":\"calculation\",\"variables\":[{\"id\":\"fc0f6eb0-5612-11e8-aa3f-47704e17ccf8\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7a609f00-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935114],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7b10dd00-55e3-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935116],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Sources (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"source.domain.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7ef9bfb0-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935117],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"7f7aac00-2fc8-11e7-8bc1-177080983dbf","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935119],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Clients (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"81128960-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935120],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Ports (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"822d3da0-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935121],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.city_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"849562d0-55be-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935123],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Types of Service (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Types of Service (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type of Service\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"84e4c9f0-2fd7-11e7-97a8-85d8d5a99269","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935125],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Port Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"customLabel\":\"Destination Ports\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8500a670-6579-11e7-8471-e5432f50acbd","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935127],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"eb6ed730-5612-11e8-88fd-2774a33bc32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f0d103b0-5612-11e8-88fd-2774a33bc32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"854eee30-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935128],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flows (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Src/Dst](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"88535d00-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935129],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8be71430-55c7-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935131],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8dcbcce0-2fd6-11e7-a82c-3146dd695923","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935133],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Clients (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"client.domain.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8dd6aa00-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935134],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"flow.server_rep_tags\"},\"meta\":{\"alias\":\"Bad Server Reputation\",\"disabled\":false,\"key\":\"flow.server_rep_tags\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"de602310-330b-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589935137],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client_rep_tags.keyword\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client_rep_tags.keyword\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flows\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ee65abb0-330e-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589935140],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":19,\"w\":8,\"h\":29,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":35,\"y\":19,\"w\":13,\"h\":29,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_27\"},{\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":19,\"w\":14,\"h\":29,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_28\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":19,\"w\":13,\"h\":29,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-9d512ba3-1c75-4386-bb10-08909fdb6d25\"},{\"type\":\"index-pattern\",\"name\":\"f60c3578-8a62-41dc-8253-3491c77e6a26\",\"id\":\"elastiflow-*\"}],\"state\":{\"visualization\":{\"layerId\":\"9d512ba3-1c75-4386-bb10-08909fdb6d25\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"e8019352-cc05-4bf5-8b7d-767b476e42c1\",\"alignment\":\"left\"},{\"columnId\":\"ab5614e0-612a-41fd-9466-cb43be8f0002\",\"alignment\":\"left\"},{\"columnId\":\"070ae304-11a6-4f26-9fc1-87e61afcd28e\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"_exists_: flow.client_rep_tags.keyword AND server.as.organization.name.keyword: private\"}}],\"filter\":[{\"script\":{\"script\":\"doc['server.ip.keyword'].value == doc['destination.ip.keyword'].value\"}}]}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"At-Risk Servers\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"query_string\\\":{\\\"query\\\":\\\"_exists_: flow.client_rep_tags.keyword AND server.as.organization.name.keyword: private\\\"}}],\\\"filter\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['server.ip.keyword'].value == doc['destination.ip.keyword'].value\\\"}}]}}\",\"index\":\"f60c3578-8a62-41dc-8253-3491c77e6a26\"},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d512ba3-1c75-4386-bb10-08909fdb6d25\":{\"ignoreGlobalFilters\":false,\"columns\":{\"ab5614e0-612a-41fd-9466-cb43be8f0002\":{\"label\":\"At-Risk Servers\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"server.domain.keyword\",\"isBucketed\":true,\"params\":{\"size\":99,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e8019352-cc05-4bf5-8b7d-767b476e42c1\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"070ae304-11a6-4f26-9fc1-87e61afcd28e\":{\"label\":\"IP Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"server.ip.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e8019352-cc05-4bf5-8b7d-767b476e42c1\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e8019352-cc05-4bf5-8b7d-767b476e42c1\":{\"label\":\"Flows\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ab5614e0-612a-41fd-9466-cb43be8f0002\",\"070ae304-11a6-4f26-9fc1-87e61afcd28e\",\"e8019352-cc05-4bf5-8b7d-767b476e42c1\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked bar)（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"showSingleSeries\":true,\"position\":\"right\",\"shouldTruncate\":true,\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"fillOpacity\":0.8,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"seriesType\":\"bar_stacked\",\"layerType\":\"data\",\"layerId\":\"3cb6dd35-2f70-4101-8a9d-542d76e94c0f\",\"accessors\":[\"afa4db1b-ce5b-417b-a28e-a0b9d181ade8\"],\"yConfig\":[{\"forAccessor\":\"afa4db1b-ce5b-417b-a28e-a0b9d181ade8\",\"color\":\"rgba(144,201,227,1)\",\"axisMode\":\"left\"}],\"xAccessor\":\"0b541f90-4a3f-4e62-b0ea-a497666dc765\",\"splitAccessor\":\"3e71f362-df3f-44bf-9b07-80fbeda9f78a\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3cb6dd35-2f70-4101-8a9d-542d76e94c0f\":{\"ignoreGlobalFilters\":false,\"columns\":{\"0b541f90-4a3f-4e62-b0ea-a497666dc765\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":true}},\"3e71f362-df3f-44bf-9b07-80fbeda9f78a\":{\"label\":\"flow.rep_tags.keyword 的排名前 50  的值\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"flow.rep_tags.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"afa4db1b-ce5b-417b-a28e-a0b9d181ade8\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"afa4db1b-ce5b-417b-a28e-a0b9d181ade8\":{\"label\":\"Bit Rate\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"format\":{\"id\":\"number\"},\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0b541f90-4a3f-4e62-b0ea-a497666dc765\",\"3e71f362-df3f-44bf-9b07-80fbeda9f78a\",\"afa4db1b-ce5b-417b-a28e-a0b9d181ade8\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[{\"type\":\"index-pattern\",\"id\":\"tsvb_ad_hoc_elastiflow-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-3cb6dd35-2f70-4101-8a9d-542d76e94c0f\"}],\"adHocDataViews\":{\"tsvb_ad_hoc_elastiflow-*/@timestamp\":{\"id\":\"tsvb_ad_hoc_elastiflow-*/@timestamp\",\"title\":\"elastiflow-*\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"fieldFormats\":{},\"runtimeFieldMap\":{},\"fieldAttrs\":{},\"allowNoIndex\":false,\"name\":\"elastiflow-*\",\"allowHidden\":false}}}},\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_31\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_32\"}]","timeRestore":false,"title":"ElastiFlow: Threats","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8e383000-3309-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"1fdbf870-330a-11e9-aec0-c1d93190f676","name":"26:panel_26","type":"visualization"},{"id":"de602310-330b-11e9-aec0-c1d93190f676","name":"27:panel_27","type":"visualization"},{"id":"ee65abb0-330e-11e9-aec0-c1d93190f676","name":"28:panel_28","type":"visualization"},{"id":"elastiflow-*","name":"29:indexpattern-datasource-layer-9d512ba3-1c75-4386-bb10-08909fdb6d25","type":"index-pattern"},{"id":"elastiflow-*","name":"29:f60c3578-8a62-41dc-8253-3491c77e6a26","type":"index-pattern"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"31:panel_31","type":"visualization"},{"id":"279aff10-336a-11e9-aec0-c1d93190f676","name":"32:panel_32","type":"visualization"}],"sort":[1714616462017,8589935148],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.input_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8e644b60-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935149],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Sources (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"source.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"8f6da1e0-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935150],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"91653f10-55c5-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935152],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzIzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Destination Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9271c180-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935153],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Client Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"92720510-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935154],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"92d2bb50-2820-11ea-bb6a-cd9c0b9d2958","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935156],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: TCP Flags (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tcp_flags.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"94b202a0-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935157],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Clients (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"client.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"94bf2860-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935158],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e1a87390-55cd-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935159],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous System Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"as.organization.name.keyword\",\"customLabel\":\"Autonomous Systems\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d5e94030-5617-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935161],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: City Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geo.city_name.keyword\",\"customLabel\":\"Cities\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c01e5510-5617-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935163],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Country Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geo.country_name.keyword\",\"customLabel\":\"Countries\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"afa2d1c0-5617-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935165],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Cities (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Cities (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c6e39d30-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935166],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"e64ae1a0-5611-11e8-ace5-73cdd5366849\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e9f01be0-5611-11e8-ace5-73cdd5366849\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f2b5acc0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935167],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f5d79820-5611-11e8-937b-f9dd7f7e8b36\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f9111840-5611-11e8-937b-f9dd7f7e8b36\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ebd23770-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935168],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"47b1b9f0-5612-11e8-8f25-dd843d63ccd9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4ba84880-5612-11e8-8f25-dd843d63ccd9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.country_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d8e1bc80-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935169],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"fieldName\":\"flow.traffic_locality.keyword\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1526107541713\",\"fieldName\":\"as.organization.name.keyword\",\"label\":\"Autonomous System\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1526153132040\",\"fieldName\":\"geo.country_name.keyword\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1526153149794\",\"fieldName\":\"geo.city_name.keyword\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c0ca16b0-561d-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589935174],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Traffic Details (locality)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [**Locality**](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e79ec4d0-336b-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935175],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"78\"},\"panelIndex\":\"78\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_78\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"85\"},\"panelIndex\":\"85\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Traffic Locality (bits/s)\",\"panelRefName\":\"panel_85\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":9,\"w\":8,\"h\":11,\"i\":\"96\"},\"panelIndex\":\"96\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_96\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":11,\"i\":\"98\"},\"panelIndex\":\"98\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_98\"},{\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":50,\"w\":8,\"h\":11,\"i\":\"100\"},\"panelIndex\":\"100\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_100\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":50,\"w\":8,\"h\":11,\"i\":\"101\"},\"panelIndex\":\"101\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_101\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":61,\"w\":24,\"h\":15,\"i\":\"103\"},\"panelIndex\":\"103\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_103\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":61,\"w\":24,\"h\":15,\"i\":\"105\"},\"panelIndex\":\"105\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_105\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"107\"},\"panelIndex\":\"107\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_107\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":76,\"w\":24,\"h\":15,\"i\":\"108\"},\"panelIndex\":\"108\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_108\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":15,\"i\":\"110\"},\"panelIndex\":\"110\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_110\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"115\"},\"panelIndex\":\"115\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Traffic Locality (pkts/s)\",\"panelRefName\":\"panel_115\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"120\"},\"panelIndex\":\"120\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_120\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":16,\"h\":11,\"i\":\"121\"},\"panelIndex\":\"121\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_121\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":50,\"w\":16,\"h\":11,\"i\":\"122\"},\"panelIndex\":\"122\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_122\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":16,\"h\":11,\"i\":\"123\"},\"panelIndex\":\"123\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_123\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":11,\"i\":\"124\"},\"panelIndex\":\"124\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Traffic Locality (flow records)\",\"panelRefName\":\"panel_124\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"125\"},\"panelIndex\":\"125\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_125\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"126\"},\"panelIndex\":\"126\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_126\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (locality)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"95ccacb0-5619-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"e1a87390-55cd-11e8-a695-171fb712da36","name":"78:panel_78","type":"visualization"},{"id":"05aa2550-55d2-11e8-a695-171fb712da36","name":"85:panel_85","type":"visualization"},{"id":"d5e94030-5617-11e8-b711-83a5f93b17f3","name":"96:panel_96","type":"visualization"},{"id":"003b4bd0-5618-11e8-b711-83a5f93b17f3","name":"98:panel_98","type":"visualization"},{"id":"c01e5510-5617-11e8-b711-83a5f93b17f3","name":"100:panel_100","type":"visualization"},{"id":"afa2d1c0-5617-11e8-b711-83a5f93b17f3","name":"101:panel_101","type":"visualization"},{"id":"3a281650-55d9-11e8-a695-171fb712da36","name":"103:panel_103","type":"visualization"},{"id":"c6e39d30-55d9-11e8-a695-171fb712da36","name":"105:panel_105","type":"visualization"},{"id":"f2b5acc0-5613-11e8-b711-83a5f93b17f3","name":"107:panel_107","type":"visualization"},{"id":"ebd23770-5613-11e8-b711-83a5f93b17f3","name":"108:panel_108","type":"visualization"},{"id":"d8e1bc80-5613-11e8-b711-83a5f93b17f3","name":"110:panel_110","type":"visualization"},{"id":"65162e80-5613-11e8-b711-83a5f93b17f3","name":"115:panel_115","type":"visualization"},{"id":"c0ca16b0-561d-11e8-b711-83a5f93b17f3","name":"120:panel_120","type":"visualization"},{"id":"4abad150-55bc-11e8-a1f3-452446793d46","name":"121:panel_121","type":"visualization"},{"id":"849562d0-55be-11e8-a1f3-452446793d46","name":"122:panel_122","type":"visualization"},{"id":"64d75bf0-55bf-11e8-a1f3-452446793d46","name":"123:panel_123","type":"visualization"},{"id":"178b0af0-6230-11e7-9a50-efc26ded795d","name":"124:panel_124","type":"visualization"},{"id":"4bdddfe0-336b-11e9-aec0-c1d93190f676","name":"125:panel_125","type":"visualization"},{"id":"e79ec4d0-336b-11e9-aec0-c1d93190f676","name":"126:panel_126","type":"visualization"}],"sort":[1714616462017,8589935195],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.input_ifname.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"96e6a3a0-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935196],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Applications (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"97a057b0-55cb-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935197],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"destination.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"981e3d70-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935198],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"98519990-55bb-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935200],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"client.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9b6dfa20-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935201],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_ifname.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9e614fe0-55d6-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935202],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Destinations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Destinations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9f113d80-6719-11e7-b5b8-29fbded8e37c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935204],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":12,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9f5fe3e0-55c5-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935206],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"9f9e54b0-2fd6-11e7-a82c-3146dd695923","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935208],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":30,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Top Clients - table（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-f9ae514f-a8a3-423f-99b2-7a11eea77f83\"}],\"state\":{\"visualization\":{\"layerId\":\"f9ae514f-a8a3-423f-99b2-7a11eea77f83\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"9ecc4daf-2420-4218-9683-7628760f93e2\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"9946737c-bcdc-42d5-9133-c79682994783\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"9d0b7445-1302-471f-bdab-710f4730d76a\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"da98459d-8722-491b-afc8-23aa3c13a836\",\"alignment\":\"left\"},{\"columnId\":\"eddbe4af-c271-4637-a0a7-36e3f9bf61b7\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f9ae514f-a8a3-423f-99b2-7a11eea77f83\":{\"ignoreGlobalFilters\":false,\"columns\":{\"da98459d-8722-491b-afc8-23aa3c13a836\":{\"label\":\"Top Clients\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"client.domain.keyword\",\"isBucketed\":true,\"params\":{\"size\":499,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ecc4daf-2420-4218-9683-7628760f93e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eddbe4af-c271-4637-a0a7-36e3f9bf61b7\":{\"label\":\"IP Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"client.ip.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ecc4daf-2420-4218-9683-7628760f93e2\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9ecc4daf-2420-4218-9683-7628760f93e2\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"9946737c-bcdc-42d5-9133-c79682994783\":{\"label\":\"Packets\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.packets\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"9d0b7445-1302-471f-bdab-710f4730d76a\":{\"label\":\"Flow Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"da98459d-8722-491b-afc8-23aa3c13a836\",\"eddbe4af-c271-4637-a0a7-36e3f9bf61b7\",\"9ecc4daf-2420-4218-9683-7628760f93e2\",\"9946737c-bcdc-42d5-9133-c79682994783\",\"9d0b7445-1302-471f-bdab-710f4730d76a\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":30,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Top Servers - table（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-90945ee2-8764-4668-acdb-911f0f92c876\"}],\"state\":{\"visualization\":{\"layerId\":\"90945ee2-8764-4668-acdb-911f0f92c876\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"8d4ceffa-6971-47c6-8918-f11fc927d1c7\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"9f6c0242-0b1d-4a62-b579-df1a7da97b9e\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"fcdb8261-0b1b-4cd2-9bc6-6c19c78baaac\",\"alignment\":\"left\",\"summaryRow\":\"sum\"},{\"columnId\":\"1a27eadd-303f-4119-ab75-c2437ff1329f\",\"alignment\":\"left\"},{\"columnId\":\"44f13a02-d6e4-4dc3-8e77-b77e1875f907\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"90945ee2-8764-4668-acdb-911f0f92c876\":{\"ignoreGlobalFilters\":false,\"columns\":{\"1a27eadd-303f-4119-ab75-c2437ff1329f\":{\"label\":\"Top Servers\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"server.domain.keyword\",\"isBucketed\":true,\"params\":{\"size\":499,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d4ceffa-6971-47c6-8918-f11fc927d1c7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"44f13a02-d6e4-4dc3-8e77-b77e1875f907\":{\"label\":\"IP Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"server.ip.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d4ceffa-6971-47c6-8918-f11fc927d1c7\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8d4ceffa-6971-47c6-8918-f11fc927d1c7\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"9f6c0242-0b1d-4a62-b579-df1a7da97b9e\":{\"label\":\"Packets\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.packets\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"fcdb8261-0b1b-4cd2-9bc6-6c19c78baaac\":{\"label\":\"Flow Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"1a27eadd-303f-4119-ab75-c2437ff1329f\",\"44f13a02-d6e4-4dc3-8e77-b77e1875f907\",\"8d4ceffa-6971-47c6-8918-f11fc927d1c7\",\"9f6c0242-0b1d-4a62-b579-df1a7da97b9e\",\"fcdb8261-0b1b-4cd2-9bc6-6c19c78baaac\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_21\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_22\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_23\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_24\"}]","timeRestore":false,"title":"ElastiFlow: Top Talkers","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"AWFgr4DaugC1WJLdy9iE","managed":false,"references":[{"id":"elastiflow-*","name":"10:indexpattern-datasource-layer-f9ae514f-a8a3-423f-99b2-7a11eea77f83","type":"index-pattern"},{"id":"elastiflow-*","name":"12:indexpattern-datasource-layer-90945ee2-8764-4668-acdb-911f0f92c876","type":"index-pattern"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"21:panel_21","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"22:panel_22","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"23:panel_23","type":"visualization"},{"id":"1d9c7c30-336c-11e9-aec0-c1d93190f676","name":"24:panel_24","type":"visualization"}],"sort":[1714616462017,8589935215],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":19,\"w\":48,\"h\":30,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_16\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":15,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_22\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":15,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_23\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_24\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_25\"}]","timeRestore":false,"title":"ElastiFlow: Top Conversations","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"AWFgw02HugC1WJLdzCFZ","managed":false,"references":[{"id":"6d0c50a0-801d-11e7-bcae-4bd056c878e8","name":"16:panel_16","type":"visualization"},{"id":"b22f5660-55d2-11e8-a695-171fb712da36","name":"22:panel_22","type":"visualization"},{"id":"7546a110-55fd-11e8-b711-83a5f93b17f3","name":"23:panel_23","type":"visualization"},{"id":"30ff5d70-336b-11e9-aec0-c1d93190f676","name":"24:panel_24","type":"visualization"},{"id":"47ee87d0-336c-11e9-aec0-c1d93190f676","name":"25:panel_25","type":"visualization"}],"sort":[1714616462017,8589935221],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"AWFgzeMpugC1WJLdzEfQ","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935223],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Geo IP**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f16133a0-336a-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935224],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Geo IP (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP (src/dst)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Client/Server](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**Src/Dst**](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"af914ad0-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935225],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI2OSwxXQ=="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"a483fdbc-a682-4c0a-99ee-c3d51d722580\",\"label\":\"World Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"EMS_VECTOR_TILE\"},{\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":2,\"maxSize\":12,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":10}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"b17d561c-a694-4b62-acf5-2a2728296c3c\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"applyGlobalQuery\":true},\"id\":\"41f8b532-dbc7-41d3-830e-b3bca68248cc\",\"label\":\"Flow\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"20ce6fa9-674e-49bb-b9f9-91340305adc2\",\"type\":\"ES_SEARCH\",\"geoField\":\"destination.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"destination.domain.keyword\",\"destination.ip.keyword\",\"destination.as.organization.name.keyword\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"destination.domain.keyword\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Greens\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"useCustomColorRamp\":false,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}}}},\"id\":\"a19049f1-93ac-47cc-9755-5f8005904ac5\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword : \\\"public\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"c8d3c4e4-7ac4-4d20-963c-d99bbec54349\",\"type\":\"ES_SEARCH\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[\"source.domain.keyword\",\"source.ip.keyword\",\"source.as.organization.name.keyword\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"source.domain.keyword\",\"topHitsSize\":100,\"indexPatternRefName\":\"layer_3_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"TOP_HITS\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"network.packets\",\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"id\":\"3f53425f-79c0-4eba-8bbf-90ff5425559e\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"query\":{\"query\":\"flow.traffic_locality.keyword : \\\"public\\\" \",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.6,\"center\":{\"lon\":13.3199,\"lat\":27.39736},\"timeFilters\":{\"from\":\"now-1h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}","title":"ElastiFlow: Source/Destination Flows","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c7190d00-2894-11ea-bb6a-cd9c0b9d2958","managed":false,"references":[{"id":"elastiflow-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1714616462017,8589935229],"type":"map","typeMigrationVersion":"8.4.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"flow.traffic_locality.keyword\",\"negate\":false,\"params\":{\"query\":\"public\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"flow.traffic_locality.keyword\":{\"query\":\"public\"}}}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_37\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_38\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"354c3b8e-30e4-4b18-b229-b2649b22c3d8\"},\"panelIndex\":\"354c3b8e-30e4-4b18-b229-b2649b22c3d8\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_354c3b8e-30e4-4b18-b229-b2649b22c3d8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"b5d91c44-f79c-4270-9b17-bec654cbb523\"},\"panelIndex\":\"b5d91c44-f79c-4270-9b17-bec654cbb523\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destinations and Sources (bytes)\",\"panelRefName\":\"panel_b5d91c44-f79c-4270-9b17-bec654cbb523\"},{\"type\":\"map\",\"gridData\":{\"x\":12,\"y\":9,\"w\":36,\"h\":33,\"i\":\"1257a855-1848-4fc6-a3ff-31bd011773a1\"},\"panelIndex\":\"1257a855-1848-4fc6-a3ff-31bd011773a1\",\"embeddableConfig\":{\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":37.46417,\"lon\":34.35416,\"zoom\":1.51},\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":true,\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":270,\"maxLat\":85.05113}},\"title\":\"\",\"panelRefName\":\"panel_1257a855-1848-4fc6-a3ff-31bd011773a1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":11,\"i\":\"3e52f111-0b05-4ec3-9f80-297de04d70a2\"},\"panelIndex\":\"3e52f111-0b05-4ec3-9f80-297de04d70a2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination and Source Ports (bytes)\",\"panelRefName\":\"panel_3e52f111-0b05-4ec3-9f80-297de04d70a2\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":31,\"w\":12,\"h\":11,\"i\":\"fd7465e5-e316-431e-9954-abadddf96544\"},\"panelIndex\":\"fd7465e5-e316-431e-9954-abadddf96544\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-218841f0-e1e1-4233-9244-9a4d4f865925\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"218841f0-e1e1-4233-9244-9a4d4f865925\",\"layerType\":\"data\",\"primaryGroups\":[\"8d98ca4f-f2f6-4891-b92e-3768ebd57fd9\",\"16934f5f-87da-4d3f-92ad-6ab3a7fd3089\"],\"secondaryGroups\":[],\"metrics\":[\"028d4390-8ff2-44fd-8838-a9b131e23150\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"218841f0-e1e1-4233-9244-9a4d4f865925\":{\"ignoreGlobalFilters\":false,\"columns\":{\"8d98ca4f-f2f6-4891-b92e-3768ebd57fd9\":{\"label\":\"Country\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"geo.country_name.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"028d4390-8ff2-44fd-8838-a9b131e23150\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"028d4390-8ff2-44fd-8838-a9b131e23150\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"8d98ca4f-f2f6-4891-b92e-3768ebd57fd9\",\"028d4390-8ff2-44fd-8838-a9b131e23150\"],\"incompleteColumns\":{\"16934f5f-87da-4d3f-92ad-6ab3a7fd3089\":{\"operationType\":\"terms\"}}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]","timeRestore":false,"title":"ElastiFlow: Geo Location (src/dst)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"AWFhE8NZugC1WJLdzYri","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"f16133a0-336a-11e9-aec0-c1d93190f676","name":"37:panel_37","type":"visualization"},{"id":"af914ad0-336c-11e9-aec0-c1d93190f676","name":"38:panel_38","type":"visualization"},{"id":"17c29c50-55bd-11e8-a1f3-452446793d46","name":"354c3b8e-30e4-4b18-b229-b2649b22c3d8:panel_354c3b8e-30e4-4b18-b229-b2649b22c3d8","type":"visualization"},{"id":"4440e130-2fdd-11e7-afd7-595689f3f18c","name":"b5d91c44-f79c-4270-9b17-bec654cbb523:panel_b5d91c44-f79c-4270-9b17-bec654cbb523","type":"visualization"},{"id":"c7190d00-2894-11ea-bb6a-cd9c0b9d2958","name":"1257a855-1848-4fc6-a3ff-31bd011773a1:panel_1257a855-1848-4fc6-a3ff-31bd011773a1","type":"map"},{"id":"4898db90-2fdb-11e7-84e6-333bd21ad9fd","name":"3e52f111-0b05-4ec3-9f80-297de04d70a2:panel_3e52f111-0b05-4ec3-9f80-297de04d70a2","type":"visualization"},{"id":"elastiflow-*","name":"fd7465e5-e316-431e-9954-abadddf96544:indexpattern-datasource-layer-218841f0-e1e1-4233-9244-9a4d4f865925","type":"index-pattern"}],"sort":[1714616462017,8589935238],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tcp_flags.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a109f3f0-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935239],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"destination.as.organization.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a2722160-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935240],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Autonomous Systems\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Threats](#/dashboard/8e383000-3309-11e9-aec0-c1d93190f676) | [Flows](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**AS Traffic**](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a44cb030-336a-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935241],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a4ade270-658e-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935243],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a6194580-2820-11ea-bb6a-cd9c0b9d2958","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935245],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a76ff350-55ba-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935247],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Conversation Partners","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a7a47e70-2fde-11e7-9d02-3f49bde5c1d5","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935249],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"client.as.organization.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a819b0c0-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935250],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI3OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"c89ecad0-5612-11e8-b8f4-81e5f5de0f37\",\"type\":\"calculation\",\"variables\":[{\"id\":\"cb30e760-5612-11e8-b8f4-81e5f5de0f37\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a8323470-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935251],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a8b68cb0-2fc8-11e7-8d8b-45ec51795dad","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935253],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Geo IP (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Geo IP (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Src/Dst](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c0e6b360-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935254],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"cc28fff0-801f-11e7-8a72-651c4183643b","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935256],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"flow.traffic_locality.keyword\",\"negate\":false,\"params\":{\"query\":\"public\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"flow.traffic_locality.keyword\":{\"query\":\"public\"}}}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_34\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_35\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"679d9f0b-e107-4903-bc59-f7d751de7704\"},\"panelIndex\":\"679d9f0b-e107-4903-bc59-f7d751de7704\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_679d9f0b-e107-4903-bc59-f7d751de7704\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"9f62e1e4-3e7f-4110-bf57-ef955d2b54c6\"},\"panelIndex\":\"9f62e1e4-3e7f-4110-bf57-ef955d2b54c6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_9f62e1e4-3e7f-4110-bf57-ef955d2b54c6\"},{\"type\":\"map\",\"gridData\":{\"x\":12,\"y\":9,\"w\":36,\"h\":33,\"i\":\"3bc0baf3-6b21-41d6-8758-49299d4f220a\"},\"panelIndex\":\"3bc0baf3-6b21-41d6-8758-49299d4f220a\",\"embeddableConfig\":{\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":31.19379,\"lon\":133.4277,\"zoom\":3.87},\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":true,\"mapBuffer\":{\"minLon\":90,\"minLat\":0,\"maxLon\":180,\"maxLat\":55.77657}},\"title\":\"\",\"panelRefName\":\"panel_3bc0baf3-6b21-41d6-8758-49299d4f220a\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":11,\"i\":\"6045ce35-ad49-469d-8388-d85fa5205d94\"},\"panelIndex\":\"6045ce35-ad49-469d-8388-d85fa5205d94\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_6045ce35-ad49-469d-8388-d85fa5205d94\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":31,\"w\":12,\"h\":11,\"i\":\"25621a58-e8ce-4123-ad52-1ac77089ada6\"},\"panelIndex\":\"25621a58-e8ce-4123-ad52-1ac77089ada6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut（已转换）\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"elastiflow-*\",\"name\":\"indexpattern-datasource-layer-714d2a3d-cce0-4bd4-b503-49f85428698f\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"714d2a3d-cce0-4bd4-b503-49f85428698f\",\"layerType\":\"data\",\"primaryGroups\":[\"2975e77c-bcb0-422f-a20a-4b3d2023f761\",\"60283919-4017-4f29-9053-467d9711c7b3\"],\"secondaryGroups\":[],\"metrics\":[\"5caafde7-349a-4ba7-8986-cb8c84020a8c\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"714d2a3d-cce0-4bd4-b503-49f85428698f\":{\"ignoreGlobalFilters\":false,\"columns\":{\"2975e77c-bcb0-422f-a20a-4b3d2023f761\":{\"label\":\"Country\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"geo.country_name.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5caafde7-349a-4ba7-8986-cb8c84020a8c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5caafde7-349a-4ba7-8986-cb8c84020a8c\":{\"label\":\"Bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2975e77c-bcb0-422f-a20a-4b3d2023f761\",\"5caafde7-349a-4ba7-8986-cb8c84020a8c\"],\"incompleteColumns\":{\"60283919-4017-4f29-9053-467d9711c7b3\":{\"operationType\":\"terms\"}}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]","timeRestore":false,"title":"ElastiFlow: Geo Location (client/server)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a932b600-2fd2-11e7-99ed-49759aed30f5","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"f16133a0-336a-11e9-aec0-c1d93190f676","name":"34:panel_34","type":"visualization"},{"id":"c0e6b360-336c-11e9-aec0-c1d93190f676","name":"35:panel_35","type":"visualization"},{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"679d9f0b-e107-4903-bc59-f7d751de7704:panel_679d9f0b-e107-4903-bc59-f7d751de7704","type":"visualization"},{"id":"cc28fff0-801f-11e7-8a72-651c4183643b","name":"9f62e1e4-3e7f-4110-bf57-ef955d2b54c6:panel_9f62e1e4-3e7f-4110-bf57-ef955d2b54c6","type":"visualization"},{"id":"0df73330-2815-11ea-bb6a-cd9c0b9d2958","name":"3bc0baf3-6b21-41d6-8758-49299d4f220a:panel_3bc0baf3-6b21-41d6-8758-49299d4f220a","type":"map"},{"id":"36e56dc0-801a-11e7-8b60-018ea0aa61a0","name":"6045ce35-ad49-469d-8388-d85fa5205d94:panel_6045ce35-ad49-469d-8388-d85fa5205d94","type":"visualization"},{"id":"elastiflow-*","name":"25621a58-e8ce-4123-ad52-1ac77089ada6:indexpattern-datasource-layer-714d2a3d-cce0-4bd4-b503-49f85428698f","type":"index-pattern"}],"sort":[1714616462017,8589935265],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"a9d0ba20-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935266],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ae3c66c0-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935267],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"bc2c73b0-5612-11e8-a8ff-859eba5de32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bf205f50-5612-11e8-a8ff-859eba5de32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ae9de1b0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935268],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b02faaf0-2fcb-11e7-8df8-b363df28ab61","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935270],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Direction (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Direction (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b2c9a3d0-658e-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935272],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b3ed2340-55e3-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935274],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b48fcce0-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935275],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b577fd40-55c8-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935277],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Sources - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Sources - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b58e1380-6719-11e7-b5b8-29fbded8e37c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935279],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Version (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935281],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources and Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b74bbb70-2fd6-11e7-a82c-3146dd695923","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935283],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"b88a8790-2fd7-11e7-bd03-932d3e38a4ff","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935285],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ba360b70-2820-11ea-bb6a-cd9c0b9d2958","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935287],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Services (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.service_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"beb869d0-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935288],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"95108cd0-5612-11e8-8cf4-f1fcac410c6e\",\"type\":\"calculation\",\"variables\":[{\"id\":\"97231920-5612-11e8-8cf4-f1fcac410c6e\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"bf600af0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935289],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzI5OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: IP Version (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c060cd30-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935290],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c0997620-55e3-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935292],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c3861b50-55ce-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935293],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Protocols (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c4f8cce0-55c8-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935295],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c6b36620-2fc8-11e7-87d6-cdce05879baf","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935297],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"host.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c7534460-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935298],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Client/Server (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Client/Server (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain.keyword\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c824e870-5629-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935299],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"73319730-5612-11e8-aef2-8d6be7224727\",\"type\":\"calculation\",\"variables\":[{\"id\":\"76164090-5612-11e8-aef2-8d6be7224727\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"c8e924d0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935300],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: NAV: Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV: Flow Records (client/server)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"top\",\"markdown\":\"[**Client/Server**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [Src/Dst](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n***\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f06e8450-336c-11e9-aec0-c1d93190f676","managed":false,"references":[],"sort":[1714616462017,8589935301],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":4,\"w\":29,\"h\":10,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":9,\"h\":10,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_9\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":10,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_12\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_13\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (client/server)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ca480720-2fdf-11e7-9d02-3f49bde5c1d5","managed":false,"references":[{"id":"644c9760-55db-11e8-a695-171fb712da36","name":"8:panel_8","type":"visualization"},{"id":"1d773d80-55dc-11e8-a695-171fb712da36","name":"9:panel_9","type":"visualization"},{"id":"53f4a4d0-55df-11e8-b711-83a5f93b17f3","name":"10:panel_10","type":"visualization"},{"id":"18a8f720-55dd-11e8-b711-83a5f93b17f3","name":"12:panel_12","type":"search"},{"id":"dc7a8e00-336a-11e9-aec0-c1d93190f676","name":"13:panel_13","type":"visualization"},{"id":"f06e8450-336c-11e9-aec0-c1d93190f676","name":"14:panel_14","type":"visualization"}],"sort":[1714616462017,8589935308],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMwOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"caea3760-6591-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935310],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Sankey Src/Dst (flow records) - vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sankey Src/Dst (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain.keyword\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain.keyword\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, ',.2s')\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' �� ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + ' flows (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"cd197750-562f-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935311],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"cdb8b440-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935312],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"670b6440-5612-11e8-b312-79bc7794402d\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6ac62250-5612-11e8-b312-79bc7794402d\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ce449a90-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935313],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Applications (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.application\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} pkts\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Applications (packets) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ce773100-55cb-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935314],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"sum\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.ip.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ce9157f0-8020-11e7-bcae-4bd056c878e8","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935316],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Services (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.service_name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"cebac580-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935317],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Version (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"network.type.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d1548dc0-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935318],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"host.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d2606630-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935319],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Cities (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"geo.city_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d3271c20-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935320],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMxOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"5b93e7e0-5612-11e8-b71a-cfa3c16427ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"5f2c77f0-5612-11e8-b71a-cfa3c16427ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"NOT destination.as.organization.name.keyword: private\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d45c0d50-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935321],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.traffic_locality.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d6729740-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935322],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fa3371f0-801a-11e7-b4bd-5b3ceedd298a","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935324],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_36\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_45\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_46\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":4,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":4,\"i\":\"49\"},\"panelIndex\":\"49\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_49\"},{\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"50\"},\"panelIndex\":\"50\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_50\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"51\"},\"panelIndex\":\"51\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_51\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"52\"},\"panelIndex\":\"52\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_52\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"53\"},\"panelIndex\":\"53\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_53\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"54\"},\"panelIndex\":\"54\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_54\"}]","timeRestore":false,"title":"ElastiFlow: Flows (client/server)","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d7124e80-5625-11e8-b711-83a5f93b17f3","managed":false,"references":[{"id":"95799400-55b3-11e8-a1f3-452446793d46","name":"36:panel_36","type":"visualization"},{"id":"69f4d440-8019-11e7-af24-27fa1061e1bd","name":"45:panel_45","type":"visualization"},{"id":"aa56f4e0-801a-11e7-a69e-1db8cf608fe4","name":"46:panel_46","type":"visualization"},{"id":"1094b850-336b-11e9-aec0-c1d93190f676","name":"48:panel_48","type":"visualization"},{"id":"88535d00-336c-11e9-aec0-c1d93190f676","name":"49:panel_49","type":"visualization"},{"id":"54525bd0-3373-11e9-aec0-c1d93190f676","name":"50:panel_50","type":"visualization"},{"id":"37a8b330-8019-11e7-af24-27fa1061e1bd","name":"51:panel_51","type":"visualization"},{"id":"47bf0c10-8019-11e7-af24-27fa1061e1bd","name":"52:panel_52","type":"visualization"},{"id":"1c1f5550-801a-11e7-8b60-018ea0aa61a0","name":"53:panel_53","type":"visualization"},{"id":"fa3371f0-801a-11e7-b4bd-5b3ceedd298a","name":"54:panel_54","type":"visualization"}],"sort":[1714616462017,8589935335],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":\"Source AS Private\",\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"source.as.organization.name.keyword\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"source.as.organization.name.keyword\":\"private\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"Destination AS Private\",\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"destination.as.organization.name.keyword\",\"params\":{\"query\":\"private\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.as.organization.name.keyword\":\"private\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":15,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_34\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":15,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Source Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_36\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_39\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":24,\"w\":24,\"h\":15,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Destination Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_40\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":24,\"w\":24,\"h\":15,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Source Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_41\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"42\"},\"panelIndex\":\"42\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\",\"panelRefName\":\"panel_42\"}]","timeRestore":false,"title":"ElastiFlow: AS Traffic","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d7e31d40-6589-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"9271c180-55cf-11e8-a695-171fb712da36","name":"34:panel_34","type":"visualization"},{"id":"290d5be0-55d0-11e8-a695-171fb712da36","name":"36:panel_36","type":"visualization"},{"id":"e3c2e2c0-5607-11e8-b711-83a5f93b17f3","name":"39:panel_39","type":"visualization"},{"id":"d45c0d50-5613-11e8-b711-83a5f93b17f3","name":"40:panel_40","type":"visualization"},{"id":"854eee30-5613-11e8-b711-83a5f93b17f3","name":"41:panel_41","type":"visualization"},{"id":"a44cb030-336a-11e9-aec0-c1d93190f676","name":"42:panel_42","type":"visualization"}],"sort":[1714616462017,8589935344],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client AS\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"d8ab4a30-55c6-11e8-a1f3-452446793d46","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935346],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Version (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.type.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"da14d960-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935347],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Services (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"da47ecc0-55d2-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935348],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"dccd45d0-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935349],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"ZFlow\",\"type\":\"exists\",\"key\":\"ipfix.ziften_agent_guid\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Commands (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Commands (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"de88ee40-33af-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589935352],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Ports (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"de9b3dd0-2fc8-11e7-844c-67b9b101127b","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935354],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"host.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"deb4d510-55d8-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935355],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"df88de80-801f-11e7-8a72-651c4183643b","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935357],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"![](https://songxwn.com/images/favicon.png)\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e10b84a4-ad36-4014-b3e2-98e47189023c","managed":false,"references":[],"sort":[1714616462017,8589935358],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: VLANs (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e12188f0-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935359],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Server Autonomous Systems (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"ElastiFlow: Server Autonomous Systems (bits/s) - TSVB (stacked area)\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e160f860-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935360],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Version (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.type.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e2f1d4c0-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935361],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"bytes\"},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e2f43d10-6591-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935363],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destinations (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"destination.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e68a40f0-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935364],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"0c862c80-5612-11e8-9c03-ebe615bd9c32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"142047a0-5612-11e8-9c03-ebe615bd9c32\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"client.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}p/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e71599c0-5613-11e8-b711-83a5f93b17f3","managed":false,"references":[],"sort":[1714616462017,8589935365],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzMzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\",\"pattern\":\"0\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935367],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: VLANs (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.vlan.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"eab88580-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935368],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ead75f80-55cd-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935369],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"eada0e30-801f-11e7-8a72-651c4183643b","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935371],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Server Autonomous Systems (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"server.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ec11c960-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935372],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Platforms (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Platforms (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.ziften_platform\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Platform\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ef3b6010-33af-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935374],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Destination Ports - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Destination Ports - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.dst_port_name.keyword\",\"orderBy\":\"2\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ef7699a0-6719-11e7-b5b8-29fbded8e37c","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935376],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destinations (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"destination.domain.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f058c840-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935377],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Ingress Interfaces (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_ifname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress Interface\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f11380e0-6591-11e7-bfc3-d74b7bb89482","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935379],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Cities (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"geo.city_name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f15da330-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935380],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Server Autonomous Systems (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"server.as.organization.name.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f262c2b0-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935381],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"network.transport.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f279d050-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935382],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.traffic_locality.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f4939a80-55d1-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935383],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: VLANs (bytes) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.vlan.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f54e7b80-55d0-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935384],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Traffic Locality (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Traffic Locality (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f6be96c0-622f-11e7-abbc-93bb293f5057","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935386],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f8731d50-2fd6-11e7-97a8-85d8d5a99269","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1714616462017,8589935388],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Destinations (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"destination.domain.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"f98654a0-55d7-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935389],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"server.as.organization.name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fa17b8d0-55cf-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935390],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: Cities (packets) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"geo.city_name.keyword\",\"terms_size\":\"50\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fb44e2a0-55d9-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935391],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"ElastiFlow: IP Protocols (flow records) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Protocols (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"network.transport.keyword\",\"terms_size\":\"50\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\",\"axis_scale\":\"normal\",\"isModelInvalid\":false,\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"fe07e1f0-55d3-11e8-a695-171fb712da36","managed":false,"references":[],"sort":[1714616462017,8589935392],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"ipfix.ziften_agent_guid\"},\"meta\":{\"alias\":\"ZFlow\",\"disabled\":false,\"key\":\"ipfix.ziften_agent_guid\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ZFlow - Users (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ZFlow - Users (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0]a\"}},\"params\":{},\"aggType\":\"sum\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ipfix.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":35,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-02T02:21:02.017Z","id":"ff6edde0-33af-11e9-aec0-c1d93190f676","managed":false,"references":[{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1714616462017,8589935395],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-05-02T02:21:02.017Z","version":"WzM2MCwxXQ=="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":338,"missingRefCount":0,"missingReferences":[]}